A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
Yes, very reliably.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Running Comodo on Proactive profile, HIPS enabled, Containment disabled.
2: Install Ransim Ransomware simulator.
3: Run the test.
One or two sentences explaining what actually happened:
Comodo HIPS mode (HIPS enabled- Safe Mode, Containment disabled) fails against Ransim unless the rule C:\Users* is added to Protected Files at Protected Objects settings.
Additionaly, the Run Restricted containment rule (WITHOUT VIRTUALIZATION), either set to Restricted or Untrusted, will fail all tests unless adding C:\Users* and also \Device\KsecDD to Protected Objects - Protected Files.
I also tested Comodo on Proactive profile using Cruelsister’s configuration (RUN VIRTUALLY WITH RESTRICTED LEVEL) and Anti-executable/DefaultDeny configuration (BLOCK UNKNOWNS) and Comodo passes on all Ransomware simulation tests if using said configurations.
One or two sentences explaining what you expected to happen:
I expected HIPS mode and Pure Restrictions settings to pass all of Ransim’ tests.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
No and not necessary.
Any software except CIS/OS involved? If so - name, & exact version:
Ransim Ransomware Simulator v1.1.0.7 - Download Link
v1.1.0.7 contains 10 tests in which the reported problem is happening.
Also Ransim Ransomware Simulator v1.1.0.76 - Download Link
v1.1.0.76 contains 15 tests in which the same reported problem is happening.
Any other information, eg your guess at the cause, how you tried to fix it etc:
Adding C:\Users* and also \Device\KsecDD to Protected Objects - Protected Files solved the problem.
B. YOUR SETUP
Exact CIS version & configuration:
CIS V12.0.0.6882 - Proactive Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS enabled - Safe Mode, Containment disabled, VirusScope disabled, everything else enabled.
OR
Contaiment enabled and set to RUN RESTRICTED - Restricted or Untrusted, VirusScope disabled, everything else enabled.
Have you made any other changes to the default config? (egs here.):
Disabled VirusScope.
Have you updated (without uninstall) from CIS 5, 6 or 7?:
No.
if so, have you tried a a a clean reinstall - if not please do?:
This is a clean install.
Have you imported a config from a previous version of CIS:
No.
if so, have you tried a standard config - if not please do:
Not necessary - see above.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 Pro SP1 Fully Updated, 64 Bit, UAC Disabled, Administrator Account, Real System.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None. b=None.