Tried the new CIS on an older machine and am getting the same prompt like in the Italian forum:
https://forums.comodo.com/italiano-italian/hips-popup-open-hostsbat-is-trying-to-execute-notepadexe-t97394.0.html
My Italian really sucks 
so Iām putting it here again.
Thanks and Greetings
Hello r1d1,
I think it could be a virus.
The good news is that Comodo Defense+ block it.
Try to execute a complete scan.
Greetings
fuco
Thanks fuco,
virus was my first thought too, but neither Comodo nor Avast or Kapersky found anything.
I checked half of Windows-Registry manually, all Autoruns, every Serviceā¦nothing unusual can be foundā¦
There is no entry in the Comodo Logs or reports, itās just the pop-up. As I said, I canāt locate a file named
āopen host.batā, no subroutine callā¦
Maybe itās a CIS-internal thing, which only occurs under some weired circumstances?
Very strange thingā¦
Thanks + Greetings
Hereās a different way to look at it - rather than looking for a file called āopen hosts.batā, is it possible that something else is trying to āopenā a file called āhosts.batā and in doing so is invoking notepad to āopenā the file?
Iām just trying to think outside the box and kept coming back to this. To me, āopen hosts.batā looks like a parameter, not a filename.
How you track down what the āsomething elseā is, I donāt know, but hopefully a thought from left field will get you thinkiing differently.
Hope this helps,
Ewen 
Thinking further, I suspect that āsomething elseā isnāt trying to invoke notepad.exe, I think that notepad.exe is being automatically executed with the parameter āopen hosts.batā.
Search all autorun locations (services, registry, etc.) for notepad.exe.
To start with Iād do a search of the registry.
Hope this helps,
Ewen
Hi panic! Everything is helpful and every idea is highly appreciated. Thanks for you time.
Thus far no luck, no Parameter or any call at all (notepad or anything else) which leads in any way to
host *hosts.bat or even any other *.bat
Right now Iām scanning the whole system and all files+content via text search for any hosts terms inside files, but this will take 1 or 2 days.
Thanks to all, have a nice week!
I installed CIS on another computer and was able to reproduce the pop-up:
HIPS must be at least in āSafe modeā and popup alerts must be set to āverbose modeā.
Next thing is a bit tricky: CPU has to be really busy (at least here with my device) and in this case the same pop-up came up for a very short time right before another
So Iām pretty sure it must be a Comodo thing which you just canāt see in usual circumstances, because the pop-up is really fast. That would explain why thereās no log entryā¦
Question is, what exactly does CIS do and why?
Greetings!
Found the term a few times in /themes/default.setā¦so it is a CIS thingā¦
See attachment.
Iām no html guy, but it seems the ādisplay:noneā in the css messes up, somehowā¦
Iāll check the whole thing if time permits.
Greetings
[attachment deleted by admin]
Just built a new computer, installed windows 7, 64 bit. And installed the new CIS. Iām also getting the same box popping up. Plus, I have to reboot the machine because it wonāt let me choose any of the options like deny.
hi guys,
iām having the same problem here. right after logging into the system i sometimes get this message, but canāt click it. also the popup is only half visible (top half). after about 1 second it is overlapped by another popup informing me that CCC.exe (AMD / ATI driver ā catalyst control center) is trying to do something, although it is specifically set up as āallowed applicationā.
ever since iāve upgraded from v5.x to 6.3.x iāve had problems with comodo. from time to time it simply decides to forget every single rule iāve set, resulting in random bull sh** behaviour like blocking my graphics driver (even with the whole folder set to āallowed applicationā in HIPS). sometimes it decides to block my antivirus program instead (avira). after telling it explicitly to allow every single exe / dll of the affected program, it will work for 3-4 sessions. of course it then tells me that the rules already exist (you donāt say!). then the whole cr*p starts all over again. a reinstall of both avira and comodo only helped for about 5 days. anyone with similar problems here?
I can confirm the appearance of open hosts.bat in the question window.
Its somehow a hdd symbol, but changes in between one second to the file that should appear in the question.
Could you run Rating Scan and when Catalyst files show up have them moved to Trusted Files list? Thatās how I deal with them. It may not be pertinent to your case though.
Are the Comodo installation folders excluded in Avira? Can you try uninstalling Avira to see if there may be is a compatibility issue at hand?
If you want to start using the Comodo AV go to Add/Remove components of the Comodo Firewall installer in the start menu.
Hi, guys,
Itās not a virus, not a system problem, itās a Comodoās bug.
This is by (bad) design. The āopen_hosts.batā and ānotepad.exeā are placeholders for the real programs in an alert message. If your system is fast enough, you will see the correct program names in the alert all the time. But if the cpu load is very high, the alert is displayed and the alert details will be changed afterwards.
