"Partially Limited" applications can manipulate Windows Firewall [M1064]

A. THE BUG/ISSUE (Varies from issue to issue)
Can U reproduce the problem & if so how reliably?:
Yes, Every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
1: I’ve made two simple non-malicious test applications named : Enable Firewall and Disable Firewall.
2: Run a test application under “Partially Limited” restrictions.
One or two sentences explaining what actually happened:
Windows Firewall is successfully manipulated by “Partially Limited” applications.
One or two sentences explaining what you expected to happen:
Sandboxed applications as “Partially Limited” should be able to read settings without being able to modify them or/and should at least inform the user about modifications.
If a software compatibility problem have you tried the conflict FAQ?:
Any software except CIS/OS involved? If so - name, & exact version:
Windows Firewall.
Any other information, eg your guess at the cause, how U tried to fix it etc:
Windows Firewall can be manipulated only under “Partially Limited” restrictions.
Tests compatibility : 32-bit and 64-bit support for Windows XP, Windows 7 and Windows 8.1.

Exact CIS version & configuration:
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default Configuration.
Have U made any other changes to the default config? (egs here.):
Have U updated (without uninstall) from CIS 5 or CIS6?:
if so, have U tried a a a clean reinstall - if not please do?:
Have U imported a config from a previous version of CIS:
if so, have U tried a standard config - if not please do:
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
OS: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.140303-2144)
UAC: Disabled
Account type: Administrator
V. Machine: Not used
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=N/A b=N/A

[attachment deleted by admin]

Was this CIS you had installed? If so, was the Firewall component enabled or disabled before starting this test?


Yes, CIS - Default Configuration.

I’m not sure if this behavior is intended.

The reason I ask is that I believe CIS works the same regardless of whether Windows Firewall is disabled or not. Therefore, it may be intentional, or at least something which they are not worried about.

However, have you tried this with Comodo Antivirus installed? This has no Firewall component, and therefore, if it still allows sandboxed programs to disable Windows Firewall this seems like a vulnerability which should at least be forwarded for consideration. Please try it for Comodo Antivirus and let me know the results.



I’ve tried my tests on CAV and it successfully ran. Conclusion : It is independent of COMODO Firewall.
Please note that these tests are “harmless” as malicious applications will not be so light.

Thank you.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version and let me know if this is fixed on your computer with that version.

Thank you.


The devs have marked this as Fixed in the tracker. The tracker says this has been fixed in a previous build. Can you test the latest version and let me know if this is fixed or not.

Thank you.

Fixed in version <>.