A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, every time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
Create any executable file.
Name it as an interpreter: wscript.exe, mshta.exe, java.exe etc.
Execute it sending in command line the path to another file. E.g.:
- Open the “Active Process List” and notice that the executing program it taken for another file
One or two sentences explaining what actually happened:
This is a critical fail of “Heur Cmd-Line Analysis”. Through this fail any program can be granted privileges of the other.
It is the simplest way to bypass Comodo firewall!!!
The program doing that is attached to the post.
One or two sentences explaining what you expected to happen:
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how you tried to fix it etc:
I had tried to allow executing interpreters only by theirs paths, e.g.:
“HIPS rules” > “All applications” > “Run an executable”
But it doesn’t work in the virtual space. Some malicious file can substitute for the file “%PROGRAMFILES%\Java\jre8\bin\java.exe” virtually. So in the virtual space this file can be executed.
B. YOUR SETUP
Exact CIS version & configuration:
Configuration: Proactive Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
“Do not show antivirus alerts”: disabled
“Create rules for safe applications”: disabled
Auto-Sandbox: Enabled, default rule set
Firewall: Safe Mode
Have you made any other changes to the default config? (egs here.):
Have you updated (without uninstall) from CIS 5 or CIS6?:
Have you imported a config from a previous version of CIS:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win7x64SP1 (VMware), Admin, UAC is enabled
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
[attachment deleted by admin]