As we always say CIS is not dead. Development plans are still going on.
We have already confirmed and provided these list of current bugs to the developers and few bugs are already fixed & yet to be released. Among them we couldn’t reproduce 6 issues, but still they were brought to developers notice. 6. Embedded-code detection for misexec.exe does not work so msiexec.exe /I will not be detected. 13. Infinite loop of cloud scanner detection when executing an application that is detected by cloud scanner file lookup. Choosing clean or any of the ignore options will still bring up the alert and you can’t do anything else unless you hard shutdown the system. 17. AV still scans executable files even when the executable is listed under scan exclusions. 19. Network zone or firewall rules using a host name is unusable as the firewall will use all IP addresses in range from lowest resolved IP to highest resolved IP, instead of just the IP’s belonging to the domain. e.g. . So every IP address within that range will be blocked if you created a block rule based on host name type or used blocked network zones with host name type. However in the registry there is another value called Addrs that does contain a list of IP addresses that do pertain to the domain. But it seems it is not used yet? 21. HIPS rules using environment variables are not handled correctly as alerts will still be shown for applications that already have rules in place. One example is using paranoid mode and still getting alerts for svchost.exe and from explorer.exe to access keyboard despite rules already set to allow. Another example which is kind of related to bug 8. listed previously, using paranoid mode while executing applications on removable media or mounted volumes. When explorer HIPS file path rule is defined using the environmental variable %windir% (default HIPS rule), HIPS will always ask to execute the same application. Changing the HIPS rule path to C:\Windows does not alert again. 39. Firewall blocks outgoing connection requests for trusted applications at system startup if they attempt network access before CIS UI is loaded(cis tray and alerts UI processes) causing many blocked events in the firewall log for those trusted rated applications.
So, Could you please provide us the related forum link or step to reproduce of above mentioned 6 issues for further investigation.
11. Firefox and IE a blank page is shown instead of the Comodo block page when blocking/asking for HTTPS URLs.
And the issue no-11 won't be fixed as the developer has said that there is no way to show block page for https url ,because it is encrypted and we can only block it.
Comodo Antivirus 12.2.2.8012 has a quarantine flaw
Description
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.
this is really good to know but please, dont take me wrong and dont be sad about it but this kind of answers we are getting for atleast 1 year. I understand many things and I will stay quit, waiting for things to show up, but then again, say that development is kicking is not enough to make us relaxed
anyway, thank you for be here, always, trying to bring some info, even if not news, but still, youre trying to do your best with what they bring to you. so thank you.
enable embedded code detection for msiexec and open a command or powershell prompt, then enter msiexec.exe /i url to msi package e.g. https://d3.7-zip.org/a/7z2201-x64.msi
install firewall only, switch to proactive configuration, disable auto-continment, and run pchunter.
add all applications file group to av scan exclusions, open procmon and filter on cavwp.exe file system activity, execute any application and watch cavwp perform file i/o on exe file.
Well, guys, it was nice while it lasted. I have Comodo since 2008 and I can honestly say it never failed me. I guess the pandemic or maybe having too many free users as opposed to the licensed ones put too much strain on the company. Right now we are probably one bad windows 10 update from incompatibility.
So what is our next option after Comodo is no longer supported?
Never heard of Portmaster but I will check it out. I was reading some other forums and it seems WiseVector StopX is doing quite a bit of waves and it has a HIPS component similar to Comodo plus they are also sporting some kind of AI detection method. One thing I don’t like about it is that the developers are based in China.
this “soon” that bugs us as we see this statement for more than a year now… but anyway, lets wait and have more faith, right? just faith, as its all we have after almost 2 years of waiting.
The bug/issue
1. What you did: Added FW Application Rule for all executables. Block Outgoing IP, Source Address Any, Destination Address vkontakte.ru, IP Any
2. What actually happened or you actually saw:Lost connections to some sites, other than vkontakte.ru
3. What you expected to happen or see:I Expected block ONLY vkontakte.ru
4. How you tried to fix it & what happened:---
5. If its an application compatibility problem have you tried the application fixes here?:---
6. Details & exact version of any application (execpt CIS) involved with download link:---
7. Whether you can make the problem happen again, and if so exact steps to make it happen: Yes, problem can be repeated.
Create FW Rule. Block&log Outgoing IP, Source ANY, Destination vkontakte.ru, IP Any.
Open any browser and try to go to https://forum.comodo.com
as result - refused connection and record in FW Log
Hi futuretech
For issue no: 19 we have followed the above steps and couldn't able to reproduce the issue.
Were you able to reproduce this issue on Win 10 ? If so kindly provide us proper steps to reproduce, so that we will reproduce and report this to the team.
We have tried to reproduce the issue no- 21 & 39, unfortunately we couldn’t able to reproduce the issue.
so, whoever added the issue no -21 & 39 in the list of current bugs.
Kindly provide us the related forum link or step to reproduce of these issues for further investigation.
