Services running verdict=unknown, BBlocker=disabled in default confg [M188] [v6]


  1. What you did: Opened Killswitch
  2. What actually happened or you actually saw: Vmware services running rating=unknown but not Behavior-Blocked. (Killswitch says sandbox=disabled, there are no files in advanced settings ~ File Rating ~ Unrecognized Files).
  3. What you expected to happen or see: These services running BB’d
  4. How you tried to fix it & what happened: No apparent fix for lack of sandboxing, but, unlike SQL server (see other bug report), the files could be made trusted using right click in Killswitch
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)? : Not a software compatibility problem
  6. Details & exact version of any software (except CIS) involved (with download link unless malware): Vmware workstation downgraded after license expired to Vmware player v5.0.1
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Happens every boot if Vmware is installed. Simply reboot and open Killswitch to see the same thing.
  8. Any other information (eg your guess regarding the cause, with reasons): The processes are invoked in the following registry key: HKEY_LOCAL_MACHINE\System\ControlSet001\Services. The services are unsigned according to sysinternals sigcheck, and there is no cloud lookup recorded in the D+ logs

B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Appended

  1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: Appended
  2. Screenshots illustrating the bug: Appended
  3. Screenshots of related CIS event logs: No relevant entries
  4. A CIS config report or file: Unaltered IS config, so not appended
  5. Crash or freeze dump file: Not appended
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended


  1. CIS version, AV database version & configuration: CIS 6.0 Build 2674, Database version 14718, Internet security
  2. a) Have you updated (without uninstall) from a previous version of CIS: No uninstall then install using CIS 6.0 installer.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: HIPS=off, BB=partially limited, Firewall=safe, AV=Default
  6. OS version, service pack, number of bits, UAC setting, & account type: Win 7 Ultimate, SP1, x64, Uac=off, Admin
  7. Other security and utility software currently installed: Vmware workstation, Logmein, Clipmate, Raser keyboard configurator, Canon Network utility, Bluetooth configurator, Vmware, Filezilla server, WAR-FTP server, Routerstats, Acrobat, Comodo Ivault, FastStone capture
  8. Other security software previously installed at any time since Windows was last installed: None
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: Installed on production

Link to files on FTP server: files.7z

Username and password as before. If you have forgotten them please consult the Mod’s Preview Board, Mod’s password sticky.

Was VMware also listed in the Unrecognized Files section of CIS?

Also, does this behavior reproduce each time VMware is running and you check it in KillSwitch?

Good question, no, edited above

Also, does this behavior reproduce each time VMware is running and you check it in KillSwitch?
As per 7 it reproduces every boot, until they are made trusted. They are automatic start services.

If you are happy with the report could you transfer, please, TA :slight_smile:


Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

Already marked as resolved as invalid in tracker, so can be retired