There seems to be a serious problem with the image execution control. When I start any application xy.exe there are 3 sorts of popups
- explorer.exe is trying to execute xy.exe
- xy.exe ist trying to execute xy.exe
- xy.exe accesses the com interface (just an example)
However, for no apparent reason, sometimes the popups 1 or 2 (especially this one) or both are missing and only the third (and any subsequent popups) shows up. I made sure that the applications I tested didn’t already have rules (including those of explorer.exe) or were whitelisted or in “my safe files”.
This happens in clean pc mode, safe mode and paranoid mode alike. When I start a application considered safe, the balloon messages sometimes don’t show the rule “xy.exe ist trying to execute xy.exe” as learned and I checked to confirm that no such rule is created. If I quit and start the same program again, the rule gets created this time around.
This behavior happens very often, about half of the time. Most often this happens when I have allowed an application (without remembering), quit it and immediately start it again. But sometimes it also happens when running a program for the very first time.
That can obviously be a huge security risk. If you connect an usb stick and have autorun enabled, you cannot prevent a malicious program from executing (although you may be able to stop everything bad it does, but why take that risk?)
Diagnostic utility didn’t show an error. I had an older version of Comodo Firewall Pro on the computer previously, but deinstalled it and did a clean Install of CIS 3.8.
I’m surprised no one else has reported this yet. Could this be a problem only I have?
Either way, I hope you look into this and get this fixed / tell me what I did wrong. Thank you!
- CPU: Pentium Dual-Core E2180
- OS: Windows XP Home 32 Bit SP 3
- superantispyware, malwarebytes anti-malware, spybot and spyware blaster, but only on demand, not running
4 + 5 See above
- Proactive security as basic, image execution control on aggressive, BO protection on, the file group “executables” in the files to check section, explorer.exe on custom