When HIPS: Paranoid, Windows doesn't start and act wierd

5Lqep · February 28, 2023, 6:10am

As soon as HIPS is set to paranoid it Windows acts weird and Windows doesn’t work after Login screen

C.O.M.O.D.O_RT · February 28, 2023, 6:32am

Hi 5Lqep,

Thank you for reporting.
May i know what happened on your system when you set hips to “paranoid mode” is the system crashes, slowness or anything else ? kindly provide us exactly what happened. (Any screenshot would be helpful)
Are you installed any other security software other than CIS ?
And provide us your CIS version and win version.

Thanks
C.O.M.O.D.O RT

5Lqep · February 28, 2023, 7:34am

Comodo Firewall Version - 12.2.2.8012
Windows 10 Enterprise - 21H1 x64

When I start to use Windows after setting HIPS to Paranoid it asks for some permissions than I get a black screen. On Windows LogOn same thing.
To Fix it I had to boot in safe mode and disable comodo

C.O.M.O.D.O_RT · February 28, 2023, 7:53am

Hi 5Lqep,

Thank you for providing the requested information.
FYI: Setting hips to paranoid mode generates the most amount of HIPS alerts and is recommended for advanced users that require complete awareness of activity on their system.
However we will check this issue and update you.

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O_RT · February 28, 2023, 10:00am

Hi 5Lqep,

We have checked and found no issues(no black screens, only hips alerts).
However we will take your concerN to the team notice and update you.

Thanks
C.O.M.O.D.O RT

5Lqep · March 1, 2023, 6:56am

Another thing that will help to narrow down the problem -

After setting it to paranoid if i lock the windows (Windows+L) “Windows LogOn” Needs HIPS permission

C.O.M.O.D.O_RT · March 1, 2023, 9:11am

Hi 5Lqep,

After setting it to paranoid if you lock the windows (Windows+L) then the hips alert will popup and ask permission for both windows lock &Windows LogOn. it works like that.
Are we missed something else to understand from the above post…

Thanks
C.O.M.O.D.O RT

5Lqep · March 1, 2023, 10:40am

Blockquote
After setting it to paranoid if you lock the windows (Windows+L) then the hips alert will popup and ask permission for both windows lock &Windows LogOn. it works like that.

Yes, Windows acts weird after setting HIPS to paranois but “C:\Windows\System32\LogonUI.exe” or “C:\Windows\System32\winlogon.exe” asking for permission is on of the symptoms that may help narrow down the problem

5Lqep · March 1, 2023, 10:46am

I switched from my usual “Proactive Security” Config to “Firewall Security” and noticed somethings missing from HIPS Rules

My “Proactive Security” Config

Untouched “Firewall Security” -

Is “Proactive Security” different from “Firewall Security” or Comodo automatically removed These App categorizes and I will have to add them back?
What is “All Applications” and “Metro Apps” folder ?

Ping - @C.O.M.O.D.O_RT

C.O.M.O.D.O_RT · March 1, 2023, 11:34am

Hi 5Lqep,

Let me check this and update you.

Thanks
C.O.M.O.D.O RT

5Lqep · March 1, 2023, 7:21pm

Comodo Firewall automatically removes things.

C.O.M.O.D.O_RT · March 2, 2023, 6:54am

Hi 5Lqep,

As we checked and found that the three configurations are different in security level. so the hips rules will change according to the configuration.

Thanks
C.O.M.O.D.O RT

5Lqep · March 2, 2023, 8:11am

I installed Comodo Firewall in a fresh windows and the default HIPS settings for Proactive security are are -

@C.O.M.O.D.O_RT

DrAlrek · March 6, 2023, 6:36am

You may need to have the HIPS make rules for trusted applications for awhile before you switch it to paranoid mode

5Lqep · March 23, 2023, 4:01pm

@C.O.M.O.D.O_RT Any updates on “Comodo Firewall automatically removes things” Issue.
It removes HIPS and Firewall Rules.

C.O.M.O.D.O_RT · March 24, 2023, 8:37am

Hi 5Lqep,

The team is working on it.
We will keep you posted.

Thanks
C.O.M.O.D.O RT

lioant · March 28, 2023, 2:25am

sorry… comodo secure shopping not completely compatible with windows 10 or 11…

Comodo internet security and CSS not completely with windows 10 and windows 11
sorry, i studying marketing and security of information since 2006…

DrAlrek · April 1, 2023, 7:06am

I’ve never been able to make secure shopping work for very long on any system I’ve ever had.

Also HIPS on paranoid is unnecessary. If you want to completely lock your system down. Disable cloud lookup and remove entries from your vendor list for things you don’t have

The easiest way for me to do that was to make sure every file on my system is indexed by CIS/CFW/CAV and then remove all entries from the vendor list click “ok” and then open your files list and do a lookup of every file you have, then your local vendor list will only have vendors in it for things you already have.

In order to completely empty your local vendor list, you can’t use the full signature database and you may need to empty the vendor list several times for it to finally stay empty. Again, once the vendor list is blank, do a lookup of all the files in your local whitelist. filter the entires by “unrecognized” and “trusted” select them all and then click “lookup”

from then on, comodo won’t allow anything that isn’t made by a company you already use. You’ll have much better protection against PUPs and bloatware. And accidental malware entries in xcitium’s whitelist won’t be a problem anymore.