Unticking "Detect Shellcode injections" does not disable it [V6][M415]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?:
    100% reproducable, including in a VM.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
  1. Install DXTory (ExKode | Home), .net 4.0 redist package + Win8 SDK (for dxgidebug.dll).
  2. Launch DXTory.
  3. Wait for Countdown and hit “Experience the Trial”.
  4. Application Crashes.
  • If not obvious, what U expected to happen:
    I Expect the Application to run.

  • If a software compatibility problem have U tried the conflict FAQ?:
    Yes, No help though.

  • Any software except CIS/OS involved? If so - name, & exact version:
    DXTory v2.0.122

  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    Yes, I have fixed it by adding the DXTory install folder to the “Detect Shellcode injections” whitelist, even though I had “Detect Shellcode injections” unticked/disabled.
    Here is a GIF to best illustrate the issue.

  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
    CIS has no log entries for when this happens, Eventlog has a couple for DXTory but mostly generic application errors and…[/ol]


Application: Dxtory.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol][li]Exact CIS version & configuration:
CIS 6.1.276867.2813, Standard Configuration but with Defense+ options disabled.

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    The issue applies regardless of if the setting is enabled or not…
  • Have U made any other changes to the default config? (egs here.):
    Disabled Defense+ Options…
  • Have U updated (without uninstall) from a CIS 5?:
    No, it is a clean install.
    [li]if so, have U tried a a clean reinstall - if not please do?:
    see above.
    [/li]- Have U imported a config from a previous version of CIS:
    see above.
    [li]if so, have U tried a standard config - if not please do:
    see above.
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    Windows 7 SP1 X86_64, UAC Disabled, also tested under VMware.
  • Other security/s’box software a) currently installed b) installed since OS:
    a= No. b= No.
    [/ol]

I shouldn’t have to whitelist programs in Defense+ when it is disabled.

here is the Watch activity dump, cistray.zip (29.2 MB)

[attachment deleted by admin]

I realize my original post maybe a bit complicated (having to install a few GB of software to test + verify on your end), so I’ve come up with a more simplified way to trigger the issue.

example, a simple batch script/cmd prompt command with a registry query that shouldn’t return anything because its an invalid path.


REG QUERY "HKLM\SOFTWARE\AFakeRegistryKey\1234567890" >nul 2>nul

expected result:
no output because its invalid and being piped to null.
what actually happens:
I get the error, even though its supposed to be suppressed.
fix?:
I remove said file from the exceptions list inside Detect Shellcode injections, file functions normally… (regardless of whether the checkbox on Shellcode injections is enabled or not)

this is a kind of ■■■■■■ if I do, ■■■■■■ if I don’t sort of thing. >:-D

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post:

A.8 Please append your Watch Activity Process List and your CIS diagnostics report

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again

Mouse

Okay, these should be what you want. it seems I cant edit my original post to append them to it though.

edit: there we go, added them to the original post

I cant edit my original post to append them to it though.
That OK. Theres things that I cant even find myself. :)

Here’s how to append them in the original post. I’d write it but I think 2 pictures would be better
:■■■■

[attachment deleted by admin]

Yeah, I’ve added them to the original post now. if you need anything else let me know.

Thanks think you have not added your ‘watch activity’ process list yet, if you would not mind. Sorry for delay been setting up bug tracker.

done.

Thanks very much!

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

nope, using v6.2.282872.2847 did not fix it and I run into the same exact problem again even after a completely fresh install. I await yet another version to try.

Thank you for checking.

I’ve updated the tracker.

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

same issue as before. I’ve given up on this getting fixed in a timely fashion and will just stick to V5 until it breaks.

Thank you for checking this. I’ve updated the tracker.

I’m sorry this is taking so long to fix. They have many bugs yet to be fixed. Hopefully they will be able to fix this one within the next few releases.

Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.

Thank you.

PM sent.

seems to be fixed in v7.0.313494.4115, you can mark this bug as being resolved. however I will continue to use v5 until it breaks though because v6 & v7 are rather terrible in comparison.

Thanks for checking this. I have closed this entry in the tracker and will move this report to Resolved.

Thanks again.