That request has been made since time immemorial. Give it up.
Comodo Firewall 10 Setup
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
That request has been made since time immemorial. Give it up.
- Dec 8, 2014
- 206
Are you referring to the concept in general or the location?A security soft running a *.bat in ProgramData...
I have learned that it is a feature. So let's just leave it at that.
Last edited by a moderator:
- Apr 13, 2013
- 3,144
Telos- the issue you were having with the extension was due to how it was specifically coded for Chrome (the extensions for IE and Mozilla products are different and work fine). For whatever reason, the developer made it so that a script interpreter was used and this was why it was blocked and the bat file was generated.
This is a way that CF10 deals with fileless malware (scriptors). A fileless script, when detected and sandboxed will be converted into the bat file which is stored in what amounts to a temp directory within the Comodo directory in program data. As was explained by Yash this action can be disabled by unchecking the "Do Heuristics commandline analysis" box in the HIPS settings. And it's fine to do this as this sort of malware will be stopped by the sandbox at the Restricted level anyway.
So it's not an issue nor a bug- in spite of what some people want you to believe (sigh...).
ps- the default max size of the bat files that can be stored in that directory is 100kb.
This is a way that CF10 deals with fileless malware (scriptors). A fileless script, when detected and sandboxed will be converted into the bat file which is stored in what amounts to a temp directory within the Comodo directory in program data. As was explained by Yash this action can be disabled by unchecking the "Do Heuristics commandline analysis" box in the HIPS settings. And it's fine to do this as this sort of malware will be stopped by the sandbox at the Restricted level anyway.
So it's not an issue nor a bug- in spite of what some people want you to believe (sigh...).
ps- the default max size of the bat files that can be stored in that directory is 100kb.
Last edited:
Please don't do that - don't even try to infer my intent. My intent is not to spread COMODO FUD - so please don't make such implications.
I support the product today as I always have. In my time I've jumped through more hoops in support of COMODO products than a Barnam & Bailey circus poodle wearing ridiculous, oversize sunglasses, a huge pink bowtie and a weird, tiny hat with chinstrap.
If, in the past, I have expressed the truth about bugs - it cannot be interpreted as any kind of bashing. There have been cases where I ran obstacle courses and provided exactly what was needed to fix a few bugs - but COMODO did\has done nothing with the code\data. "It [had] a frickin' bow on it." I guess the saying "You can lead a horse to water, but can't make it drink" is quite apt. And this scenario is not just limited to C.
If the .bat in the ProgramData is a feature it wasn't clear to me in the short time that I had CIS 10 installed on the system. When I saw it, it appeared as a quirk. My mistake - I should have investigated further - obviously. I've gone back and edited my prior posts to reflect that it is a feature.
Still, to me it is a strange solution, but if it works to C's satisfaction - then it just is what it is. There's a setting workaround and users will need it.
Last edited by a moderator:
- Dec 29, 2014
- 1,711
Have you had a problem with 360 TS web application? It creates a script when the browser opens. Comodo converts the script into a file and places it in a folder called Tempscrpt in the Programs area. If you haven't had a problem with it, it's the same problem, so not sure why unless you don't use it. It's really good though.
Here is what I have done for the 360 TS extension. Find the Tempscrpt folder in the Comodo folder in Programs. If you can set your explorer so you can view files this will help you see without opening the files. Otherwise, right click on each script and select "Edit" and make note of what application is creating/using each script (sounds like you may have done this). You will see it plainly in the script someplace.
Now go to Auto-Sandbox and create one for that application and set it to ignore. The Sticky Passwords uses Conhost.exe, so you may need to set an ignore rule for it too. Do this for each process you find in any script in the folder. If there's a rule there already in Auto-Sandbox rules for one, change it to ignore, assuming you trust the app.
If the WDPay (Safe Shopping) is not working for 360 (it won't work on my PC that has CFW without this), create an ignore rule for this too if you want the 360 browser extension to work.
If you have other rules, like firewall, you may want to go and set those rules so that each sandbox ignored application is treated as an "Allowed Application". Voodoo Shield is surely giving you a VS alert every time the browser opens too (unless you used a wildcard edit for the Sticky PW command line). Is this correct? Anyway, you will still get a Comodo pop up when the browser opens for extensions that make a script no matter what. If you deal with the pop up correctly the first time, the rule will stay "ignore" and the extension will run outside the sandbox and normally. The first time I got this, I chose to allow the script as and Treat it as "Allowed Application" or selected "ignore" can't remember the alert. After this the alert will come every time still, but the application is not sandboxed as long as the same choice is made. It will still be ignored. The 360 extension works as it's supposed to work now for me.
If you are only having the issue with the Sticky Password extension, the above should work...I think anyway.
If this somehow had anything to do with this, I don't know. Maybe it works anyway even if HIPs is enabled? I won't turn this off, though...no way. This monitors all scripts at least for the HIPs module, and it's very powerful. I have HIPs enabled, so I can't say if it will still work anyway as the setting that causes script monitoring. Maybe script monitoring happens separately from HIPs and automatically for sandboxing without a setting in that area.
