"MKVToolnix" is installed without any alert in 'Paranoid Mode' [M1428]

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, Every time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Download “MKVToolNix Windows 64bit (installer)” from here : MKVToolNix download latest version
2: Run the installer with a double-click.
One or two sentences explaining what actually happened:
Software is installed without any ‘HIPS’ alert.
One or two sentences explaining what you expected to happen:
‘HIPS’ should warn the end-user in order to to choose how to treat the installation process.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Any software except CIS/OS involved? If so - name, & exact version:
MKVToolNix 7.6.0 Windows 64bit
Any other information, eg your guess at the cause, how you tried to fix it etc:
CIS 7 shows a ‘HIPS’ warning. CIS 8 should show a warning, every other installer I have ran under CIS 8 does.

Exact CIS version & configuration:
CIS - Proactive Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS: Paranoid, Autosandbox: Enabled, Firewall: Custom ruleset, AV: Stateful.
Have you made any other changes to the default config? (egs here.):
‘Detect shellcode injections’ is disabled.
Have you updated (without uninstall) from CIS 5, 6 or 7?:
if so, have you tried a a a clean reinstall - if not please do?:
Have you imported a config from a previous version of CIS:
if so, have you tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
OS : Windows 7 SP1, 64bit
UAC: Disabled
Account Type: Administrator
V. Machine: Not used
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=No. b=No.

[attachment deleted by admin]

May be it just unpacks executables to a folder in %Program Files%. In that case the HIPS won’t alert because %Program Files% is not a protected folder nor would it need to ask for elevated privileges. %Program Files% used to be a protected folder back in the days; may be with the v3.x serie.

Does this installer write to the registry. If so what entries are written?

Well, CIS 7 shows a HIPS warning. Besides, the installer writes some executables files and dll´s, CIS 8 should show a warning, every other installer i have run under CIS 8 does.


I’ve made some minor edits to your report. Does everything look correct?

Thank you.

Looks fine. Thank you.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.