Advice Request Comodo in Safe Mode blocks a trusted vendor app

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

ctrlz

Level 2
Thread author
Verified
Mar 20, 2017
54
Hi,
I'm using Comodo v10 in proactive security, the HIPS level is Safe mode.
Unfortunately, I always find this line in the blocked applications:


The exe comes from a trusted vendor:


And I have a custom HIPS rule that allow that exe:


If i unblock the app from the blocked list, after few seconds a new entry is created.
The only way to not create the entry is disable the HIPS component.

IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?
Have you been able to contact or post a bug report to Comodo Support (Email and Forum)?
 

ctrlz

Level 2
Thread author
Verified
Mar 20, 2017
54
You can find the full reply in the above link.
It seems a legit behaviour, but it was auto-blocked by CIS self-defense that prevents Interprocess Memory Accesses on its processes.
Added an exclusion in that ruleset, to avoid blocks with the synaptics driver
 
  • Like
Reactions: Parsh and lab34
5

509322

IMO it's a bug: the driver comes from a trusted vendor, I'm in safe mode and, anyway, and an explicit allow rule is present.
Do you know if there is a specific reason for this?

You have to compare the file's digital certificate to what is in COMODO's Trusted Vendor List. A seemingly simple difference, like Synaptics Corp versus Synaptics Ltd, will result in a block. Also, COMODO might have whitelisted only a specific set of files for the vendor.

Not yet, before to proceed I just wanted to be sure I wasn't missing something.
Anyway I'm going to report this bug to comodo

EDIT: posted bug report: Safe Mode always blocks application from trusted vendor - Bug Reports - CIS

You're wasting your time.

In a case such as this you have to submit the file to COMODO for whitelisting. Doing so is infinitely faster than a bug report - and they will not consider this case a bug. You can find how to submit files for whitelisting on the COMODO forum.
 
Last edited by a moderator:

ctrlz

Level 2
Thread author
Verified
Mar 20, 2017
54
@Lockdown thank you for the reply. I looked for the exact trusted vendor string, and it should be allowed.

The reply I received from the forum says that CIS processes protected themselves from memory access, unless you explicitly allow the process in the protection exclusions of the ruleset.
I did it, allowing synaptics to acces xCIS processes, and it works without blocks.

Please note that this doesn't happen with other processes, but only with CIS ones, so I think it could be right (it's a matter of self-protection). If it was an all processes, definitely not.
 
5

509322

@Lockdown thank you for the reply. I looked for the exact trusted vendor string, and it should be allowed.

The reply I received from the forum says that CIS processes protected themselves from memory access, unless you explicitly allow the process in the protection exclusions of the ruleset.
I did it, allowing synaptics to acces xCIS processes, and it works without blocks.

Please note that this doesn't happen with other processes, but only with CIS ones, so I think it could be right (it's a matter of self-protection). If it was an all processes, definitely not.

OK. I misunderstood. I thought it was completely blocked from running.

Synaptics has no need to access COMODO processes so it should be blocked from doing so.
 
  • Like
Reactions: darko999
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top