Program needing admin pivs, run frm Kiosk Desktop, gets blank rating [M200] [v6]

A. THE BUG/ISSUE:

  1. What you did: Copied procmon.exe to desktop, double clicked on it, switched to Windows, opened Killswitch
  2. What actually happened or you actually saw: Procmon.exe x32 and Procomon.exe x64 running with blank file rating column. Procmon unable to capture events (see other bug report)
  3. What you expected to happen or see: Procmon.exe, a signed MS file, trusted
  4. How you tried to fix it & what happened: Check that trust files from trusted vendors was on in Advanced settings, File Rating ~ File Rating Settings, indeed all settings are at defaults. Checked certificate using signcheck, and they are valid. [Edit: but -i -e switches show time validity issue]. Added as installer updater, no effect, added to trusted files, no effect
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)? : Not a software compatibility problem
  6. Details & exact version of any software (except CIS) involved (with download link unless malware): Procmon.exe
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Happens every time I run Procmon in this way
  8. Any other information (eg your guess regarding the cause, with reasons):

B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Appended

  1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: Appended
  2. Screenshots illustrating the bug: Appended
  3. Screenshots of related CIS event logs: No relevant entries
  4. A CIS config report or file: Unaltered IS config, so not appended
  5. Crash or freeze dump file: Not appended
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended

C. YOUR SETUP:

  1. CIS version, AV database version & configuration: CIS 6.0 Build 2674, Database version 14786, Internet security config
  2. a) Have you updated (without uninstall) from a previous version of CIS: No uninstall then install using CIS 6.0 installer.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: HIPS=off, BB=partially limited, Firewall=safe, AV=Default
  6. OS version, service pack, number of bits, UAC setting, & account type: Win 7 Ultimate, SP1, x64, Uac=off, Admin
  7. Other security and utility software currently installed: Comodo Certsentry, Vmware workstation, Logmein, Clipmate, Raser keyboard configurator, Canon Network utility, Bluetooth configurator, Vmware, Filezilla server, WAR-FTP server, Routerstats, Acrobat, Comodo Ivault, FastStone capture
  8. Other security software previously installed at any time since Windows was last installed: None
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: Installed on production

Link to files on FTP server:

ftp://82.69.43.252/CisReport_v6.0.260739.2674_20121229-144436.zip

Config unchanged from this one when bug observed
Username and password as before. If you have forgotten them please consult the Mod’s Preview Board, Mod’s password sticky.

[attachment deleted by admin]

Please note important update regarding certificate which may be relevant.

I was under the impression that KillSwitch only displays trusted for a file if it is trusted by hash. Is this not true?

Interesting thought

AFAIK not in the integrated version, anyway, unless you have been told differently by devs?

Would be confusing for users…

QA are treating these blank ratings as bugs anyway, as they are enquiring about them.

But thanks for moving and checking by bugs and reports, Chiron. A sanity check is really helpful.

So easy to miss stuff…

Mouse

I have not been told differently.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

On testing a few days ago, marked in tracker as a partial fix. Procmon32 gets a rating now, Procmon64, which it seems is unpacked from *32 directly into memory does not.

So leave open I think.

Best wishes

Mouse

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Fixed in 2847

Thanks for checking this.

I’ll move this report to Resolved.