For Google Chrome, if I have cmd.exe embedded code detection enabled, I do occasionally see command-lines getting contained, though I can't reproduce it reliably. Try enabling the embedded code detection for cmd.exe if you haven't already and see if you can get any alerts when using chrome. A lot of legit apps use cmd, if chrome were to use some script in cmd then I think h c-l would come into play. Haven't used NVT so can't comment on it.
NVT ERP catches everything with the Vulnerables I have added. Google is trusted in NVT ERP. In Comodo, I do have cmd.exe and all the rest too enabled in h c-l selections. Also, I have all the embedded detections turned on. I suspect your security app browser extension could be causing you to see the alerts when opening Chrome->same issue I get. Qihoo has anti-keylogging support from the main a-v program for their web extension. This connection is what is flagged as embedded for me when opening Chrome. Comodo turned off some of the h c-l protections with one update, and these did stop for me. However, I wanted them all and determined it was worth the price of an alert from Chrome.
BTW, NVT ERP’s Vulnerables list does the same thing as h c-l, except that it alerts all c-l activity from vulnerables. The command line can then be individually whitelisted. NVT supports user wildcard changes to whitelist entries, so randomly named scripts that are the same script over and over can be dealt with that way. Only get the script once because of the wildcard entry that covers all of them. Obviously, this kind of hands on approach won’t be for Comodo, but I do feel there is an answer that doesn’t require user interaction with whitelisted command line rules. I’m sure we will see this soon enough. Something like OK, from this “Trusted” app->captured c-l text is identical to existing tempscrpt file->don’t alert. So maybe responsible app will have to be in the tempscrpt as a script dev note or something, who knows.
On the additional layer for unblock in the picture in the linked thread, I ran some scenarios on a simple “Unrecognized” file/app again tonight. This time I chronicled everything that happens. These cover the kinds of rules and actions from Comodo when one of the unblock mechanisms is invoked. Here they are:
Scenario 1 No Unblock
Run app XYZ.exe “Unrecognized”->Auto-containment alert->No unblock by user choice->no rules by Comodo->File rating stays “Unrecognized”->File is auto-recorded by Comodo in “Unblock Applications”->User chooses to unblock via “Unblock Applications”->After"Unblock Applications" unblock->File rating to “Trusted”->Firewall rule for Application XYZ.exe “Allow All Incoming and Outgoing Requests”/HIPs rule for Application XYZ.exe “Ask” to execute and “Allow” all other HIPs behaviors/Containment rule Application XYZ.exe Ignore if Application XYZ.exe is “Trusted”
Scenario 2 Unblock via Containment alert
Run app XYZ.exe “Unrecognized”->Auto-containment alert->User select “Unblock this application” on the Containment alert->File rating to “Trusted”->Comodo auto-creates Containment rule for for Application XYZ.exe Ignore if XYZ.exe is “Any” rating->No other rules->File is auto-recorded by Comodo in “Unblock Applications”->User chooses to unblock via “Unblock Applications”->After “Unblock Applications” unblock->File rating remains “Trusted”->Firewall rule for Application XYZ.exe “Allow All Incoming and Outgoing Requests”/HIPs rule for Application XYZ.exe “Ask” to execute and "Allow’ all other HIPs behaviors/Containment rule Application XYZ.exe Ignore if XYZ.exe is “Trusted” (same as after the “Unblock this application” allow)
Scenario 3 Unblock via “Unblock Applications” element
Run app XYZ.exe “Unrecognized”->Run app XYZ.exe “Unrecognized”->Auto-containment alert->No unblock by user choice->No rules from Comodo->File rating stays “Unrecognized”->File is auto-recorded by Comodo in “Unblock Applications”->User chooses to unblock via “Unblock Applications”->After"Unblock Applications" unblock->File rating to “Trusted”->Firewall rule for Application XYZ.exe “Allow All Incoming and Outgoing Requests”/HIPs rule for Application XYZ.exe “Ask” to execute and "Allow’ all other HIPs behaviors/Containment rule Application XYZ.exe Ignore if XYZ.exe is “Trusted” (same as after the “Unblock this application” allow)
Red indicates dangerous unblock of “Unrecognized”. It’s easy to see how the danger creeps into the decision making portion of these scenarios, where the red is in the bold area. User is often not even aware of what is happening when they unblock. With scenario 2 or 3, the unblocks, no matter what all three aspects of protection are turned off, irregardless of what the user would like. If user would still like HIPs or Firewall or whatever, well they are all off sorry :-[.
Focusing on these bold areas, it’s possible to see that if the rating were left at “Unrecognized” after using one of the two unblock methods, rules could be auto-created by Comodo that would turn off protection for any element the user wants off…even with file/app still at “Unrecognized”. This is possible. And this means a dialog for individual protection unblock could be created/added in “Unblock Applications”. Then the choice to “Unblock this application” located too conveniently for me on each Containment alert, could be replaced with instructions to use “Unblock Applications” on the widget or in the GUI->Tasks->General tab to unblock, where user could choose what to unblock. Even two or all three protections could be selected at the same time to unblock. This would be a huge improvement in user safety imo if the user had to use the “Unblock Applications” element to remove an “Unrecognized” from containment. The danger would be removed from the decision making process, because the process would be different, eliminating the danger. Specifically, this is achieved by removing auto-“Trust” from the unblock dialogs in Comodo. Also, other protections could be left in place. No trust no danger.
Anyway, sorry, I know this isn’t OPs main issue, which I really hope Comodo resolves quickly for the sake of devs out there. I really think with these two fixes the program will be malware invincible and also user mistake invincible too.