Services.exe Impossible To Handle

why can’t i run services.exe in custom policy under paraniod mode ??? I set it to ask for protected registry keys, device driver’s installation and run an executable but no, has a mind of it’s own to do what it likes willy nilly.
every release is getting worse and worse since v3 (ie the hips part) come on comodo get back on it and fix up.

Is the rule for services.exe somewhere under the All Applications rule? Then move it up to a place somewhere above the All Applications rule.

When it is under that rule it will follow the rule set by the All Applications rule.

Yes the rule set for services is above the all application rule. Can you test for your self and get back to me i’ve tested on two different machines and reproduced the same error. Also why is the trusted file group getting populated in paranoid mode.

Did you upgrade to CIS 5.4

Please check if you have a entry for services.exe in the preset group Windows System Applications.


Your right dennis it was in the windows system application group but after removing it, custom policy is not holding it just adds it’s own entry when ever there is a alert. looking at the log under configuration changes it seems to go into auto learn mode and add entry’s to my custom policy with out a pop up and asking me which should not be the case when in paranoid mode.

[attachment deleted by admin]

Can you show a screenshot of the Defense + Rules to see where services.exe is?

On a side note. I sent a pm to egemen asking for a comment on the double rule for services.exe:

Here you go ericJH screenshot for you.

[attachment deleted by admin]