Random batch file nuisance

Using the free Firewall Security only (all other options disabled) I am very grateful
Comodo for years offering me this free outbound control for private use.

Even so, the recent version drives me nuts on a certain issue it never did before >:-D

I am using Winff to convert video files which creates internal batchfiles random numbering.

Each time Comodo shows up and I have to click always four times to get single file
converted e.g.:

1st
ff160408092908.bat “is trying to to execute conhost.exe”.

2nd
ff160408092908.bat “is trying to execute chcp.exe”

3rd
ff160408092908.bat “is trying to execute ffmepg.exe”

4th (on ffmpeg’s finish)
ff160408092908.bat “is trying to modify a protected file or directory”

It is pointless to allow them as trusted application because the batch number
changes on the next session anyway.

Comodo is doing fine to tell me if a batch file is trying
to execute commands security but should leave its fingers
off when they derive from an already trusted mother application.
For some reason Comodo does not recognise them as child processes.

Please do something about it, like adding a wildcard filter
e.g. ft?. or so.

Damian

You can try giving the parent application the “Installer/Updater” ruleset in HIPS, or you could actually use wildcards since CIS do support them. :wink:

To use wildcards add one bat to HIPS application rules then modify the file path in the rule to replace the part you want with wildcards, I’d recommend [path]\ff*.bat if they all have the “ff” part in common.

cheer for your response but to be honest - I have no idea what you
are talking about. I even don’t know what HIPS is. Putting it on to google
gets me the bony thing on humans.

Maybe you can provide me a version for dummies?

Damian

The alerts you are getting are from the HIPS (Host Intrusion Protection System)

Below are two ways to deal with this issue.

To change the parent application to Installer/Updater:

[ol]- Open the Advanced Settings

  • Go to Security Settings > Defense+ > HIPS > HIPS Rules
  • Look through the list to see if the parent application is in the list
  • If it’s in the list then right-click it and click “Edit” then make sure it’s set to “Use Ruleset:” and then the drop-down box is set to “Installer or Updater”
  • If it isn’t in the list then right-click in the list and click “Add” then in the new window click “Browse” and browse to the application then when that’s done make sure it’s set to “Use Ruleset:” and then in the drop-down box “Installer or Updater” then click OK.[/ol]

To use wildcards to allow the bat file:

[ol]- Open the Advanced Settings

  • Go to Security Settings > Defense+ > HIPS > HIPS Rules
  • Right-click in the list and click “Add” then click “Browse” and find the bat file
  • Now make sure “Use Ruleset” is set and “Allowed Application” is selected
  • Click in the “Name” field and replace \ff160408092908.bat with \ff*.bat (Assuming “ff” is always used in the beginning of all the bat files)
  • Now click OK[/ol]

Wow Sanya… I am stunned!

What a brilliant guide - did exactly what you’ve written on the tin.

Moreover, in almost 25 years of ‘internetting’ I never came across
someone like you not counterquestioning me but sticking to precision.

Hope Comodo is paying her/his hero decently.

Wish you all the best.

Damian

Just another user like you. :wink: Glad I could help.