I know Comodo is free and all and I do appreciate that! When it works CIS is better then MANY paid security solutions out there, I would certainly start paying if you guys start maintaining …
The following are only major bugs reported and “fixed”. They where real show stoppers. I menton these to make a point. That CIS is falling behind. Default rules are not being updated by you guys resulting in native Windows components being blocked. At the end of this post is the reason I wrote this. Yet another important Windows future is disrupted by CIS.
In total that’s 4 big nasty bugs.
#1 (Fixed)
First real issue I encounter long ago was when CIS was blocking the NVIDIA drivers “express install” mode. This was 2016.
Hi,
so I'm unsure if this is know or not. But there is a bug with CIS 8.4.0.xxxx, unsure how long it's been there. At least five NVIDIA drivers back.
I say NVIDIA drivers because the bug is that CIS hinders the use of the “express install” mode. Casing the installation of the Graphics driver to fail (express install: An option available within the driver that lets you keep your old settings and what not)
I’ve been blaming NVIDIA for this, for a long time. (Sry NVIDIA)
A lot of debugging has been done to conclude that CIS is to fault.
not sure if its fixed or not, I’ve simply disable the option that cases it.
#4 (Unknown)
This one I haven’t reported yet. But it is the reason for writing this post. The “C:\Windows\System32\SIHClient.exe” (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it’s time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.
Sihclient.exe is a file that is responsible for automatic Windows updates
Sihclient.exe is an executable that runs on the Windows operating system and is created by Microsoft. The part of the name SIH stands for Silent Install Helper, which helps to handle files that deal with automatic Windows updates. By default, it is located in C:\WINDOWS\System32\SIHClient.exe and shows up in the Task Manager depending on when it is scheduled to do so. While its initial form is harmless, many users reported that their Firewall had blocked the Sihclient.exe due to it being recognized as a virus. In most cases, this diagnosis is false positive, but users should still be wary if their AV engine detected the executable as malware
#3 (Unclear)
2019 yet another show stopper. CIS causes System Restore to fail
Hi blackkatt,
Please update CIS to the latest version 12.0.0.6882 and check whether the system restore was working properly. If the problem still exists provide the logs using our given tool.
Check your inbox for steps to run the tool & collect the logs.
[b]#4[/b] (Unknown)
This one I haven't reported yet. But it is the reason for writing this post. The "C:\Windows\System32\SIHClient.exe" (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it's time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.
That’s all 8)
Hi,
Check if “Trust files installed by trusted installer” is enabled in File rating settings.
Steps - Settings → File rating → File rating settings
Also share the file “Sihclient.exe” that was blocked by CIS to us.
#4 (Unknown)
This one I haven't reported yet. But it is the reason for writing this post. The "C:\Windows\System32\SIHClient.exe" (explanation below) is blocked. Even at custom ruleset. So my point here is this. Comodo, you guys. Proud yourself for being very good at what you do. And in most cases I agree. So it's time to dedicated some time to update CIS so that important futures as this and from the past is not disrupted by CIS.
Yes during startup if any application tries to make any outgoing connection attempt before the CIS tray/UI is loaded, the firewall will block and log the attempt. I think it has been that way for awhile but they added the logging of it instead of silent blocking. Nevertheless I submitted the issue into the mod tracker but I haven't yet had any confirmation if it is indeed a bug or it is by design.
I’m using the default settings, so yeah. “Trust files installed by trusted installers” SIHClient.exe is also marked as “rating, trusted” and have already been submitted.
Do you want me to share a native Windows file, digital signed by Microsoft? makes no sense but OK. Here you go…
Not sure if CIS tray/UI was loaded or not when it was blocked. But it was blocked many, many times. so during the first and last block the CIS UI should have been loaded =)
This latest event only straightens my point that Comodo is falling behind. In this case CIS ask to allow/deny the “Windows operating system” access to the internet. Looking up the IP it belongs to Microsoft. “Windows operating system” aka “system” is a default group rule that includes two rules
“Allow System To Send Requests If The Target Is In [Home #1]”
“Allow System To Receive Requests If The Sender Is In [Home #1]”
So in other words. There isn’t any default rules to handle a request like this. So like I’ve been saying, CIS needs an update… :a0
All of these (and more) should be added to the default Firewall config/File Rating/File Groups Under “Windows System Applications” as they all have the same ■■■■ rule “Allow IP Out From MAC Any To MAC Any Where Protocol Is Any” and are native to Windows 10. :-TD
Also, one example that does not work %windir%\System32\smartscreen.exe (which is added to the above group) because as you can see below I’ve been asked to create a rules for that one anyway…
I would also like to know how to fastest add these myself in bulk?
These are custom rules. They all have the same rule. They should all be added to the default config.
There is no need to add those to the WSA file group as all of those are trusted rated and won’t be blocked by the firewall if you have it set to safe mode. If you are using custom ruleset mode, then you need to deal with using such mode by either answering the alerts or setting up the rules in advanced.
I’m using this mode because CIS sometimes feels like blocking native Windows components as discussed before. Therego I feel my request is valid.
I’ve already added %windir%\System32\smartscreen.exe to the File Rating/File Groups but I’ve been asked to create a rules for that one (and others) anyway…
is used for exploits, in windows 7 and windows 10
==================================================================
Comodo Internet security protect and ask output in firewall
Are you sure this isn’t when you start the system? You’re running pretty much the applications I am in that shot and they’re always in the log on startup - before CIS ‘activates’. If you check the Task Manager after startup, you’ll find they are actually running
Like I said before, any application that attempts an outgoing connection request prior to CIS being fully loaded, will be blocked by the firewall. These blocks do not affect the operation of said applications, so you can really ignore these blocks.
And like I said before, this is not at startup. Everything already fully loaded. Stop blaming everything on something else and fix it instead.
And let’s say it is like you said. Then everyday I would still have to manually remove from the Unblock Application so either way it’s a problem.
