Wildcards inside paths are ignored by HIPS [V6][M570]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?:Yes, 100%
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened: Open or run any executable with an already defined HIPS rule like: C:\Users*\blah\blah\something.exe
  • If not obvious, what U expected to happen: I expected not to be asked again for permissions by HIPS for an already defined rule. This does not happen with 5.12
  • If a software compatibility problem have U tried the conflict FAQ?: not a compatibility problem.
  • Any software except CIS/OS involved? If so - name, & exact version: nope.
  • Any other information, eg your guess at the cause, how U tried to fix it etc: Remove wildcard from rule.
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: Comodo Internet Security 6.2.285401.2860

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: HIPS: enabled/paranoid, Autosandbox: disabled, Firewall: custom policy, AV: disabled.
  • Have U made any other changes to the default config? (egs here.): No
  • Have U updated (without uninstall) from a CIS 5?: No
    [li]if so, have U tried a a clean reinstall - if not please do?: Yes, clean install
    [/li]- Have U imported a config from a previous version of CIS: Nope.
    [li]if so, have U tried a standard config - if not please do: Yes.
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows XP, SP 3, 32bit, Administrator.
  • Other security/s’box software a) currently installed b) installed since OS: a= Avast free b= Avast free

[attachment deleted by admin]

Thanks for your formatted report.

However, can you please attach both the diagnostics report and the Process List. As it’s possible that this issue is specific to certain computers it is very important that both are attached so that if something of that sort does occur the devs can still ascertain where the problem is and therefore how to fix it. I hope you understand.

Thank you.

Where can i find that report?

Open the main GUI, click on the question mark, go to support,and select diagnostics. It will run the diagnostics and provide you with the option to create a report.

Then, go to the tasks side of the GUI and go to the Advanced Tasks section. Then, open KillSwitch by selecting “Watch Activity”, click the menu called KillSwitch, and select “Save Current View”. Then put it in a zip file and attach it to your first post.

Please let me know if you have any questions.


Reports attached.

Actually, now that I look at this again, shouldn’t this be expected behavior? If you don’t define a part of the path in the middle how can it have any idea where to go afterwards?

What happens if the rest of the path after the ‘*’ is blank? Do you still receive an alert, or does it work accordingly?


A rule with an asterisk in the middle like C:\Users[i]*[/i]\AppData\Roaming\Folder\Something.exe would match:


I have setup a few rules like these with 5.12 so i don´t have to setup a rule for each user and they work correctly.

It would match anything inside the Users folder, including non-executable files, but currently it does not. I still receive an alert. A rule like C:\Users[i]*[/i] would match:


an so on…

So are you saying that this used to work correctly with V 5.12?

Yes, all of these work correctly with 5.x, not with 6.x:

Okay, as it worked in a previous version, but not with V6, I believe that it may be a bug. Thus, I will forward this to the devs.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The bug is still present with version 6.3.294583.2937, however it does not affect every pc. Some of these pc are fresh version 6 installs, others are 5.x upgrades.

Thank you for checking this.

I have updated the tracker.

The devs have informed me that they believe that this is fixed for CIS version 7.0.313494.4115. I will therefore move this to Resolved.

If this is still not fixed for you please both respond to this topic and send me a PM (including a link to this bug report).

Thank you.