A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, very reliably.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Running Comodo on Proactive profile, HIPS enabled, Containment disabled.
2: Install Ransim Ransomware simulator.
3: Run the test.
One or two sentences explaining what actually happened:
Comodo HIPS mode (HIPS enabled- Safe Mode, Containment disabled) fails against Ransim unless the rule C:\Users* is added to Protected Files at Protected Objects settings.
Additionaly, the Run Restricted containment rule (WITHOUT VIRTUALIZATION), either set to Restricted or Untrusted, will fail all tests unless adding C:\Users* and also \Device\KsecDD to Protected Objects - Protected Files.
I also tested Comodo on Proactive profile using Cruelsister’s configuration (RUN VIRTUALLY WITH RESTRICTED LEVEL) and Anti-executable/DefaultDeny configuration (BLOCK UNKNOWNS) and Comodo passes on all Ransomware simulation tests if using said configurations.
One or two sentences explaining what you expected to happen:
I expected HIPS mode and Pure Restrictions settings to pass all of Ransim’ tests.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
No and not necessary.
Any software except CIS/OS involved? If so - name, & exact version:
Ransim Ransomware Simulator v22.214.171.124 - Download Link
v126.96.36.199 contains 10 tests in which the reported problem is happening.
Also Ransim Ransomware Simulator v188.8.131.52 - Download Link
v184.108.40.206 contains 15 tests in which the same reported problem is happening.
Any other information, eg your guess at the cause, how you tried to fix it etc:
Adding C:\Users* and also \Device\KsecDD to Protected Objects - Protected Files solved the problem.
B. YOUR SETUP
Exact CIS version & configuration:
CIS V220.127.116.1182 - Proactive Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS enabled - Safe Mode, Containment disabled, VirusScope disabled, everything else enabled.
Contaiment enabled and set to RUN RESTRICTED - Restricted or Untrusted, VirusScope disabled, everything else enabled.
Have you made any other changes to the default config? (egs here.):
Have you updated (without uninstall) from CIS 5, 6 or 7?:
if so, have you tried a a a clean reinstall - if not please do?:
This is a clean install.
Have you imported a config from a previous version of CIS:
if so, have you tried a standard config - if not please do:
Not necessary - see above.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 Pro SP1 Fully Updated, 64 Bit, UAC Disabled, Administrator Account, Real System.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system: