Repeating Unlimited Access Alerts [Issue:#225]

  1. Your Operating System (32 or 64 bit) and Service Pack revision : win xp sp3 32bits / cis V5.0.159634.1091 RC
  2. Other Security and Utility Software Installed : MBAM free / Hitman pro
  3. Step by step description to reproduce the issue : as described here : launch of an unknown safe app, D+ keeps asking for “unlimited access granting” even if the app is added to “my safe files” - see here :
    https://forums.comodo.com/beta-corner-cis/cis-keep-asking-for-unrecognized-software-partially-solved-t60750.0.html
  4. How you tried to resolve the problem : treating this file as “instalation program”
  5. Upload Memory Dumps on crash if you encounter any : none
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful
  8. The CIS Security profile your using, and if you imported a previous version of the config : proactive security

Hi cvsa

Do you really mean V5.0.159634.1091 RC? Since that’s a fairly old version & in addition, since the CIS 5 final has been released today… there is no longer a CIS BETA/RC.

sorry i didn’t change the original version in which the problem appeared.

I’m now running the final 5.0.162636.1135 … and it’s still not resolved… even by pressing the new button (always trust this file/package). The popup keeps coming back

No quite clear from your post - have you added it under Computer Security Policy/D+ rules as an installer/updater?

Does the file exist? Or is the computer trying to run an invalid autorun? Is it an autorun?

Could you identify the app involved please? And where it can be downloaded from.

Please post your logs and a screenshot of the active processes list after UA is granted.

Best wishes

Mouse

hi mouse1, this is the file i already sent you via pm 1 month ago.

this is what you wrote then : "OK I can replicate using the supplied software. Have added app and steps to replicate to mods bug tracking system. Not sure what prioroty this will have, but we have given it the best chance…

Many thanks to cvsa. (Good thing I speak some French!)

Mouse"

Thanks CVSA, so many posts - afraid I had forgotten. Will update the issue to show it is live against 1135 public release - I currently have it showing still live at RC1. No need to post any more info.

The vet software - I remember now.

The issue number is 225, and it is fully documented on the Bugzilla system.

Best wishes and thanks for your past help.

Mouse

The same thing is happens here. I solve this problem disabling sandbox, even i dont get the option to modify it to update/instalation

did you try to add your file’s process to D+ / strategy of security → “treat as installer” . it worked for me.

I´ll do it and post the result

worked exactly as you said. But like my aplication have more the one executable i need to classify the entire folder.

So it works if you treat it as an installer/updater, but not if you say ‘always trust this file/package’ on the unlimited access alert, is that correct?

If so it’s very strange… :slight_smile:

yes it’s correct. Puran defrag, another soft was in the same case but “always trust this file/package’” worked for this soft. :-TU

Unfortunately, my soft vetopartner doesn’t react the same way… is it because it uses firebird server ?

OK so vetopartner still does NOT work if you define it as an installer updater?

Sorry for my previous formulation : if i define vetopartner as “installer/updater” it works.

it does NOTworks :

  • if I define it as “trusted application”
    or
  • if I tick “always trust this file/package”. :wink:

FAIO mods & devs: This report predates the new format, and is in old format, so allowed into approved bugs.

Block all requests is not ticked have verified from config file.

The bug/issue
I started Photoshop CS5 64bit from “C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe”
Defense+ pops up an Alert that Photoshop.exe could not be recognized and requests unlimited access to my computer. In Security Considerations it says, that “Adobe Photoshop CS5 is NOT digitally signed”. I mark the checkbox with Always trust this file or package and click on Allow.

Comodo brings up this window EVERY TIME I start Photoshop. It seems not to remember, that I “always trusted” that file.

When I look in my Defense+ settings into the “Trusted files” section I can see that “C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe” has been added as trusted file.

When the Comodo Defense+ Alert window pops up and I do nothing, the alert closes again after like 1-2 minutes and Photoshop starts up!

Workaround: When I disable the Sandbox in the Defense+ Settings I can start Photoshop normally and I am not asked again if I want to trust it.

Your set-up

  1. CIS version, AV database version & configuration used: 5.0.162636.1135, AV database: 6244
  2. Defense+ and Sandbox OR Firewall security level: Defense+ Safe Mode
  3. OS version, service pack, no of bits, UAC setting, & account type: Windows 7 64bit
  4. Other security and utility software running: None
  5. Virtual machine used (Please do NOT use Virtual box): None

It seems Comodo automatically sandboxes the Photoshop.exe process even though it is defined in Trusted Files. Somehow this sandboxing confuses the “Always trust this file or package” setting.

[attachment deleted by admin]

Can you see if Photoshop is at the same time in Unrecognised Files. If so remove it from there.

Thanks for your report.

This has already been reported. I will merge with the already reported bug

Best wishes

Mouse

Hi,

Possbile bug (description):

CIS doesn’t remember my selection while open unrecognize program and check “always trust this file or package” at least with this application.

Application details:

Application name: WorldWide Telescope (WWTExplorer.exe)

Application version: 2.7.19.1

Download link: http://cdn.worldwidetelescope.org/beta/wwtsetupapogeeb.msi

How to reproduce the problem:

  1. Download and install the application.

  2. Run the shortcut, check the “always trust this file or package” and click on allow.

  3. Close the application.

  4. Open again, in this step I see again the CIS alert.

Attached screenshot of the alert.

My System and configuration:

Win7 x64 fully updated default setup with this changes: DEP from only system services and programs to every program and services, firewall disabled, windows defender disabled; with CIS v5.0.163652.1142 (signature database version: 6443) Default setup (not updated from other previous version).

regards

[attachment deleted by admin]

I am running Windows 7 x64 and I can confirm that I get the same results.

Also, when prompted I allowed the firewall alert and told it to always remember.

I have CIS configured as described here. Also, I am part of a network so I configured it as described in my article.