Some portable internet browsers are granted as trusted installers [M1368]

1. The full product and its version:
CIS beta

2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Win7x86SP1 (VMware), UAC is enabled

3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Configuration: Proactive Security
No changes

“Do not show antivirus alerts”: disabled

Safe Mode
“Create rules for safe applications”: disabled

Auto-Sandbox: Enabled
Firewall: Safe Mode

4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:

5. Other Security, Sandboxing or Utility Software Installed:

6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:

1: Download and install some portable browser:

2: Run it and notice that its launcher has rating “Installer or Update”

3: Download any executable file and run it directly by the browser

4: Take notice: unrecognized program is running without restrictions

7. What actually happened when you carried out these steps:
The privileges “Installer or Update” was applied to internet browser

8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
Applications such as PortableApps should not be granted as installers

And in general no application should be granted as installer when it doesn’t reuqire administrator privileges to run (!)

9. Any other information:
It would be useful to have an option for suppressing installers privileges. It is described in the wishlist.

In the version CIS 7 users have had a method to disable these privileges in case they are undesirable. In the version “CIS beta” that method doesn’t work. This problem was described formerly.

[attachment deleted by admin]

Да уж косяков у Comodo с портативными браузерами полно :‘( :’( :‘( :’( :‘( :’(

Вы знаете еще какие-нибудь? *

  • Do you know any other problems with portable browsers?

Dear kibinimatik

Yes I see the problem.

Let me think this through a bit and get back to you later.

I think what may be happening is that because the launcher is a trusted file and needs to run other files it is being granted installer updater privs.

Meanwhile could you please post your active process list or Killswitch display while a portable browser, launched from a launcher, is running an unrecognised file?

Just to check if this is happening after a post browser installation reboot? Please check if you can. (I realize this is a portable app, but maybe the launcher is doing something special on first run)

Many thanks


Actually I think you have supplied enough information to move to format verified, thanks.

But what I have requested would be useful confirmation of my understanding if you can manage it

Kind regards


This vulnerability has appeared with the version too.

This bug opens the door to bypass Comodo’s HIPS, Auto-Sandbox and Antivirus together.
I have attached an example in which the launcher of FirefoxPortable is used to run an unrecognized program with trusted installer’s privileges.

[attachment deleted by admin]


The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version and let me know if this is fixed on your computer with that version.

Thank you.

It is not fixed.
With BETA too.

[attachment deleted by admin]

Thanks for letting me know. I have updated the tracker.

This also applies to the browser Opera 29:

Hi kibinimatik,

Please check with version <>.

Thank you.

This has been fixed, but only partially.
In the version CIS any files named “OperaPortable.exe”, “FirefoxPortable.exe”, “GoogleChromePortable.exe” are not taken for installers (when they are smaller than 40 MB). So these portable browsers can be used safely.


  1. When the launcher of portable browser is renamed by user, it get installer privileges.

  2. Hackers can use renamed launchers of portable browsers to bypass CIS.

  3. Some other portable applications are taken for installers, e.g. FreeCommander XE Portable.
    Such applications are dangerous to CIS.
    Any file created by them get trusted. Any file started by them runs without restrictions.

[attachment deleted by admin]

Can confirm on renaming the portable browser launchers does grant them Trusted/Install rights and freecommander portable executed as is will also have Trusted/Installer rights.

[attachment deleted by admin]

I’ve updated tracker data.
Thank you.

It is fixed in the “leaked” CIS Many thanks to developers!

But… before the final release it is premature to celebrate.

In that case, I will move this one to “Resolved” section.
Thank you.