MameUIFX32 0.152 cannot be "trusted"

Comodo Internet Security - CIS Resolved/Outdated Issues Beta Corner - CIS
1

Hi
I don’t know if this is the only application of it’s type, but MameUIFX32 0.152 (MAMEUIFX - Download), has a problem on Comodo Internet Security 7 (7.0.308911.4080, database 17780, Virusscope recogniser 7.0.46767.7080), running on either Windows 8.1 Pro 32 bit or Win 7 Ultimate SP1 x64.

I am using the default configuration in both cases. I had previously uninstalled the 6.3 release of CIS in each case, before installing the beta. I have Malware Bytes 1.75.0.1300 installed but not in real time mode.

  1. To reproduce, download and install the insaller file (mameuifx32_0152.exe), e.g. to c:\mame
  2. This will produce a (large, c. 75 Mbyte) file mameuifx32.exe, which is the main executable.
  3. When you run mameuifx32 (from shortcut or command line) to run the application, you will find Behaviour Blocker pops up a prompt (Run Isolated, Run Unlimited, Block).
  4. If Trust this application is checked and then “Run unlimited” selected, to run the application, the application starts and runs OK.
  5. However, if MameUIFX32 is closed and re-run, the Behavior Blocker appears again - in short the “Trust this application” seems to have had no effect.

Even adding the application to the trusted files via the Comodo settings windows has no effect - the Behaviour Blocker prompts every time the application runs… I would expect the “Trust this application” would mean that subsequent runs of the application would not cause the Behaviour Blocker to reprompt.

Speculation/question: Is the fact that the mameuifx32.exe executable is large (75 MByte) anything to do with this? I’ve not seen this problem on most applications I’ve “Trusted”.?

I’ve attached the diagnostics report.

[attachment deleted by admin]

2

Quick update on this:

Although adding this to the Trusted files or checking the “Trust this application” does NOT prevent the Behaviour blocker kicking in - I hoped it wouldn’t after I’d added this to the Trusted files…
However adding it to the list of Behaviour Blocker exclusions in the settings does prevent Behaviour Blocker from kicking in - i.e. perhaps the “bug” is more cosmetic - the “Trust this application” could perhaps instead add it as a BB exclusion?

NOTE: Turning Virusscope on/off didn’t change the behaviour.

3

Submit the program to be whitelisted if you think it is safe. Scan with VirusTotal to be sure it is safe. :slight_smile:

4

Scanned the program with VirusTotal and it looks safe: VirusTotal. Only Antiy-AVL it as malware.

5

If I have understood what the devs have told me correctly this is by design. The file size must be lower then 40MB or the maximum AV Realtime file size, as set in the configuration.

Therefore, I will assume this is the same issue and move this to Resolved. If you find that even if you change the settings to larger than 75MB it still cannot be trusted please respond to this topic and let me know that it is not the same issue.

Thanks.

6

Thanks Chiron - will check and let you know here.

Mike