Whitelist a Script Launched by a Program?

crawler9 · March 21, 2017, 4:50am

I run a StickyPass, password management program, on my computer and every time I launch Google Chrome, it runs a script to hook into Chrome for autofill. Each time, I’m prompted to allow or block the script. Is there any way to whitelist it or mark it as permanently approved? Choosing to allow and always remember my answer does not seem to work, as a new script is created each time in the CIS tempscrpt directory and the rule only points to the one that was created as I was asked, not the new one.

This is the popup I get each time: (3/28 edit: attached screenshot for future reference and removed file from my host)
I am running Comodo Firewall Free v10.0.0.6092 on Windows 10 Pro x64. Any help would be greatly appreciated.

prem1991 · March 21, 2017, 7:39am

Hi Crawler9,

It is intended behavior. Please look here for more
https://forums.comodo.com/news-announcements-feedback-cis/brand-new-comodo-internet-security-10-with-secure-shopping-is-released-t117514.0.html;msg847406#msg847406

Kind Regards,
PremJK

crawler9 · March 21, 2017, 8:07pm

Thanks for the reply. Is this my only option, or is there a way I can whitelist only the script being created by this program? I’d rather not disable the entire functionality just because I want to approve one specific behavior, unless this is the only option.

DecimaTech · March 21, 2017, 8:28pm

Seeing as you have HIPS enabled and are getting HIPS alert about actions from the script file, up would need to create a HIPS rule to allow the scripts. You can create a new file group with C:\ProgramData\Comodo\Cis\tempscrpt*.bat as the path and then use that file group for the HIPS rule and use that group for chrome to allow execution from. Or yes turn off embedded code detection in HIPS settings. You wouldn’t need to make rules if the script was the same each time you ran chrome so unfortunately these are your only options for now.

crawler9 · March 21, 2017, 8:43pm

Thank you, futuretech. I thought they were the same each time initially. I looked a little closer and I see why the script seems different every time.

The script that’s being run is

C:\Program Files (x86)\Sticky Password\spNMHost.exe" chrome-extension://bnfdmghkeppfadphbnkjcicejfepnbfe/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.[stringOf16Char] > \\.\pipe\chrome.nativeMessaging.out.[stringOf16Char]

where the string changes each time.

I guess I don’t have any other options.

crawler9 · March 25, 2017, 4:05am

I’m having trouble figuring out exactly how to do this, namely the part about creating a new file group. Are you able to expand upon this process.

edit: Nevermind. I guess I got it working. I set a HIPS rule for C:\ProgramData\Comodo\Cis\tempscrpt*.bat to allow “Run an Executable” with inclusions only and included the spNMHost.exe specified above (this is the part I was missing), and the second rule was autocreated and saved by Chrome to allow “Run an Executable” automatically with no inclusions or exclusions when I marked the prompt to save my answer. I guess Chrome launches the script first, and the script calls spNPHost, so both rules appear to be necessary.