Image Execution Control has serious bug (3.8.64263.468 x32, virus database 975)

Hello everyone!

There seems to be a serious problem with the image execution control. When I start any application xy.exe there are 3 sorts of popups

  1. explorer.exe is trying to execute xy.exe
  2. xy.exe ist trying to execute xy.exe
  3. xy.exe accesses the com interface (just an example)

However, for no apparent reason, sometimes the popups 1 or 2 (especially this one) or both are missing and only the third (and any subsequent popups) shows up. I made sure that the applications I tested didn’t already have rules (including those of explorer.exe) or were whitelisted or in “my safe files”.
This happens in clean pc mode, safe mode and paranoid mode alike. When I start a application considered safe, the balloon messages sometimes don’t show the rule “xy.exe ist trying to execute xy.exe” as learned and I checked to confirm that no such rule is created. If I quit and start the same program again, the rule gets created this time around.
This behavior happens very often, about half of the time. Most often this happens when I have allowed an application (without remembering), quit it and immediately start it again. But sometimes it also happens when running a program for the very first time.
That can obviously be a huge security risk. If you connect an usb stick and have autorun enabled, you cannot prevent a malicious program from executing (although you may be able to stop everything bad it does, but why take that risk?)

Diagnostic utility didn’t show an error. I had an older version of Comodo Firewall Pro on the computer previously, but deinstalled it and did a clean Install of CIS 3.8.

I’m surprised no one else has reported this yet. Could this be a problem only I have?

Either way, I hope you look into this and get this fixed / tell me what I did wrong. Thank you!

  1. CPU: Pentium Dual-Core E2180
  2. OS: Windows XP Home 32 Bit SP 3
  3. superantispyware, malwarebytes anti-malware, spybot and spyware blaster, but only on demand, not running
    4 + 5 See above
  4. Proactive security as basic, image execution control on aggressive, BO protection on, the file group “executables” in the files to check section, explorer.exe on custom
  5. Administrator

This has always happened with image execution control on aggressive. I think it is due to it intercepting prefetching/caching. The alerts do not always appear if there is no prefetching/caching. I don’t think it causes a problem but it is annoying having extra pop-ups.

I have had Image Execution Control Settings set to Aggressive on 4 computers, 3 Vista and 1 XP, ever since Comodo incorporated it into CIS, and have not experienced any excess popups. I do have all the software vendors for all my installed software that has a signed executable, added into the My Trusted Software Vendors list. I don’t know if this helps cut down on\prevents this problem with excess popups or not.