Unknown network connections displayed in CIS Firewall panel [V6][M706]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: Always reproducible.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a: Open CIS, either through tray icon or widget
    b: You will see that connections from iexplore.exe and internetbro… are always shown for a moment, but then disappear and the actual network connections are shown
    c: These momentary connections are shown even when I am not using these apps. The display duration varies from fraction of a second to 1-2 seconds. You can see the attached video file.
  • If not obvious, what U expected to happen: CIS Firewall panel should always show actual network connections.
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version: None
  • Any other information, eg your guess at the cause, how U tried to fix it etc: Removed CIS using Add/Remove Components, then used Revo Uninstaller to completely remove leftover files, folders, and registry keys. Rebooted the machine and did a clean reinstall but problem remains even before/after virus definition update.
    [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.3.297838.2953 (I have also tried it with updated CIS version 6.3.302093.2976)

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: D+/HIPS, Autosandbox/BBlocker, Firewall, & AV
  • Have U made any other changes to the default config? (egs here.): None, except a firewall application rule to restrict DNS traffic. But even with standard config, the problem remains.
  • Have U updated (without uninstall) from a CIS 5?: None
    [li]if so, have U tried a a clean reinstall - if not please do?: Yes. I have done it 3 times, but problem remains.
    [/li]- Have U imported a config from a previous version of CIS: No
    [li]if so, have U tried a standard config - if not please do: Yes
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7, SP1, 32 bit, UAC=on, admin, V.Machine not used
  • Other security/s’box software a) currently installed b) installed since OS: a=None b=None
    [/ol]

[attachment deleted by admin]

I am having the same problem. As per CHIRON’s suggestion notifying this here. Full description can be found here - https://forums.comodo.com/firewall-help-cis/internetbro-iexploreexemui-and-their-systematic-disappearanc-t100536.0.html


1. Can U reproduce the problem & if so how reliably?: Always reproducible.
2. If U can, exact steps to reproduce. If not, exactly what U did & what happened: If U can, exact steps to reproduce. If not, exactly what U did & what happened:[/b] After clicking on comodo system tray icon it opens the window with a short lag. Within a blink of the eyes connections from iexplore.exe and internetbro… get disappeared from firewall section of the main window. It seems they start when comodo window is not open or minimized to task bar but opens when window is closed and comodo is residing in system tray.
3. If not obvious, what U expected to happen: CIS Firewall panel should always show actual network connections.
4. If a software compatibility problem have U tried the conflict FAQ?: Not a software conflict issue, I guess
5. Any software except CIS/OS involved? If so - name, & exact version: I don’t think so
6. Any other information, eg your guess at the cause, how U tried to fix it etc: no idea about the cause

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
1. Exact CIS version & configuration: 6.3.302093.2976 DB: 17493
2. Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: D+/HIPS-safe mode, Autosandbox-disabled, Firewall-safe mode & AV-On access.
3. Have U made any other changes to the default config? (egs here.): firewall application rule to restrict all traffic except the specifically software-wise defined traffic.
4. Have U updated (without uninstall) from a CIS 5?: None
a. if so, have U tried a a clean reinstall - if not please do?: No
5. Have U imported a config from a previous version of CIS: No
a. if so, have U tried a standard config - if not please do: No
6. OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows xp, SP3, 32 bit, UAC=on, admin, V.Machine not used
7. Other security/s’box software a) currently installed b) installed since OS: a=None b=None

Thank you. This is certainly either a bug or a feature where CIS uses those connections to check something each time the interface opens. However, lacking any knowledge of such a feature, I will forward this as a bug.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

Any progress regarding solution?

Not as of yet. We’ll have to wait until the next version is released and see if there is any resolution for this. Sorry, I don’t have any new information at this time.

Thank you.

Today, I installed CIS on a Windows XP Professional SP3 machine and found the same issue. The issue is always reproducible. As earlier, this XP box is also not infected as I have checked it with various antivirus and antirootkit products and found no instance of any malware.

Can you provide my SHA-1 value CIS version 6.3.297838.2953 ?

Thank you for letting us know about this.

I’m afraid I’m not sure what you’re asking for. Are you worried that your copy of CIS has been corrupted in some way. If so, to make sure, before installing you can check and make sure the digital signature is still valid. If it is, then everything is fine.

Can you provide me SHA-1 value of CIS Premium Installer version 6.3.297838.2953 ?

Actually I came across an article about modifying a signed executable without invalidating its digital signature. The article is available at Modify a signed executable without invalidating its digital signature!! - Security - reboot.pro

I have not tried the steps listed in the article, but the steps appears promising.

The Proof of Concept package (DigitalSignatureTweaker_v1006.zip) available at http://reboot.pro/files/download/85-digitalsignaturetweaker/ can be used to modify a signed executable without invalidating its digital signature. Just to check, I tried it with CIS.exe and you can find that attached CIS.exe (in zipped form) contains an image file, still digital signature is perfect. You can use SignatureDecompiler.exe contained in DigitalSignatureTweaker.zip file to extract Joyful_New_Year.jpg from attached CIS.exe

Therefore, in my case of unusual network connections shown in CIS Firewall panel, the possibility of having a compromised cispremium_installer.exe file cannot be ruled out. That’s why I am requesting for a hash value.

[attachment deleted by admin]

I sincerely doubt that this is causing any problems for you. However, please start a new topic for this in the HELP section of the forum. I guarantee that with a title about modifying a signed executable without invalidating its digital signature you will attract the attention of many people who can better comment on this situation. It would be interesting as well.

Thanks.

The devs have informed me that they believe that this is fixed for CIS version 7.0.313494.4115. I will therefore move this to Resolved.

If this is still not fixed for you please both respond to this topic and send me a PM (including a link to this bug report).

Thank you.