This bug report is for CCE, which is bundled with CIS.
I run Comodo Autorun Analyzer and select the option to “Hide Safe Entries”. The problem is that two files which are confirmed to be in Comodo’s whitelist are listed as Unknown.
A. THE BUG/ISSUE:
What you did:
I open CCE and then open Comodo Autorun Analyzer. I check the option to “Hide Safe Entries” and let it complete its scan.
What actually happened or you actually saw:
After the scan all files but two are listed as Trusted and thus not shown. However, I received confirmation from Comodo in this post that the two files are actually in Comodo’s whitelist.
What you expected to happen or see:
I had expected that because the two files are in Comodo’s whitelist that they would be rated as Trusted and therefore not shown.
How you tried to fix it & what happened:
NA
If a software compatibility problem have you tried the compatibility fixes (link in format)?:
NA
Details & exact version of any software (except CIS) involved (with download link unless malware):
NA
Whether you can make the problem happen again, and if so precise steps to make it happen:
This happens every time I let Comodo Autorun Analyzer analyze my computer and hide the trusted files.
Any other information (eg your guess regarding the cause, with reasons):
It’s possible that this is a cloud issue, but I’m not sure. By the way, Valkyrie links to the two files in question can be found here. Also, I checked again and the SHA1 of the files listed in Comodo Autoruns does still match the SHA1 of those Valkyrie reports.
B. FILES APPENDED. (Please zip unless screenshots).:
A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues):
Attached.
Screenshots of the 6.0 Killswitch Process Tab (see Advanced tasks ~ Watch Activity) or 5.x Active Process List. If accessible, required for all issues::
Attached.
Screenshots illustrating the bug:
Attached.
Screenshots of related CIS event logs:
NA
A CIS config report or file:
NA
Crash or freeze dump file:
NA
Screenshot of More~About page. Can be used instead of typed product and AV database version:
Information provided below.
C. YOUR SETUP:
CIS version, AV database version & configuration:
Comodo Internet Security Version 6.0.260739.2674
Database 14831
a) Have you updated (without uninstall) from a previous version of CIS:
No
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
NA
a) Have you imported a config from a previous version of CIS:
No
b) if so, have U tried a standard config (without losing settings - if not please do)?:
NA
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
No changes have been made to Comodo Autoruns Analyzer (besides checking the option to “Hide Safe Entries”. Also, I’ve seen this same behavior for Comodo Autoruns Analyzer regardless of the configuration of CIS.
Defense+, Sandbox, Firewall & AV security levels:
NA
OS version, service pack, number of bits, UAC setting, & account type:
Windows 7 x64 (Service Pack 1); UAC is disabled
Other security and utility software currently installed:
Just Comodo System Utilities and CCleaner.
Other security software previously installed at any time since Windows was last installed:
No
Virtual machine used (Please do NOT use Virtual box)[color=blue]:
Not a virtual machine.
Done. However, I originally chose not to attach a config file as at the moment I have altered my config from default. However, as noted in my bug report I have seen this behavior regardless of the config of CIS. That said, I’ve now attached a config file.
I just wanted to make it obvious to Comodo devs that this bug appears to be independent of the configuration of CIS.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
This bug still exists in version 6.0.264710.2708. Hence I am adding a new post with the new format.
A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic title, NOT here.
Can U reproduce the problem & if so how reliably?:I can reproduce the problem every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened:To reproduce this all I have to do is go to CIS and open CCE. Then I open Comodo Autoruns Analyzer. I then check the option to “Hide Safe Entries” and wait until it has categorized every file.
If not obvious, what U expected to happen: After the scan all files but two are listed as Trusted and thus not shown. However, I received confirmation from Comodo in this post that the two files are actually in Comodo’s whitelist. Valkyrie links to the two files, for testing purposes, can be found here. Thus, they should have been hidden as well.
If a software compatibility problem have U tried the conflict FAQ?: Not a software compatibility.
Any software except CIS/OS involved? If so - name, & exact version: Just the version of CCE bundled with CIS.
Any other information, eg your guess at the cause, how U tried to fix it etc: I’m not sure.
Always attach - Diagnostics file, Watch Activity process list, (dump if freeze/crash). If complex - CIS logs & config, screenshots, video, zipped program (not m’ware) I have attached a screenshot of the two files shown in Comodo Autoruns Analyzer.
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- CIS version & configuration: CIS 6.0.264710.2708. Database 15112. Default configuration.
Have U made any other changes to the default config? (egs here.): Everything is default.
Have U updated (without uninstall) from a previous version of CIS: No, it was a clean reinstall.
[li]if so, have U tried a a clean reinstall - if not please do?: NA
[/li]- Have U imported a config from a previous version of CIS: No
[li]if so, have U tried a standard config - if not please do: NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, & VM used: Windows 7 x64 (Service Pack 1), UAC is disabled, administrator account, not a virtual machine.
Other security/sandbox software a) currently installed b) installed since OS: None.
[/ol]
W8 x64 CIS 6.0.264710.708
Non default config with fully virtual enabled
I am also seeing the autorun entry
-\Microsoft\Windows\NetTrace\GatherNetworkInfo
-Unknown C:\Windows\System32\gatherNetworkInfo.vbs
as in above report.
Should I create a separate report ?
Config attached
This is a very good point. I should have noted that on my system as well, the CIS Autorun Analyzer sees it as safe. It’s only through CCE that the file is flagged as unknown.
I have received feedback from the devs that they have confirmed this bug and that it will be fixed (although there are no promises as to when the fix will be available).