Advice Request Comodo in Safe Mode blocks a trusted vendor app

Please provide comments and solutions that are helpful to the author of this topic.
Status
Not open for further replies.
C

ctrlz

Level 2
Thread author
Verified
Mar 20, 2017
54
126
66
italy
Hi,
I'm using Comodo v10 in proactive security, the HIPS level is Safe mode.
Unfortunately, I always find this line in the blocked applications:


The exe comes from a trusted vendor:


And I have a custom HIPS rule that allow that exe:


If i unblock the app from the blocked list, after few seconds a new entry is created.
The only way to not create the entry is disable the HIPS component.

IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?
 
ctrlz said:
IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?
Click to expand...
Have you been able to contact or post a bug report to Comodo Support (Email and Forum)?
 
You can find the full reply in the above link.
It seems a legit behaviour, but it was auto-blocked by CIS self-defense that prevents Interprocess Memory Accesses on its processes.
Added an exclusion in that ruleset, to avoid blocks with the synaptics driver
 
  • Like
Reactions: Parsh and lab34
ctrlz said:
IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?
Click to expand...

You have to compare the file's digital certificate to what is in COMODO's Trusted Vendor List. A seemingly simple difference, like Synaptics Corp versus Synaptics Ltd, will result in a block. Also, COMODO might have whitelisted only a specific set of files for the vendor.

ctrlz said:
Not yet, before to proceed I just wanted to be sure I wasn't missing something.
Anyway I'm going to report this bug to comodo

EDIT: posted bug report: Safe Mode always blocks application from trusted vendor - Bug Reports - CIS
Click to expand...

You're wasting your time.

In a case such as this you have to submit the file to COMODO for whitelisting. Doing so is infinitely faster than a bug report - and they will not consider this case a bug. You can find how to submit files for whitelisting on the COMODO forum.
 
Last edited by a moderator:
  • Like
Reactions: Handsome Recluse and Andytay70
@Lockdown thank you for the reply. I looked for the exact trusted vendor string, and it should be allowed.

The reply I received from the forum says that CIS processes protected themselves from memory access, unless you explicitly allow the process in the protection exclusions of the ruleset.
I did it, allowing synaptics to acces xCIS processes, and it works without blocks.

Please note that this doesn't happen with other processes, but only with CIS ones, so I think it could be right (it's a matter of self-protection). If it was an all processes, definitely not.
 
ctrlz said:
@Lockdown thank you for the reply. I looked for the exact trusted vendor string, and it should be allowed.

The reply I received from the forum says that CIS processes protected themselves from memory access, unless you explicitly allow the process in the protection exclusions of the ruleset.
I did it, allowing synaptics to acces xCIS processes, and it works without blocks.

Please note that this doesn't happen with other processes, but only with CIS ones, so I think it could be right (it's a matter of self-protection). If it was an all processes, definitely not.
Click to expand...

OK. I misunderstood. I thought it was completely blocked from running.

Synaptics has no need to access COMODO processes so it should be blocked from doing so.
 
  • Like
Reactions: darko999
Status
Not open for further replies.

You may also like...