Installer/Updater policy only works for one execution [V6][M425]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Every time given the same system/config.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a) Start an unknown program
    b) assign+remember the Installer/Updater policy when prompted(works).
    c) Terminate and restart same program with saved Installer/Updater policy(doesn’t work – mimics Windows System Application policy instead).

This will only work properly if the remember my decision checkbox is unchecked and you select installer/updater for every time you execute the parent process. If you have it checked and it never asks you again, the installer/updater policy is functionally downgraded to Windows System Application.

  • If not obvious, what U expected to happen: Second execution of remembered program should be given the full Installer/Updater policy.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version:
  • Any other information, eg your guess at the cause, how U tried to fix it etc: I can only guess that the Installer/Updater policy gets saved with a PID, and if the PID does not match, the policy is downgraded.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: Firewall Product, v6.1.276867.2813

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: HIPS, Paranoid Mode; Auto-sandbox, disabled; Firewall, Custom Ruleset; AV, not installed.
  • Have U made any other changes to the default config? (egs here.): enhanced protection mode enabled, cloud lookup disabled, trusted vendors disabled
  • Have U updated (without uninstall) from a CIS 5?: No
    [li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS: No
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7 SP1, 64-bit, UAC disabled, admin type account, no virtualization
  • Other security/s’box software a) currently installed b) installed since OS: a=none b=CIS5, CIS4
    [/ol]

Additional information post
A video of this issue is also attached to this post.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

If it was the version that was released about a week ago, the issue still persisted. But I didn’t expect it to be fixed at this point because I had barely finished a PM conversation with a “Quality Assurance” Comodo-member of the forums. I had sent him my tester program that I had developed just for this one bug.

Yes, that was the version I was referencing. I was just checking with everyone who had not commented since the last version was released. I’m trying to keep the bug reporting more interactive and get a better idea of which bugs are not yet fixed.

Thank you very much for your quick reply. I will update the tracker.

Appears unchanged for Firewall Product Version: 6.2.285401.2860

BTW, this appears to be related-to or a duplicate of https://forums.comodo.com/format-verified-issue-reports-cis/installer-policy-not-suppressing-alerts-for-installer-child-processes-m396v6-t94843.0.html

The only main difference is that I mention the fact that the policy will work once, where the other topic assumes it never works. (Because they manually set the policy instead of an alert dialog setting the policy)

Can you please be more specific as to what you mean when you say that it works, or that it doesn’t work?

My original post links to a topic that I posted in which gives a much more detailed explanation instead of an abstract.

https://forums.comodo.com/defense-sandbox-help-cis/cis-v6-developer-usage-t95368.0.html;msg687494#new

The testing there and explanation is what prompted me to write this bug report to begin with.

Same behavior for:
Version 6.3.294583.2937
24 September / 2013

Will only work properly if the remember my decision checkbox is unchecked and you select installer/updater for every time you execute the parent process. If you have it checked and it never asks you again, the installer/updater policy is functionally downgraded to Windows System Application.

Thank you.

I have updated the tracker.

I was asked by PM to attach a video illustrating the issue described in this bug post.

In case it is not evident, Comodo should not be showing alert questions during the red-highlighted checklist item in the video(procedure 2). The second time the main process is started should have zero alerts, just like the first time the process is run during procedure 2.

[attachment deleted by admin]

Thank you. I have also attached that video to your first post, just to keep everything concise and up-to-date.

Version 6.3.300670.2970 12 November / 2013

[FIXED] ‘Installer or Updater’ ruleset does not apply to child processes
[FIXED] ‘Restart Computer’ window does not appear after changing CIS configuration and further upgrading Windows from 8.0 to 8.1
[FIXED] ‘Hardware installation’ error window appears during CIS installation

This was seemingly directed towards a bug like in this report… but I cannot verify that the bug was fixed. I get the same bad behavior with my test application(in the video) and Visual Studio. The child processes they spawn create alerts when performing protected actions.

Thank you for checking this.

I have updated the tracker.

In HIPS I made Steam “Installer or Updater” I then installed a game and launched it through Steam and then I got HIPS alerts for the game… so if I understand “Installer or Updater” correctly then it’s still broken.

Another someone asked me for the program that I used in the video I posted… so I am attaching it here.

It’s not perfect as depending on your CIS configuration, it may cause alerts before it does in my video… but it will have to do. .NET programs, even console ones, will unavoidably cause early alerts just by running… so if you see any appear in practice before you do in my video, just accept them.

As a side note, this bug still exists in v6.3.302093.2976

[attachment deleted by admin]

In the tracker this is now marked as Fixed. Could someone who is running CIS version 7.0.308911.4080 Beta please check and see if it is fixed for that version?

Thanks.

Thank you for supplying the application.

After testing it several times I can confirm that the “Installer or Updater” policy in CIS V7 BETA has been fixed.

After many issues** I’ve been able to make a video demonstration which can be found here: Checking if "Installer or Updater" policy is fixed in CIS 7 - YouTube

**You may ask “What issues?” Well I’m glad you ask!
First recording: Accidentally gave explorer.exe installer/updater policy and video became 17 minutes long… so I scraped it.
Second recording: At the end of Procedure 2 where I redo procedure 1 I was very confused because it was still allowed to do everything even without a rule… ended at 20 minutes… so I scraped it.
Third recording: I don’t even know what happened here… I think the whole world had a glitch that gave extremely weird results for everything… either way that video ended at 30 minutes… so I scraped it… I wish I hadn’t because now I wanted to watch it again to see what the hell happened…
Fourth recording: The one that I uploaded to youtube, which is where I understood why everything happened as it did and was able to make a fairly short video on it.

But yeah the bug reported in this thread has been fixed as confirmed by me with video proof, I suggest mods do not move this to the resolved part until checking out the video, just a little request from me, just in case I somehow fudged up.

Regards,
Sanya IV Litvyak.

Sanya, thank you for testing this. In that case, as this appears to be fixed for CIS version 7.0.308911.4080 Beta, I will move this post to Resolved.

If it re-appears in a later build please let me know and I can move this back for processing.

Thank you.

Also jljtgr, could you please watch the video to verify that I carried it out correctly? If you notice something I did wrong please point it out so that I can redo the video with any eventual corrections to see if I still get the same result.