Process Lasso Pro causing Defense+ intrusion logging

Comodo Internet Security Complete 5.8 is logging Process Lasso Pro in Defense+ repeatedly as an intrusion. I’ve left my laptop on for quite awhile 4073 intrusions have been logged. This application is marked as a safe vendor so I would like it to stop logging what’s it’s doing as an intrusion.

Now I’m a paid user but ■■■■ GeekBuddy is taking an eternity to get anyone to support me. I’ve been waiting for 2 hours or so still no one has connected to me. Hopefully you get this resolved quickly. Wait times are too long.

I started a post at their forum if you would like to read:
http://bitsum.net/forum/index.php/topic,1070.0.html (There are details there you might want to look at what Process Lasso Pro is trying to do).

The developer is working on a solution & would like to work with you in solving this issue. I hope you guys assist him in getting this program to work flawlessly with Defense+.

I am unsure how to give this program full access rights hence why am using GeekBuddy. I used the computer security policy located in the Defense+ tab. Then I chose Defense+ rules and added two .exe to the list but still it’s logging the intrusions.

Screenshots attached:

[attachment deleted by admin]

Unfortunately this is going to continue as long as Process Lasso is attempting to access CIS’s processes in memory. CIS is protecting itself by blocking this. You can however tell CIS to allow this.

You may find this thread helpful.
‘Access memory’ event log entries - how can I suppress these? [v5]

If you look at my screenshots that’s what I did. Only thing I didn’t do was add it to the Defense+ exclusions list. Sadly this doesn’t work. Defense+ is still logging it as an intrusion.

I did look at your screenshots, but exclusions said 0/0. Meaning, no applications have been set up to allow interprocess memory access.

You will need to add both of the process lasso processes. ProcessLasso.exe and ProcessGoverner.exe.

I think there might be a slight bit of confusion here…

ProcessLasso.exe and ProcessGoverner.exe need to be added to COMODO Internet Security file group (first image) for Interprocess Memory Access under the Protection Settings tab (second image), not the visible tab in the image.

edit: Added a third image for clarification, showing the correct tab (Protection Settings).

[attachment deleted by admin]

I’ve seen this. You’re getting hundreds of so called “intrusions” logged on the summary page of CIS, right? You can find that these “intrusions” are caused by process lasso pro. Well, I’ve had the same problem except with killswitch running in the background and trying to access CIS files in memory. This is how I solved it:

Defense+ tab → Computer Security Policy → Defense+ Rules

You’ll find the title in this list called “COMODO Internet Security” and when collapsed it shows cfp.exe, cmdagent.exe and so on. Highlight this title and click the edit button on the right. Click “Customize” and go to the protections tab. The farthest right column says Exceptions so click on Modify under this column for “Interprocess Memory Access”. Click Add, then Browse and find the file that keeps getting logged. In your case, add “ProcessLasso.exe” and “ProcessGovernor.exe”. Click Apply and you’ll be done.

Step by step:

  1. go to the defense+ tab
  2. click on computer security policy
  3. click on the defense+ rules entry Comodo internet security. You click on the line where it says custom policy. *
  4. Click customize
  5. go to the protection settings tab **
  6. In the interprocess memory access row click on modify ***
  7. add ProcessLasso.exe and ProcessGoverner.exe to the exceptions(Add/browse/apply)
  8. hit apply
  9. hit ok
  10. hit apply
  11. hit ok


**


HeffeD, Baxan & Miroku4444 you guys have been of great help.

Just a note to HeffeD please try to explain in much simpler terms like Baxan & Miroku4444. I guess it’s my fault for not telling you I’m a novice in using the policy settings in Comodo Internet Security. I found it hard trying to guess what you explained to me. I even added the files to the exclusions list in Defense+ settings exclusions list because of the confusion :stuck_out_tongue:

I’ve sorted it now and there are no more intrusion logging happening. The developer is already working on a workaround and probably might contact Comodo please give your attention to this issue.

I need to highlight this as I always admit my mistakes. My first post I highlighted the issue of GeekBuddy wait times. It seems there might have been an issue with my wifi & after a few tries I got assistance right away sadly I had solved my issue already so couldn’t test how GeekBuddy would have solved it. I know though they would and I’m happy to be paying for this great service. Sorry again and keep up the good work.