Protected Data Folders doesn't work as help files claim [V7B][HF][M810]

2. The full product and its version e.g. COMOOD Firewall 7.0.308911.4080
COMODO Internet Security Premium Beta 7.0.308911.4080

3. Your Operating System (32 or 64 bit) and Service Pack revision. and if using a virtual machine, which one.
Windows 8.1 64bit (Real system i.e no VM used)

4. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?
No, more differences than I have time to write down, will attach my configuration file.

5. Did you install over a previous version without uninstalling first, or import a previous configuration file? (please try to avoid doing these things until we are told it is safe)
No and No, Clean install and started on a new configuration.

6. Other Security, Sandboxing or Utility Software Installed
OpenDNSCrypt, Zemana AntiLogger Free

7. Step by step description to reproduce the issue

[ol]- Make a folder and add it to the “Protected Data Folders”

• Create a file in the protected folder
• Edit it with optional software like notepad or notepad++ etc[/ol]

Video Demonstration: Issue with Protected Data Folders in CIS - YouTube

8. What actually happened when you carried out these steps
Notepad was able to edit the files
Explorer.exe was able to delete the files
An unknown .bat file was able to delete the files on the condition that you allowed the HIPS pop up that the bat was trying to modify a protected file. (I had BB disabled)

9. What you expected to see or happen when you carried out these steps, and why (if not obvious)
I expected notepad, explorer and the bat file to display an Access Denied or something like that because of what the help file located here says:

CIS enables you to specify folders containing your [b][u]valuable[/u] and [u]sensitive[/u] personal data[/b] or application data and to be protected from access by [b][u]other programs[/u][/b], especially malicious programs such as virus, Trojans and spyware. The valuable folders contained in the folders added to the 'Protected Data Folders' list will be [b][u]denied anyone[/u] and [u]any program[/u] the ability to modify the file[/b] - avoiding the possibility of [b][u]accidental[/u] or deliberate sabotage[/b]. If a folder is 'Protected', the files in it can still be accessed and read by users, [u][b]but not altered[/b][/u].

[attachment deleted by admin]

I agree with your categorization of this as a help file error. I believe what’s actually going on is that trusted programs are allowed to alter these protected folders. However, unknown applications, which will include malware, cannot. However, the Help File does not say this. Therefore, I will add this to the tracker as a Help File Error.

Thank you.

I’m not entirely sure that’s what’s going on, because I made a bat file that removed a file and the bat file was unknown, with HIPS I just had to allow it, gave me an alert though so it’s not like it just outright allowed it.

But the thing is, if trusted applications are allowed to modify the files, then what makes this different than the protected files/folders? They’d be exactly the same then and the addition of this doesn’t make any sense?

Good testing

I think what may be going on Sanya, is that HIPS settings and the BB no longer interact?

See if you can validate that. It would be interesting to know

Best wishes

Mike

I don’t understand what you mean? I had BB off for the test, you want me to turn it on? ???

Protected Data Folders is maybe just a HIPS concept, not a BB concept?

Does changing anything in HIPS section {Edit} affect the BB any longer?

Not tested, just speculating.

I don’t know, but like you say “Protected Data Folders” is “maybe” just a HIPS concept, but in the video I made the demonstration with BB off i.e no sandbox, which means that notepad.exe was not run in the sandbox and it was allowed to modify the files and the .bat file was not sandboxed and it was allowed (by alert) to modify the file.

Hi Sanya.

Alerts is the only protection you get via HIPS. Could you post the alert?

If I an right and HIPS and BB have been totally separated then removing a folder/key from say protected folders/keys will not affect the ability of BB’d apps to delete it.

It’s just something I thought I observed during Beta, I have not tested it yet.

Well I made a second video and hopefully you get the information you want from it, please watch the whole thing and don’t skim it, video is here: Issue with Protected Data Folders in CIS (Take 2) - YouTube (might still be processing)

OK Sanya thanks. So if I noticed correctly - I watched it all.

1. HIPS alerts modifications are blocked if not made by allowed file
2. BB blocks modifications if not made by trusted file

I confirmed 2 myself.

But you appear to say above it does not do 2?

Maybe could you give me the timing of that part of the video - it’s 10 mins, so I don’t want to watch it all again.

Best wishes

Mike

To make this easier could you quote the part where I “[…] appear to say above it does not do 2?” since I don’t think I did, my initial bug report was with BB disabled… it had nothing to do with BB at all… ???

OK Sanya missed the bit about the BB being off. It is probably worth saying that in the formatted report even though you have provided config file, which is good of you.

So are we all now agreed this is a Help text problem. The help file should say protection is provided from unknown files with the BB or HIPS is on. In the case of the BB access is denied, in the case of HIPS you get an alert.

Is that about right?

Mike

In the bug report, last words in point 8… I know, it should have been under point 4 but along with what other configuration changes? How should I know which ones I should mention and which ones I shouldn’t?

We aren’t though, if the Protected Data Folders works in the same way you describe then what is its purpose if it’s going to do the exact same thing as the Protected Files/Folders? Why have two things that does the same exact thing? That doesn’t make any sense whatsoever… ??? I still think this is bug with how the Protected Data Folders work in CIS, I believe the help files say what it is supposed to do but that CIS doesn’t follow it correctly, maybe someone did something wrong and used a wrong variable or something which made it take on the role as Protected Files/folders instead of Protected Data Folders… Because currently it works in the exact same way as Protected Files/Folder, well there could be a possible exception for the BB since I don’t know how it deals with protected files/folders because I simply never use BB so haven’t bothered learning it… But for the HIPS it works in the same exact way as Protected Files/Folders, I just don’t understand how everyone can get it to help file issue since that would mean that Comodo made two features that does the exact same ■■■■ thing!

Sorry about the above post, just getting a bit frustrated.

It’s OK Sanya you posted nothing offensive. But please realize I am looking at a very large number of reports each day, so I may miss the odd word!

Re your point it would be good to know if they work exactly the same, but certainly very similar.

I think it may be a usability and security issue

If people have use protected folders, they are faced with a list of things that it is critical they don’t change

So a separate facility removes that anxiety and risk to an extent. Again just speculation.

Best wishes

Mike

I see, still I think it’s more likely that the Protected Data Folders is supposed to work as the help files state but that it for some reason has taken on the role as a secondary Protected Files/Folders… I guess it’s more that I want it to be that, because it’s something that would make a good addition to CIS, what the help files say would be a good feature, what it currently does is redundant.

That is certainly possible, I will inquire

Best wishes

Mouse

On reflection I think it depends what ‘other programs’ in " protected from access by other programs" means

It could mean ‘unknown programs’, it could mean ‘other than that which creates’ it, it could mean ‘other than that on the access list for the file’. In the latter case an access list would be needed.

Just for info, what do you think it means Sanya?

Best wishes

Mike

I don’t know what they mean with “other programs” but later they also write “denied anyone and any program the ability to modify the file” and last time I checked “any program” does not exclude trusted programs.

Well if you include trusted programs there would have to be an ‘access allowed’ list? So I think the lack of it is conclusive regarding the intention?