List of current bugs discussion

CISfan · January 21, 2024, 6:33pm

Any feedback from staff on above matter regarding sweeping bugs under the rug?

DecimaTech · January 23, 2024, 3:05pm

The only bugs that were fixed are bugs 4. and 24. Bug 22 was never an issue on Windows 10/11. Bug 34. doesn’t happen on Windows 11 but I do remember it happening on Windows 10 so it can be marked “fixed” even if they didn’t do any changes to how VD is run.

CISfan · January 23, 2024, 8:03pm

Why does Comodo Staff not respond on my replies?

It is Comodo business as usual, bring the reported issues to the team, the team is working on it, we keep you posted… but nothing comes out… Comodo keeps denying reported problems as they always did.
It’s a slap in the face of CIS users…

C.O.M.O.D.O_RT · January 24, 2024, 6:58am

Hi CISfan,

We can understand your circumstances and expectation towards cis improvement.
The team is working hard to fix these issue .
Kindly support us.

Thanks
C.O.M.O.D.O RT

CISfan · January 24, 2024, 10:22am

C.O.M.O.D.O_RT:

Hi all,

Below are the bugs(From list of current bugs ) which are tested and couldn’t able to reproduce in the CIS beta v12.3.1.8104 Beta.
1.Silent mode firewall silently blocks network access for unrecognized applications and does not log the block
4. HIPS/Sandbox bypass with SetVolumeMountPoint and DeleteVolumeMountPoint. The fix would be to hook the SetVolumeMountPoint and DeleteVolumeMountPoint WinAPI functions and treat it as a form of direct disk access like CIS does for the DefineDosDevice API function. That way you get a HIPS alert for direct disk access and it would be auto blocked when run in containment anytime an application calls these functions.
6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I will not be detected.
15. Can’t paste IPv4 address in global and application rules, it only works in network zones.
16. Autorun analyzer and killswitch do not perform file rating lookup of files.
17. AV still scans executable files even when the executable is listed under scan exclusions
20. HIPS rules will get corrupted by being completely erased when a new rule is being created during system shutdown, such as when HIPS is in training mode or create rules for trusted applications is enabled in HIPS settings.
22. Contained applications can add/remove/change user accounts and groups, prior versions did not allow such action.
24. Microsoft Edge can not open any website or page when sandboxed .
25. Sometimes the CIS tray notification icon does not render and leaves an empty space. Topic link: Comodo Firewall systray icon invisible [M2419]
26. Windows security center does not always recognize CIS being active or enabled. Topic link: Windows security center does not always recognize CIS
28. CIS will constantly inform of a new update is available even when the latest version is installed, happens after updating to a new version using the internal program updater. Various posts reporting this issue scattered throughout, can’t be bothered to find all previous posts, but most recent topic here: Comodo version 12.2.2.2.8012 wants to install over and over and over again??
35. The Anti-virus will not scan files larger than 40 MB even when the setting “Limit maximum file size to” in the scan profile is disabled. The AV should scan all files regardless of size unless the option is used to limit the maximum file size that the AV should scan.
39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
40. High CPU usage of cmdagent.exe process when a RAM drive is in use. Topic link.
Kindly check and let us know your feedback
FYI: Reproduced bugs are reported to the dev team and they are working on it.
There are few bugs which doesn’t have enough information to reproduce, however we are testing on it. We will update those bugs which needs more information to reproduce.

Thanks
C.O.M.O.D.O RT

Your statement means that Comodo will take no further actions to resolve these above bugs because the team isn’t able to reproduce those bugs while Comodo knows that these bugs are still present in CIS codebase and these bugs will linger on in CIS codebase forever, right?
Or am I missing something here?

infosec · January 24, 2024, 11:36am

Thank you for the global feedback, but unfortunately it remains quite unspecific. Appreciate the start @DecimaTech made here: List of current bugs discussion - #287 by DecimaTech and here: List of current bugs. However, as also @CISfan has asked for repeatedly, I think all beta-testers and especially the bug-submitters are awaiting a full official status update on all 42 reported bugs, as promised by @ilgaz last November: Comodo Internet Security 2024 v12.3.1.8104 beta - #201 by ilgaz. By having all in one place, such a detailed and up-to-date bug status overview could also be of help to the CIS development team in preparation for their upcoming third 2024 beta. Thanks in advance!

