HIPS rules disappear randomly [M1897]

Huh? How would i do that?

From list of installed programs, you have the following : “Junction Link Magic 2.0”.
You should check if there’s anything that involves CIS path (eg program files, etc).

None of the links point to C:\Program Files or C:\Program Files (x86). Is that Ok?

A screenshot might be useful. :slight_smile:
How about C:\Windows\ ?

Junction magic shows just 4 or 5 rows at a time and does not output to a text file. However, i found that NTFSLinksView does and i´m sending the html it produces.

[attachment deleted by admin]

Could you attach another diagnostics report?
Thank you.

Same here. Hips rules list gets empty with each restart. I am on windows 10 64 bit with logs of Too long process chain in event viewer for cmdagent. Maybe it doesn’t close fast enough and windows kills it?

EDIT: What i just noticed after a bit messing around is that rules are actually there now. Sometimes when you launch the application and go to check rules it shows as empty but if i close and go back it’s showing. This improved behavior with rules being there but not showing started after i re enabled cloud lookup i think, so if it’s off for you might want to try it. Not convinced that was the fix or if it’s permanent but whatever.

Here you go.

[attachment deleted by admin]

@rotulos1, could you confirm this behavior (see below quote)?

I can not confirm that behavior while using SAFE mode, at least i don´t remember happening. I DO remember rules disappearing even if no changes have been made to HIPS settings.

However, i can confirm 100%, none of that behavior happens and rules don´t disappear while in PARANOID mode.

Have you the box ticked for Create rules for safe applications?

In Paranoid Mode this would make no difference but when you change to Safe Mode all rules would disappear.

Dennis

Huh? Whaaaaaat? Yes it is ticked but, all rules would disappear? why? bug?

Wait, what?

If it was not ticked in Safe Mode it would not save any rules also all manual ones you make would be removed.

The intention of this is, if you have lots of rules all have to be checked to find the correct one which can slow down your system.

This is no so important in the current version of CIS but older version once you had 200+ rules everything tended to slow down.

Dennis

Well, that is not ok, it even erase rules defined from the original profile. Like the rules for SYSTEM.

I noticed that as well, but the cloud lookup is not the responsible for this issue.
Maybe I just figured it out why this issue happens.
If the cmdagent.exe are in use when you order Windows to reboot/shutdown the PC then this issue occurs. Maybe the own Windows force kills the process and this makes the configurations to corrupt? I think it is. What I’m doing before I reboot or shutdown my PC is to check if the process cmdagent.exe are in use (by looking at the CPU usage) on the task manager. If it is just wait until this process become idle to reboot or shutdown the machine.

Please continue discussion here:
https://forums.comodo.com/bug-reports-cis/hips-rules-disappear-randomly-most-of-the-time-under-safe-mode-t113175.0.html

Thank you.

  1. Disable ‘Viruscope’
  2. Disable ‘File Source Tracking’
  3. Try to replicate issue

Ok, but… May I ask why? :expressionless:

It’s the same issue from my understanding.

Yeah, indeed it is. I was just replying here because it’s my topic. But ok, I’ll discuss on the other topic. Sorry.