Puff the Magic Dragon! - Verification Engine Incites Comodo's Firewall

Huh!? ???

There seems to be a bit of contention here from the same software author…

Who is fighting who here?

Out of the blue Verification Engine has attempted to modify a registry key and Comodo’s firewall want’s to put a stop to it… Why?

This window popped up for no apparent reason… why? I am a little baffled.
Why don’t these guys recognise one another? They should be best buddies and work hand in hand.

How does one answer this pop up? I have just cancelled it and waited for 15 minutes and it never came back. I would like to know what actually happened here?

Not sure if this post belongs here or under VE thread… so I’ve placed it in both.

Cheers,
Mark

Hallo mv331,

Please confirm if you are using the latest version of Vengine (2.7.0.17)

Vengine.exe should be either safelisted by signature or by vendor (Comodo CA Limited) but the screenshoot you posted mention that vengine was not recognized.

Please Run %ProgramFiles%\COMODO\VEngine to open Vengine folder.

Right-clicking on VEngine.exe and selecting Properties will open a dialog where you can select Digital Signatures Tab to verify if Vengine.exe is corrupted by clicking the Details button.

The registry key mentioned in the alert you posted belong to Vengine thus it should be safe to allow.

I guess you have more than one accont on your windows OS and you were not logged on the primary account.

AFAIK vengine is installed for all accounts on your PC thus the HKUS key is likely involved in the process of updating vengine settings for the other accounts.

[attachment deleted by admin]

Hi,
yes it is version 2.7.0.17

The digital signature appears ok to me.

Yes there are 2 accounts on the PC running Vista and this did happen in the primary account profile. It was also updated and installed in the primary account in the last few weeks and is the first time for this to happen.

Thank you
Mark

Are you using Proactive security? (Right click CIS>Configuration>Proactive Security)

If yes, AFAIK, you will get pop ups for registry changes for ‘safe’ programs too. Try the same in Internet Security mode and you may not get that alert.

The digital signature is ok so vengine is fine. The registry key mentioned in the alert is apparently something that pertains a nextupdate (maybe a date for the next update).

If you are not using D+ CleanPC mode to confirm if vengine.exe is safelisted on your CIS installation you can try to add vengine to pending list (safelisted apps cannot are removed automatically from the pendding list)

Defense+ Tasks > Common Tasks >My Pending Files > Add button > Browse running processes | vengine.exe

If vengine.exe is added to pending list then it is not safelisted but you can press the lookup button (it will check Comodo online master safelist) to update you local safelist.

If vengine.exe is not added to pending list (or if it is not already listed there in case you are using D+ cleanpc mode) then vengine is correctly safelisted.

Are you are using CIS 3.9 too? The bundled safelist of previous versions of CIS was created before the release of vengine 2.7.0.17 and thus that version of vengine was not safelisted yet.

Trusted vendor list may have been manually disabled in Defense+ Tasks > Advanced > Defense+ Settings General settings tab > Trust applications digitally signed by Trusted Software Vendors

Trusted vendors extends safelisting in case an application is digitally signed by a vendor listed in My trusted vendor list

In cases an application is not digitally signed (or in case is digitally signed by a vendor not listed in Trusted Vendors list) or in case Trusted vendor has been disabled application ought to be recognized by means of Comodo safelist which should be manually updated each time a new version of the same application is released.

D+ paranoid mode disables safelisting and trusted vendors thus applications will always generate alerts but the security considerations ought to mention if application is safelisted (eg safe application, or safe application signed by)