A. THE BUG/ISSUE:
- What you did: Was away from keyboard, PC was running an online AV scan from a website, I think.
- What actually happened or you actually saw: When I opened “Network Security Policy” and went to “Global Rules” and clicked “Edit” on “Block And Log IP In From MAC Any To MAC Any Where Protocl Is Any”, the “Log as a firewall event if this rule is fired” had gotten unchecked on its own. This has happened to me perhaps 5 times in the last month now. It seems to happen randomly, I cannot see a pattern to it.
- What you expected to happen or see: I expected to see the “Log as a firewall event if this rule is fired” to remain checked as I had set it.
- How you tried to fix it & what happened: I checked it. Earlier I tried to import a new configuration from “Manage My Configurations”. Seems to not have worked.
- If a software compatibility problem have you tried the compatibility fixes (link in format)?: No.
- Details & exact version of any software (execpt CIS) involved (with download link unless malware):
- Whether you can make the problem happen again, and if so precise steps to make it happen: I don’t know how.
- Any other information (eg your guess regarding the cause, with reasons): I thought it might be a corrupt configuration, which is why I tried to import a new one, but it has not solved the issue as it keeps happening. I suspected malware, but have ran countless scans with different software. I tried it might be an incompatibility issue with MSE, so I have uninstalled that, but it has not solved the issue either. Have also noticed that “Computer Security Policy” adds an “Applications” list with various applications that are granted full rights apart from “Run as executable” when using Paranoid mode in Defense+. This happens very similarly as the original issue in this post; at random times, seemingly without a pattern, so I’m choosing to post it as well.
B. FILES APPENDED. (Please zip unless screenshots).:
- Screenshots of the Defense plus Active Processes List (Required for all issues): Attached
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs:
- A CIS config report or file:
- Crash or freeze dump file:
- Screenshot of More~About page. Can be used instead of typed product and AV database version: Attached
C. YOUR SETUP:
- CIS version, AV database version & configuration: Comodo - Internet Security
- a) Have you updated (without uninstall) from a previous version of CIS: No.
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
- a) Have you imported a config from a previous version of CIS: No.
b) if so, have U tried a standard config (without losing settings - if not please do)?:
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No.
- Defense+, Sandbox, Firewall & AV security levels: Defense+ = Paranoid Mode, Sandbox = Enabled, Firewall = Safe Mode, Antivirus = On Access.
- OS version, service pack, number of bits, UAC setting, & account type: Windows XP Pro, SP3, 32, No UAC in XP, Administrator account
- Other security and utility software currently installed: Malwarebytes’ Anti-Malware
- Other security software previously installed at any time since Windows was last installed: Microsoft Security Essentials, RegRun, McAfee Security Scanner
- Virtual machine used (Please do NOT use Virtual box)[color=blue]: None.
[attachment deleted by admin]