Installer policy not suppressing alerts for installer child processes [M396]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Yes, every time.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
  1. Untick sandbox unknown applications as
  2. Set a program that launches other programs as installer or updater in defense+ application rules.
  3. Upon launching the program you will get defense+ prompts for the child processes.
    Example programs: Launchy (application launcher), SharpDevelop IDE ICSharpCode · GitHub
  4. The installer/updater policy on CIS v7 works fine (alerts for child processes are suppressed) UNTIL the parent process is terminated.
  • If not obvious, what U expected to happen: When an application is configured as installer or updater in defense+ you shouldn’t be getting any defense+ prompts for the processes that it creates.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version: No
  • Any other information, eg your guess at the cause, how U tried to fix it etc:Tried reinstallation, use other defence+ modes besides safe mode but nothing at all.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    I have attached an active process screenshot from v5. I have installed v5 again because I really need this feature. Sorry I can’t provide any CIS configs or diagnostics (these are not relevant with the issue anyway.).

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.1.276867.2813 - proactive config

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: Only auto-sandboxing is disable. (Untick ‘autosandbox unknown applications as’)
  • Have U made any other changes to the default config? (egs here.): No
  • Have U updated (without uninstall) from a CIS 5?: No
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS: No
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7 x64 , UAC Off, Admin account, VM not used
  • Other security/s’box software a) currently installed b) installed since OS: a=None b=None

[attachment deleted by admin]

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post:

A.3 Please give a specific example of a program which shows this problem, with a download link
A.8 Please append a) Your ‘Watch Activity’ Process list b) Your CIS config file c) Your CIS diagnostics file
B.3 Please answer, in particular check of you have changed any installer-related settings in File Rating, and BB settings
B.7 b) Please answer

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again


Regarding A8: Sorry I have installed v5 again. These are irrelevant though. It’s the same on all PC’s in the family and of my friends. It seems that the Installer or Updater policy is the same as Windows System Application policy.

OK would you please append the version 5 Active Process List instead, explaining why you have had to append it instead, then I can forward to Format Verified.

I confirm this happens on my machine with Launchy. I have clarified your steps to replicate, as it only happens if autosandboxing is unticked. Hope that’s OK

I have update my post and attached a screenshot of the active processes. I hope everything is ok now and this issue is fixed on the next version :slight_smile:

Thanks you for your help, which is much appreciated.


Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


Also registered as a loss from v5

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Not fixed with CIS 6.2. Back to v5 again…

Thanks for checking this.

I’ve updated the tracker.

For this bug, does it work the first time if something is made an installer from the alert?


No it never works… Same with 6.3.294583.2937

Thank you.

I have updated the tracker.

The devs have informed me that they believe that this is fixed for CIS version 7.0.313494.4115. I will therefore move this to Resolved.

If this is still not fixed for you please both respond to this topic and send me a PM (including a link to this bug report).

Thank you.

Sadly is NOT fixed in v7. Clean install as always proactive config, firewall policy set to custom, defence+ set to safe and sandbox is disabled. Using the same configuration from v5 to v7 and only in v5 the installer/updater policy works properly. Back to v5 again…

Thanks for checking this. I have re-opened this in the tracker and will move this post back to format verified.

Thanks again.

I have an update regarding this issues. When I read that you have been informed by the devs that this issue is fixed I started to believe that I should do more tests so I did. I found that the installer/updater policy on CIS v7 works fine (alerts for child processes are suppressed) UNTIL the parent process is terminated. On the other hand on CIS v5 alerts for child processes are suppressed for each child process until its self is terminated.

I believe that the problem is HALF fixed and it should be working like in v5.

Thank you for checking this. I updated the tracker with this new information.

Thanks again.

The devs have asked that I request you to create a video of what you are seeing for the case where the parent process is not terminated. Please create this video and provide a link where I can find it.

If you have any questions, either about how to create this or about exactly what they are looking for, please feel free to ask.