ORIGINAL POST
Trust files installed by trusted installers doesn’t work correctly when you disable “Detect installers and show privilege elevation alerts” in the Behavior Blocker settings. Best example to test and reproduce this is by using BurnAware, which i also used to reproduce this broken behavior.
Version:
CIS 6.0.264710.2708
Diagnostics report:
Not needed because it’s reproducible on all CIS 6 versions in existence.
CIS configuration:
Everything default except “Detect installers and show privilege elevation alerts” i have disabled
OS version:
Windows 7 SP1 64bit
Other security software installed:
None
DOESN’T FUNCTION CORRECTLY
Disabled “Detect installers and show privilege elevation alerts”
When executed, installer DOESN’T get sandboxed because it’s signed
burnaware_free.tmp a second later DOES get sandboxed
burnaware_free.tmp shouldn’t get sanboxed because it was created by a signed and trusted EXE, but CIS6 doesn’t take that into account when you have “Detect installers and show privilege elevation alerts” unchecked (disabled) in the settings)
FUNCTIONS CORRECTLY
Enable “Detect installers and show privilege elevation alerts”
HOW IT SHOULD BEHAVE:
When “Detect installers and show privilege elevation alerts” is disabled (just this and nothing else changed!):
When signed and whitelisted program is executed, user shouldn’t get any popups at all, program should be fully trusted and all the files installed by it automatically added to trusted files.
When unknown file is executed, it will get automatically sandboxed without any questions until manually moved to trusted files by user or simply waiting for so long in auto sandbox till it automatically gets whitelisted by Comodo and then automatically moved to trusted files by CIS itself. Most programs run perfectly fine even when sandboxed so this is acceptable.
SUMMARY
Why is such configuration of CIS important to me? I want to eliminate the last part where CIS asks a question to the user. But i don’t want to disable all notifications as that also disables antivirus popups and that is very annoying not seeing any popups when AV detects a malware file.
If the file/installer is signed or whitelisted i don’t want to be asked about elevated privileges and if the file is not signed or whitelisted i want it to get sandboxed without any questions. And this would work perfectly if disabling “Detect installers and show privilege elevation alerts” wouldn’t break the “Trust files installed by trusted installers” setting.
If you need any more info, please contact me because i really want to get this fixed so i can use CIS on all systems properly, the way i want and the way how it should work. This is the only mega bug that is preventing me from using CIS properly.
We would very much appreciate it if you would be kind enough to edit your report to put it in the standard format and add any additional information requested, as this will make it much easier for the developers to diagnose and fix the problem.
The reasons we need all the information in the format, though they may not seem directly relevant to the issue are explained here.
If you are able to do this we will forward this post to the format verified board, where it is more likely to get looked at by developers. You can find assistance using red links in the format and here. If you need further help please ask a mod. If you do not add the information after a day or two we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.
In the current process we will normally leave it up to you whether you want to make a report in standard format or not. However we may remind you if we think a bug of particular importance.
This is a rather complex bug so i reported it as it is. And even now i’m not sure if devs understand whats the real issue here. The whole chain of trust gets broken if you uncheck that feature just because you don’t want to be asked about privileged elevation.
We would very much appreciate it if you would be kind enough to edit your report to put it in the standard format and add any additional information requested, as this will make it much easier for the developers to diagnose and fix the problem.
The reasons we need all the information in the format, though they may not seem directly relevant to the issue are explained here.
If you are able to do this we will forward this post to the format verified board, where it is more likely to get looked at by developers. You can find assistance using red links in the format and here. If you need further help please ask a mod. If you do not add the information after a day or two we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.
In the current process we will normally leave it up to you whether you want to make a report in standard format or not. However we may remind you if we think a bug of particular importance.
If anyone would bother with the bug itself as much as you do reminding others to use some bug reporting format this bug would have been fixed during CIS6 beta. 88) All the info of your formatted report is here. Donno what else do you want or need.
Thanks very much for your issue report, which is much appreciated.
We have moved it to the non-format bugs board for the moment, because it is not in the standard format or too much of the information we normally need to replicate a problem and fix it is still missing.
We realize some people may not have the time to do an issue report in standard format, and therefore offer the option of a non-format report instead. But the problem is much more likely to be fixed promptly if you edit your first post to create an issue report which reflects the guidance in the Standard Format topic. (You can copy and paste the format from this topic). The reasons we ask for the information we do are given in this post.
You can get your report moved to the format verified issues board simply by ensuring that it reflects the guidance in the standard format topic, and PM’ing a mod who is active on the bug board.
Geez, no wonder things get overlooked, you’re copy pasting same thing billion times in the same topic…
It has all the info, cut the BS with formatting nonsense, this section isn’t screened by a robot that needs every letter and word in the correct line. 88)
Hi RejZoR,
The format procedure is set in place for a reason, imagine if every report was subject to different format.
How time consuming would that be for the developers to work with?
If we allow one non format report to be verified, then we would have to allow all no matter how good or bad they were.
Frustrations are understandable but please remember ‘Mouse1’ is a volunteer that has given up many man hours working solo and with staff in trying to help create better/easier formats, which in turn is creating better products.
Show some respect please and tone down a little.
Thank you.
If reports were machine screened i’d understand that, but they aren’t so enforcing some lame format makes no sense what so ever for as long as you describe the problem properly and post all the required info.
Which i did and by looking at proper “format”, mine isn’t all that much different. Another 2 months passed and still nothing happened. So whats the point bothering eh?
Another program update released and this stupid bug still ISN’T friggin fixed. Pathetic attitude from Comodo.
Reported it like 5 times since the CIS6 BETA (and that was during the BETA itself!) and it keeps on getting (intentionally?) ignored. WTF!?
THE BUG/ISSUE Can U reproduce the problem & if so how reliably?: Everytime If U can, exact steps to reproduce. If not, exactly what U did & what happened: If you uncheck “Detect installers and show privilege elevation alerts” because you don’t want CIS to ask you for elevated privileges, it breaks itself completely and keeps on completely ignoring entire TVL list even if apps are digitally signed and listed on TVL. If not obvious, what U expected to happen: If unchecked it shouldn’t ignore TVL/whitelist If a software compatibility problem have U tried the conflict FAQ?: No Any software except CIS/OS involved? If so - name, & exact version: No Any other information, eg your guess at the cause, how U tried to fix it etc: No
YOUR SETUP Exact CIS version & configuration: CIS 6.1 Build 2801, Internet Security Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: HIPS=Disabled, BBlocker=Partially limited, Firewall=Safe, AV=Enabled Have U made any other changes to the default config? (egs here.): No Have U updated (without uninstall) from CIS 5: No if so, have U tried a a clean reinstall - if not please do?: Have U imported a config from a previous version of CIS: No if so, have U tried a standard config - if not please do: OS version, SP, 32/64 bit, UAC setting, account type, & virtual machine used: Windows 7, SP1, 64bit, UAC=off, admin, VM not used Other security/sandbox software a) currently installed b) installed since OS: a) None b) None
Additional Info - BurnAware is in TVL. When the option is checked, BurnAware installs successfully, When the option is unchecked, BurnAware is sandboxed & installation fails.
Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.
We are sorry to trouble you further but there are some items of information missing or unclear in your post:
Could you list exact steps to replicate this problem, including exactly what happens to convince you that the TVL/whitelist is switched off
The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.
We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.
In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.