My concern was less about threat vectors (I can see the files are safe) than using this as a method to solve a problem with CIS. Just doesn’t seem right. How can a Trusted Vendors List be trusted when it is stored openly and transferable between users so easily?
I don’t have the answer to that. Normally no one would go and mess around with such things.
This looks like a bug in an update process, not a bug in CIS, so tramsferring to AV (vendors are downloaded with AV updates) help for the moment. If identified as a CIS bug please ask a mod to return it here.
Best wishes
Mouse
I don’t think this is an AV bug, I have the problem and I don’t even have AV installed, just the Firewall/D+.
FYR, I am also using this configuration.
Hello Everyone,
We investigated the problem and here is explanation as what happened. For few hrs on Wednesday, cloud started returning Absent for all vendor look up and as CIS does scheduled cloud lookup for existing vendors to ensure if any is removed from cloud it is removed from local list; it ended up removing vendors from local list.
So in case any existing user who had been affected due to this bug, sees a new signed application, which is not safe by signature but only through trusted vendor lookup and if live cloud lookup fails, he may see alert.
While we are contemplating in providing update to local vendor list via program updates, any one willing to have list updated, can download master list via following URLs:
Steps for replacing:
-
Go to CIS installation folder
%PROGRAMFILES%/COMODO\COMODO Internet Security\database\ -
Rename ‘vednor.n’ and ‘vendor.sha’ and replace with following respectively:
http://download.comodo.com/av/tvl/vendor.sha
http://download.comodo.com/av/tvl/vendor.n -
Re-start system and you should see complete list in Defense±->Computer Security Policy–>Trusted Software Vendors
Sorry for inconvenience caused.
Thanks
-umesh
Thanks for the explanation Umesh!
Can we assume this won’t happen again?
We have taken steps to avoid this in future.
Thanks
-umesh
don’t I describe the same thing as umesh?
Hi Umesh,
This vendor name looks strange (see attached image).
Should it be Uniwersytet Mikołaja Kopernika?
In vendor.n: Uniwersytet MikoÅaja Kopernika
Thanks. 
[attachment deleted by admin]
I have a very different list from you, installed new yesterday when I reinstalled CIS.
[attachment deleted by admin]
Not all vendors are included in the installer. If you download the files in Umesh’s post, you get this list: http://pastebin.com/xzTjTuvF
and if you dont update with this files, the whistlist isnt efficient right ?
so this problem will NOT be solved automatically?
the only way is to download the list or reinstall?
Kinemitor,
no need for reinstalling in case you followed the instruction from my alternative solution or what umesh described.
Just do what umesh wrote; it’s better and less complicated than alternative solution that I created with JoWa’s help:)
Regards,
Valentin
thats not the point…
the point is
if case of a NO answers, many user will still have bad days, and get angry and simply uninstall cis permanently.
and cause of this problem i will need to “fix” the antivirus in some friends pc with what we call the “normal user”
this can be a big drowback for comodo in my point of view
this problem NEED to be fixed automatically
This should have been a one off situation:
However since several of us regular forum members have experienced this problem, there are probably thousands of regular CIS users out there who have no idea why their CIS has suddenly become very intrusive. Hopefully there will be a way to restore their Trusted Vendors automatically before they get fed up and uninstall.
+1 !ot!
if people have homepages please put the solution there. The link to the alternative solution is on my signature. This what I can do to help.