BTW, you can see in the Tempscrpt folder that these will build up over time. I guess I will come up with a cleaning solution for this that works by date/time/exclusions, etc. Some of the scripts must be in the folder for PCs here, so they can't be deleted without getting a pop up later.
Apologies so long, hope it helps somehow. Hope Comodo come up with something for this soon. I know they know about it already.
- Dec 29, 2014
- 1,711
Well, the element breaks extensions in some cases by auto-sandboxing them. 360 Internet Security wouldn't work until I worked through it all. That's the main reason. Also, the script references pile up over time in the Tempscrpt folder. It's something I think they should fix, considering it shouldn't be all that hard to do and also how much it would clean up CIS/CFW/CCAV.
Win 10 64 Pro
Sometimes autosandbox alerts are not there.
1 program dont remember now.
Another was ExpressVPN. I started ExpressVPN, no alert was there, I thought whitelisted, fine...started connect...circle kept spinning for a long time & EVPN mention couldn't connect. I tried another server, same issue. I suspected CFW & there openvpn.exe was under Unblock Apps.
Now autosandbox alert for openvpn.exe was not there...its a prob.
But guess EVPN not connecting was the issue due to customize FW settings i.e "Dont show popup messages" checked & set to "Block"...openvpn.exe unknown so connections blocked.
Tried EVPN with CCAV & openvpn.exe was autosandboxed & alert was there & EVPN connected fine...new baby is rockingCIS has become old & forgets stuffsDevs too are paying more attention to new babysoon CIS will have lots of frds & new home...COMODO ABANDONWARE
Sometimes autosandbox alerts are not there.
1 program dont remember now.
Another was ExpressVPN. I started ExpressVPN, no alert was there, I thought whitelisted, fine...started connect...circle kept spinning for a long time & EVPN mention couldn't connect. I tried another server, same issue. I suspected CFW & there openvpn.exe was under Unblock Apps.
Now autosandbox alert for openvpn.exe was not there...its a prob.
But guess EVPN not connecting was the issue due to customize FW settings i.e "Dont show popup messages" checked & set to "Block"...openvpn.exe unknown so connections blocked.
Tried EVPN with CCAV & openvpn.exe was autosandboxed & alert was there & EVPN connected fine...new baby is rocking
CIS has become old & forgets stuffsDevs too are paying more attention to new babysoon CIS will have lots of frds & new home...COMODO ABANDONWARELol, im glad to have ditched CIS for good, best decision i ever made, i'm even safer with with my OS built-in tweaked security than with CIS.
Hello...
Just wondering whether in file ratings you leave "trust applications signed by trusted vendors" and "trust files installed by trusted installers" ticked?. I always wonder if there's a possibility of any breaches if these are left ticked?
Thanks for your insight.
- Apr 13, 2013
- 3,144
Mercy- Trust me in that unticking these boxes (unless a person has a specific need to do so) is not a good thing. It will essentially sandbox anything that you want to use (not really, but close enough to be no nevermind).
Granted, if one comes across malware that uses a stolen signed certificate this would be a bad thing. But these are normally jumped on immediately by security vendors- even Comodo. There are some that would want to limit this method of attack by reducing the amount of Vendors that are trusted. With CF this list can be easily edited. If you have interested in doing this, please google "Comodo and Trusted Vendors List" - with the quotation marks! This will bring up a video I did last July that highlights the process.
Granted, if one comes across malware that uses a stolen signed certificate this would be a bad thing. But these are normally jumped on immediately by security vendors- even Comodo. There are some that would want to limit this method of attack by reducing the amount of Vendors that are trusted. With CF this list can be easily edited. If you have interested in doing this, please google "Comodo and Trusted Vendors List" - with the quotation marks! This will bring up a video I did last July that highlights the process.
cs,
I am giving a try to proactive config........
Just want to know.........after CFW install, I switch to proactive config........I can customize the settings first, run rating scan & then restart the system, no probs, right?
I am giving a try to proactive config........
Just want to know.........after CFW install, I switch to proactive config........I can customize the settings first, run rating scan & then restart the system, no probs, right?
- Apr 13, 2013
- 3,144
First you have to change the configuration, then do any changes. Otherwise all the tweaks that were done will be lost and you have to do them again which would be a waste of your valuable time.
- Jul 6, 2015
- 737
And no one listens!someone, anyone, anybody, nobody, everybody, somebody, everyone...noone likes Comodo Standard Bug Report Format
I have to point for clarity sake , that the HIPS in Comodo is not truly "disabled" , it is just "silenced" or "hidden" to give priority to the other modules , but it is still active in the background in case the other modules don't react.
Comodo Internet Security's auto-Sandbox (BB) & HIPS interaction explanation
Comodo Internet Security's auto-Sandbox (BB) & HIPS interaction explanation
- Jan 27, 2017
- 139
Thank you for the clarity. I didn't know that. I did the assume thing.
I can say that it is NOT very silent when it is enabled. 
- Jan 29, 2017
- 1,201
True. When I review my logs there is always HIPS activity even though it is "unchecked".
I can say that it is NOT very silent when it is enabled.
that is the point of an HIPS , monitor and alert about everything good or not. it is why i favored SRP based products like Appguard , they block everything, no need to alert me
Similar threads
