HIPS spamming with pop ups.

Eipamittaan · May 11, 2021, 4:03pm

C_powershell.exe is spamming me now for 3 days. It is supposed to be cis own files, yet it asks me time and time again is it allowed to this or that. One night I spent 30 minutes pressing allow, when it just pops up another. after another. I have no idea how to stop this madness. it is persistent and won’t leave my screen unless I react to the popup. It is preventing me form gaming or working, bc it is just there.
What are these files and how do I make it stop?

Ploget · May 11, 2021, 4:41pm

Intended protection behaviour. See details here:

https://forums.comodo.com/news-announcements-feedback-cis/why-are-all-these-comodocreated-batch-files-getting-sandboxed-t117693.0.html

Eipamittaan · May 17, 2021, 7:21am

How do I solve this spamming issue? I still have to one by one to mark them allowed or blocked?

Eipamittaan · May 21, 2021, 3:10am

There is not a solution. Now I got over 1600 requests. How am I gonna review them one by one, when every one of them requires at least 2 more clearance. (can it modify, can it read) BC I haven’t done the impossible task now powershell is not working at all. I get an error 0x0000142, and powershell is unable to start correctly. How do I set a rule to the powershell to work as intented?

kyl · May 21, 2021, 5:20am

you can setup ignore rule for that or simply disable HIPS and play around adjusted Auto Containment settings
:P0l

CISfan · May 21, 2021, 9:53am

I think someone (Mods Staff Users) needs to provide some clear guidelines how to solve script issues like these.
There are more users who do not know how to deal with script issues, it can be a real pain to solve it.

MikeDiack · May 21, 2021, 12:55pm

I have to agree. I’m a Visual C++ developer, and for some build tasks (invoked by MSBuild), Visual Studio runs certain powershell scripted activities. Comodo keeps kicking in and sandboxing them. Any practical thoughts?

DecimaTech · May 21, 2021, 3:11pm

There is only 3 options to deal with embedded code detection, two of which require you to figure out what process is starting these code turned into scripts, and creating the appropriate auto-containment or HIPS rule for that process. While the final option is to just turn off embedded-code detection of the interpreter that the scripts are run by.

CISfan · May 21, 2021, 4:54pm

Without guidelines that being the most difficult (and maybe impossible) task for the novice and average users.

CISfan · May 22, 2021, 10:25am

Which in turn would weaken the script protection for that interpreter.

C.O.M.O.D.O_RT · May 23, 2021, 9:39am

Hi Eipämittään,

Thank you for reporting, We are checking this.