SQLserver.exe running as unknown, not BB'd, cannot be made trusted [M199] [v6]

A. THE BUG/ISSUE:

  1. What you did: Opened Killswitch SQLservr.exe running rating=unknown but not Behavior-Blocked, tried to make it trusted using right click add to trusted files
  2. What actually happened or you actually saw: Appended error message trust status did noy change.
  3. What you expected to happen or see: The service running trusted
  4. How you tried to fix it & what happened: Tried to make it trusted using Advanced settings ~ file rating ~ trusted files. It was added to trusted files, but killswitch rating did not change, even after stopping service and restarting it.
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)? : Not a software compatibility problem
  6. Details & exact version of any software (except CIS) involved (with download link unless malware): SQL server 2008 (Sql Server 2008, Management Tools = Basic, Language= 1033 Edition=Express version = 10.50.1617.0. Sysinternals sigcheck.exe. Both from from www.microsoft.com
  7. Can you make it happen again, if so steps to make it happen: Happens every boot if SQLserver Express 2008 is installed
  8. Any other information (eg your guess regarding the cause, with reasons): Basic sigcheck indicated certificate OK, but deeper one using sigcheck -i -e showed a certificate validity problem (see appended). Logs showed no attempt to look up the file in the cloud. Cause may be certificate revocation - I have Certsentry installed. Alternatively large file size ~ 60 MB.

B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Appended

  1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: Appended
  2. Screenshots illustrating the bug: Appended
  3. Screenshots of related CIS event logs: No relevant entries
  4. A CIS config report or file: Unaltered IS config, so not appended
  5. Crash or freeze dump file: Not appended
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Not appended

C. YOUR SETUP:

  1. CIS version, AV database version & configuration: CIS 6.0 Build 2674, Database version 14718, Internet security
  2. a) Have you updated (without uninstall) from a previous version of CIS: No uninstall then install using CIS 6.0 installer.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: HIPS=off, BB=partially limited, Firewall=safe, AV=Default
  6. OS version, service pack, number of bits, UAC setting, & account type: Win 7 Ultimate, SP1, x64, Uac=off, Admin
  7. Other security and utility software currently installed: Vmware workstation, Logmein, Clipmate, Raser keyboard configurator, Canon Network utility, Bluetooth configurator, Vmware, Filezilla server, WAR-FTP server, Routerstats, Acrobat, Comodo Ivault, FastStone capture
  8. Other security software previously installed at any time since Windows was last installed: None
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: Installed on production

Link to files on FTP server:

ftp://82.69.43.252/CisReport_v6.0.260739.2674_20121229-144436.zip
ftp://82.69.43.252/sqlservr.7z

Username and password as before. If you have forgotten them please consult the Mod’s Preview Board, Mod’s password sticky.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

The problem still exists, but has already been marked invalid in tracker. Early start processes are not sandboxed, and this one is consistent unlike the other autostart related one.

So resolved as invalid

Best wishes

Mouse