C.O.M.O.D.O_RT · January 24, 2024, 12:33pm

Hi CISfan,

We didn’t mean that we won’t take further actions to resolve these bugs.
As we couldn’t able to reproduce these bugs with the CIS beta version, so if you guys were able to reproduce with the CIS beta version. Then provide us the steps to reproduce so that we will test and fix it.
However @DecimaTech has provided steps to reproduce to the above issues(No: 1, 6, 15, 16, 17, 20, 25, 26, 35, 40) and we are testing on it.
@DecimaTech Thank you for supporting.

Thanks
C.O.M.O.D.O RT

CISfan · January 25, 2024, 11:03am

Why does Comodo keep telling to CIS users to report the same already existant and uncountable numerous times reported bugs over and over again??? Just because Comodo can’t “reproduce” those bugs???
Why can’t Comodo Team reproduce those bugs when @DecimaTech can reproduce those bugs in current CIS codebase and even telling you how to reproduce them???
Like I said before, these bugs are still present in CIS codebase and with Comodo refusal to fix them they will stay in CIS codebase forever…

C.O.M.O.D.O_RT · January 29, 2024, 8:35am

Hi DecimaTech & All,

1.Silent mode firewall silently blocks network access for unrecognized applications and does not log the block
We have tested the above issue with CIS beta and found that Silent mode firewall silently doesn’t blocks network access for unrecognized applications.
Refer the attached pic

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O_RT · January 29, 2024, 8:45am

Hi DecimaTech & All,

Embedded-code detection for misexec.exe does not work so msiexec.exe /I will not be detected.
We have tested the above issue and couldn’t able to reproduce it.
So we need the reproduction video of the issue so that the team will see and reproduce it.

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O_RT · January 29, 2024, 10:24am

Hi DecimaTech & All,

Can’t paste IPv4 address in global and application rules, it only works in network zones.
The above issue is reproduced and reported to the team.
Thank you @DecimaTech for providing the steps to reproduce this issue.

Thanks
C.O.M.O.D.O RT

DecimaTech · January 29, 2024, 2:54pm

Interesting but my screen shot shows that the google web installer can not connect to download chrome after I set google llc as unrecognized in the vendor list and switched to silent mode.

C.O.M.O.D.O_RT · January 29, 2024, 3:01pm

Hi DecimaTech,

Seems like you tested with only firewall installed.
Let me test this case with only firewall installed and update you

Thanks
C.O.M.O.D.O RT

DecimaTech · January 29, 2024, 3:08pm

As I said in PM, using a URL to a msi package it won’t detect execution. Again for reference launch powershell or windows command prompt, then enter the following command with cloud lookup disabled:

msiexec.exe /i https://www.7-zip.org/a/7z2301.msi

C.O.M.O.D.O_RT · January 30, 2024, 10:13am

Hi DecimaTech,

Thank you for providing the information.
We reproduced this issue and reported to dev team.

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O_RT · January 31, 2024, 7:09am

Hi DecimaTech,

Could you please check with installed browser ? not installer.
However we are testing your case.

Tahnks
C.O.M.O.D.O RT

DecimaTech · January 31, 2024, 4:39pm

It doesn’t matter what application is used, as long as the application tries to make outgoing network connection requests, it will be silently blocked without even creating a block event in the firewall event logs. It also doesn’t apply just to unrecognized applications, as you can set the firewall to custom ruleset mode, and watch the failure to make a connection.

@C.O.M.O.D.O_RT It just occurred to me that the defaults for the Internet security configuration has the do not show alerts: allow requests enabled in firewall settings. I use the proactive configuration which does not have this option enabled. So please check with the proactive config.

Varan-de-C0m0d0 · February 7, 2024, 3:28pm

Hi C.o.m.d.o RT,

I hope you are feeling well and that you are not burned out or depressed.

People who work in Cyber Security are often on a knife edge. Don’t forget to take some rest.

Today, I am contacting you to ask you why, when I presented on the page specific to CIS 2024 beta all the new bugs that I encountered with it, did you not tell me to come and present them here?

It might have been more effective for you.

Was this page better or the other?

Citizen_K · March 8, 2024, 4:20am

OMPHALOS · March 21, 2024, 12:08am

What about fixing boot crash caused by GPO Early Launch AntiMalware when it is set to Good only.
The description of the Policy is: - Good: The driver has been signed and has not been tampered with.