A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
Every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:Make sure AV is set to auto-quarantine detected threats. 2:Then disable the AV, disable the Behavioral Blocker, and set the HIPS to Safe Mode. 3:Download Zemana AntiLogger from this page (password is zemana). 4:Run Zemana AntiLogger by double-clicking it. 5:Note that now CIS detects it and sends it to quarantine. However, Zemana Antilogger is still allowed to run if HIPS alerts are allowed.
If not obvious, what U expected to happen:
If it is detected as dangerous it should not be able to run from quarantine.
If a software compatibility problem have U tried the conflict FAQ?:
NA
Any software except CIS/OS involved? If so - name, & exact version:
NA
Any other information, eg your guess at the cause, how U tried to fix it etc:
A video showing this issue, along with other configurations, can be seen here: - YouTube
[/ol]
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
CIS 7.0.317799.4142
Have U made any other changes to the default config? (egs here.):
No, it is at default
Have U updated (without uninstall) from CIS 5 or CIS6?:
No, this was a clean install in a clean system.
[li]if so, have U tried a a clean reinstall - if not please do?:
Yes, but the same problem was shown
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
8.1 u1 64bit, UAC disabled, administrator, no v.machin
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None b=None
[/ol]
I have CIS installed with this settings:
Antivirus: Stateful
Auto-Sandbox: Full Virtualized
Hips Safe mode.
Then try to run malware, AV module quarantine it and stop execution, this is OK.
Now disable AV, and try to run malware again, malware is quarantine it and stop execution by cloud.
For last i disabled Sandbox, and try to run malware, now comodo detect it and send it to quarantine, BUT MALWARE RUN FROM IT (you can see in video on 0:23).
I think this bug is more dangerous on Firewall (no av module) users.
This is certainly strange behavior, and I think is worth submitting to the devs for consideration. However, please edit your first post so that it is in the format provided here. Just copy and paste the code into your post. Then replace the question marks with your responses. You can use preview to see what it will look like.
Once I have the information in that format I can better understand this issue. It will also make sure that the devs have enough information to fully replicate this.
Thank you. It looks very good. I made some changes to the first post. Please look it over and make sure that it still accurately reflects this issue.
Also, I had a question. Does this same behavior occur even if you reboot the computer, disable the AV and BB, and then run the malware? I want to make sure that this issue is not specifically related to the way in the video that you first ran with all 3 active, then you disabled the BB, then you disabled the HIPS. I want to make sure that if the devs test by disabling the AV and the BB they will be able to see the behavior.
b152, please see the comments in my previous reply. Is the first post still correct, and can you please comment on my question about whether it replicates just by using the HIPS only from the beginning? I need to clarify this before forwarding this to the devs.
In that case, just to be very clear as I am ready to forward this to the devs, is everything in the first post (including the steps for reproduction) entirely correct?
Also, and I’m sorry I did not notice its absence earlier, but could you please create and attach a diagnostics report to your first post?
I’d rather not forward this yet then, as this issue may be related to the other issue. Let’s first focus on the freeze, and if that can be fixed we’ll come back to this bug report. For the time being I will move this bug report to the Incomplete Issues section, if that’s okay with you.
As for the freeze issue, was that happening the entire time, or did it start after a while?
Also, if you have not already, please try reinstalling by following the advice I give in this topic and let me know if that is able to solve this issue with the freeze.
I’m sorry, but that is not a link to a bug report. You had mentioned that there was another bug report which showed the same issues you are having. Could you please provide a link to that?