It would be smarter to have āemptyā placeholdersā¦
In this case, it would be better to optimize the alert output to the minimum resource consumption. Less graphics more efficiency.
will try to do that. although iāve already added the AMD / ATI executables to the trusted files list. also amd / ati is a trusted vendor and comodo still does not recognize these filesā¦ is it possible that itās a UAC issue here because iāve just tried to add the whole folder (c:\program files x86\ati technologies) and it said it canāt add empty filesā¦
iāve already tried several uninstalls on both avira and comodo. now it seems to be running somehow, but i think the avira install got corrupted because comodo blocked every single installation step and avira keeps whining about missing or disabled web features. during the installation of avira i got this openhosts.bat ābugā again several times. the system load canāt be high at all. iām running a phenom 2 x6 1090t cpu which never reaches 25% total load under desktop conditions.
regarding comodo AV: some years ago iāve already tried c-AV and it did not really convince me. iāve deliberately downloaded a few infected files and c-AV was only able to detect about 50%, while avira flagged all as malicious. also, as far as i know, c-AV lacks some crucial functions like autorun blocking (on removable media), which is very important for me. i have to take care of about 20 systems in my circle of friends / family and quite often thereās some infected usb stick among the problems. so switching to linux to circumvent an infection sometimes is not an option. also, iāve installed comodo on all of these systems in combination with avira, because iāve had no issues until recently and this protection level seemed to be adequate especially for my family members who are not as tech-savvy as me and just want to check their email and whatnot.
iām still wondering, is there a way to effectively reset the whole comodo (HIPS) configuration? since iāve learned that the settings are stored in the registry (why???) itās very important to me that a possible reset should be clean and thorough without the need to manually clean up the mess.
rating scan completed. yet again core features of the catalyst software ended up as unrecognized files. after my uninstall / reinstall berserk run just before xmas it was ok until now.
the files weāre talking about here are mainly CCC files among a few other ones; avira remains somewhat functioning.
typing the list
mom.foundation.dll
log.foundation.dll
(mediaespresso.exe - came with the LG bluray suite)
adiamenu.dll
atidxx64.dll
(is-rhq91.exe - has a cdburnerXP iconā¦ maybe a part of that)
atiuxp64.dll
(mscorlib.ni.dll - .net framework?? gave me some hard time with the install, comodo bombarding me with messages)
log.foundation.private.dll
mom.implementation.dll
(is-n3470.exe - apparently cdburnerXP again)
(system.ni.dll - .net framework??)
(miranda32.exe - i use it every day. no idea why comodo decided not to trust it anymore)
(cinergydvr.exe - my tv software, also used on a daily base)
iāve added only the CCC files to the trusted files list this time. the others remained āignoredā.
until today iāve added these CCC dlls several times to the trusted files list and time after time it got ā ā ā ā ā ā ā upā¦
since it still does not let me open the CCC panel iām trying to reboot.
well, guess what, itās still blocking the CCC suite.
both FW and HIPS were running in safe mode. running CCC did not even show up in the HIPS logs. iāve tried switching HIPS to game mode, nothing. tried clean pc mode, still nothing. now i went back to safe mode, but now at least it produced several HIPS log entries.
2x: c:\program files x86\ati technologies\ati.ace\core-static\mom.exe - flags: create process - target: ā¦\ccc.exe
1x: asus updater, unimportant
1x: c:\windows\syswow64\drivers\asupio.sys - flags: scanned and found safe
1x: system - flags: modify file - target: c:\windows\system32\logfiles\wmi\rtbackup\ETwRTSteam Event Tracing.etl
also iāve noticed that the HIPS and FW rules shrunk down from several hundred entries to about 40 each. is the temporary HIPS clean pc mode responsible for this? if so, why did it āresetā/ mess up the FW rules?
edit: well i guess thatās the āforget eventā described in my other post (https://forums.comodo.com/defense-sandbox-help-cis/hips-forgets-rules-t100199.0.html)
update: iāve checked the rulesets again, the blocked CCC component mom.exe was still in the rules, yes, it was working until today as āallowed appā, but iāve switched the rule to windows system process. now, after starting CCC via desktop context menu, at least it asked me if i want to allow āmmloaddrv.exeā. the CCC shows up now. why did it not ask me before? it simply blocked it, no questions askedā¦ yayā¦
still i donāt get why this happens at all over and over again.
I also get this sometimes, on a pretty new Win 7 machine. No matter how many times I click Allow and remember, it eventually reappears.
Hello All,
I know this is a bit old topic, but Iām still facing the same issue 
ā¦ The issue occurs with me when I keep the Comodo Dragon or Google Chrome running for a while and Iām not using my laptop. I could leave some downloads running or so, when I try to use the laptop again, I get this error and I lose control over the laptop. So, I was wondering, has anyone been able to resolve this?
Thanks.