Strange DLL errors with CIS and Applocker [V6][M182]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

A. THE BUG/ISSUE: Virtual kiosk does not run (error attached) or only runs once and next time errors when I have applocker DLL control on.

The problem appears to be due to DLL control in Applocker. I use this as CIS does not control DLLs well and it has never caused me any problems.

Something is making it load DLLs from strange paths which are being blocked. At one point this spread to other programs and many 64 bit programs crashed. Turning off DLL control in applocker makes everything work. I have attached a sample error message from the event log.

I also have had a load of these errors suddenly vanish from the event log as if the writing had been virtualized and then cleared. Only the virtual kiosk appears to be running virtualized.

  1. What you did: Ran virtual Kiosk
  2. What actually happened or you actually saw: It did not run
  3. What you expected to happen or see: It should run
  4. How you tried to fix it & what happened: Reboot and retry and retry with Applocker off
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?:
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): Microsoft Windows 7 SP1 64 bit
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Run virtual kiosk
  8. Any other information (eg your guess regarding the cause, with reasons):

B. FILES APPENDED. (Please zip unless screenshots).:
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): attached

  1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues:: attached
  2. Screenshots illustrating the bug:attached
  3. Screenshots of related CIS event logs:
  4. A CIS config report or file: attached
  5. Crash or freeze dump file: N/A
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version:

C. YOUR SETUP:

  1. CIS version, AV database version & configuration: 6.0.260769.2674, proactive config
  2. a) Have you updated (without uninstall) from a previous version of CIS: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Selected Proactive
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: Safe
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 SP1 64 bit any user UAC on max.
  7. Other security and utility software currently installed:None
  8. Other security software previously installed at any time since Windows was last installed:Older versions of CIS
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]:No

[attachment deleted by admin]

#2

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

#3

Very interesting report as always.

There is a plan for CIS to change DLL loading priorities, but I thought that had not been implmented yet.

Could you add the details of the tests you carried out in applocker etc and what the results were?

Many thanks

Mouse

#4

the only test I did in applocker was to change the DLL control to audit only and then virtual kiosk ran OK but the disallowed DLLs were still logged.

#5

Applocker rules attached.

[attachment deleted by admin]

#6

I have just tried to run a program sandboxed and I have the same problem. It is blocked by applocker stopping DLLs when it should not be. Exactly the same errors occur as trying to run virtual kiosk. Setting applocker to audit only for DLLS allows Firefox to run fully virtualised but it freezes on many web sites. I never had any problems like this with CIS V5.

#7

Not fixed in 6.1 build 2801. Virtual kiosk and sandbox are not usable with applocker DLL rules enabled.

#8

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

#9

This is not fixed in the public 6.2 release.

#10

Thank you for checking this.

I’ve updated the tracker.

#11

The devs have not been able to reproduce this. Can you please provide more information, including a full Dump using KillSwitch while the issue is occurring.

Also, can you please check and see if this still happens for CIS version 6.3.294583.2937?

Thanks. PM sent.

#12

The devs have not been able to replicate this. Also, as there has been no response to the request for further information, they have assumed that this is fixed for CIS version 7.0.313494.4115. I will therefore move this to Resolved.

If this is still not fixed for you please both respond to this topic and send me a PM (including a link to this bug report).

Thank you.