Trusteer Rapport prevents IE 9 running fully virtualised [M197] [v6]

With Trusteer Rapport running IE 9 will not start properly either in the Virtual Kiosk or when sandboxed Partially Limited.

A. The bug/issue

  1. What you did: Added IE9 to the sandbox (fully virtualized), also added Comodo Dragon as well.
  2. What actually happened or you actually saw: IE9 does not start properly. It will start after a minute or so but is then unresponsive. Dragon starts and runs normally.
  3. What you expected to happen or see: I expected IE9 to start
  4. How you tried to fix it & what happened: Shutting Rapport down fixes the problem. IE9 then starts normally when sandboxed and in the Virtual Kiosk.
  5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: N/A
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): Trusteer Rapport, Emerald Build 1207.40. Internet Explorer 9.0.8112.16421
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Always reproducible. Start Rapport, start Virtual Kiosk, start IE9.
  8. Any other information (eg your guess regarding the cause, with reasons): Rapport generates “Attempt to alter function CreateProcessA Blocked” and “Attempt to alter function CreateProcessW Blocked” error messages in it’s log. My guess is that Rapport is somehow interfering with the operation of the sandbox and/or Virtual Kiosk.

B. Files appended. (Please zip unless screenshots).
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues): Attached

  1. Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active process list. If accessible, required for all issues: KillSwitch attached
  2. Screenshots illustrating the bug: Not required, IE9 eventually starts but is unresponsive
  3. Screenshots of related CIS event logs: Attached
  4. A CIS config report or file. N/A
  5. Crash or freeze dump file: N/A
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version. Attached

C. Your set-up

  1. CIS version, AV database version & configuration used: See CISVersion.jpg. Proactive Security config used.
  2. a) Have you updated (without uninstall) from from a previous version of CIS: No, uninstalled 5.12 and rebooted before installing 6
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: N/A
  3. a) Have you imported a config from a previous version of CIS: No, created new config from scratch in 6
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: D+/HIPS= default, ASB/BB= Dragon, VLC, IE9 sandboxed (fully virtualized) D:\Users\Downloads folder excluded from virtualisation, Firewall = Custom rules for Skype and uTorrent added otherwise default, AV = default
  6. OS version, service pack, number of bits, UAC setting, & account type: Win7 SP1 + all updates, 32-bit, UAC off, Administrator account.
  7. Other security and utility software currently installed: Trusteer Rapport, Malwarebyte’s Antimalware scanner (free version).
  8. Other security software previously installed at any time since Windows was last installed: None (recent re-install of Windows7, downgrading from Windows8 ).
  9. Virtual machine used (Please do NOT use Virtual box): None, run natively.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


Thank you :slight_smile:

If it helps any I’ve since tested the latest versions of Firefox and Chome and they won’t start properly either when fully virtualized with Rapport running. Dragon works ok because it doesn’t use Rapport.

Thanks for the update much appreciated


Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

This bug is fixed in CIS 6.1.276867.2813

Thank you!

Already marked fixed in tracker thanks.