Comodo Internet Security v10.0.1.6209

[nikos200]

New:
- We now have a new tab "Advanced Protection" under "Advanced Settings" where:
a - "Virus Scope" and "Secure Shopping": These used to be separate tabs are now part of this "Advanced Protection" section.
b - "Miscellaneous": From HIPS Settings, we have moved 4 settings and made part of this section. "Heuristic Command Line Analysis" and "Embedded Code Detection" are integrated under one interface as "Do Heurristic Command Line Analysis". So embedded code detection is expanded in that interface and connected with related parsers. Also we have moved "shell code injection detection" and "browser configuration modification" settings under this section.

- Comodo Secure DNS is back in installation offering now

Changes:
- You will see word "Sandbox" is now replaced with word "Containment" across whole GUI as that is easier to understand by layman while Sandbox has been more technical.

Improved:
Support of Python interpreter in heuristic command line analysis

Fixed:
- All GUI issues experienced with upcoming Windows 10 RedStone-2 / Creators Update are fixed in this release.

Main focus of CIS v10 has been to make it more stable and bug free and as part of that aim, hundreds of bugs are fixed, below are few particular fixes:
- BSOD after launched Opera in Sandbox
- Critical bypasses of Sanbdox
- Keyboard can be intercepted in Virtual Desktop
- Several apps crash caused by guard32/64.dll
- PowerShell scripts are not sandboxed
- Missed fileless malware cases


We are working on next features on CIS, mainly robust web filtering, which will provide solid protection against phishing and malicious URLs.

Thank you all for your feedback and support.

 

[lab34]

New:
- We now have a new tab "Advanced Protection" under "Advanced Settings" where:

I like that, it's more clear.
Because I have Hips disable and CF enable, and at fisrt, I fall in the trap to not understand why some apps where sandboxed.
Having that in a separate tab is less ambiguous. (for me)

 

[shmu26]

Can anyone confirm whether the issue with Embedded Code Detection is resolved, where it would consistently sandbox certain trusted apps and stop them from working?

 

[ctrlz]

@shmu26 I've just updated to this release, how can I verify this embedded code detection issue?

 

[lab34]

There's something new: now you can toggle on/off for "command line analysis" and for "Embeded code detection", for each Application.
Before you could only tick "Enable Analysis" on/off on the list.
I will try to make some tests...

 

[lab34]

Can anyone confirm whether the issue with Embedded Code Detection is resolved, where it would consistently sandbox certain trusted apps and stop them from working?

I found this:
When you right click on the desktop, and do "open a new windows prompt" (hope it's the good translation in english !)
-> before, the command prompt was sandboxed
-> now it's not sandboxed

 

[shmu26]

There's something new: now you can toggle on/off for "command line analysis" and for "Embeded code detection", for each Application.
Before you could only tick "Enable Analysis" on/off on the list.
I will try to make some tests...

That sounds good. If you can turn off embedded code detection for specific apps, that is exactly what we want.

 

[shmu26]

That sounds good. If you can turn off embedded code detection for specific apps, that is exactly what we want.

Well, I checked it out, and it's not exactly what I was hoping for. You can turn off embedded code detection for cmd.exe and for other specific script interpeters, and in fact, it is turned off by default for cmd.exe.
But what I was hoping to see was a little different: the ability to leave on detection for cmd.exe, but exempt a certain app from this detection.

 

[Av Gurus]

Just a couple of pictures from Comodo Firewall:

 

[lab34]

Hello,
and this is the new tab "advanced protection":

 

[ctrlz]

With previous release I remember to have 5 sandboxed processes (based on svchost, I thought the reason was because they are more vulnerable), but with the new release there are no processes.

Is it normal?

 

[ctrlz]

This is how the unrecognized elevation popup has changed:

 

[lab34]

With previous release I remember to have 5 sandboxed processes (based on svchost, I thought the reason was because they are more vulnerable), but with the new release there are no processes.

Is it normal?

View attachment 145692

Hello,
I think the 5 processes are the services launched in the SB when an app is blocked.
If you launch an app from scratch, and it is sandboxed, the necessary svchost are loaded in the SB.
After the app terminate, the services remain till you erase the content of the SB (with the task button).
It is my understanding after two weeks of experimentations.

 

[ctrlz]

I sandboxed an app and used it (chrome), but svchost is no longer sandboxed.
I think that something in the containment policy has changed.

 

[Av Gurus]

Hello,
I think the 5 processes are the services launched in the SB when an app is blocked.
If you launch an app from scratch, and it is sandboxed, the necessary svchost are loaded in the SB.
After the app terminate, the services remain till you erase the content of the SB (with the task button).
It is my understanding after two weeks of experimentations.

Before was when you quit app from Sandbox process remain in sandbox but now looks like when you exit sandbox all process from sandbox are gone.

 

[JHomes]

Eh. Shady business practises by their company. I'll never use their programs again.

 

[Arequire]

Update broke CF for me. Get an error at startup; diagnostics unable to find the issue. Guess I'm reinstalling.

Edit: Uninstalled then reinstalled CF and it's still broken. Going to try uninstalling and deleting everything associated with it then try to reinstall again.

Edit 2: Didn't work either. It's a known bug that they're apparently working on so I guess I'm ditching CF until it's fixed.

 

[ctrlz]

Before was when you quit app from Sandbox process remain in sandbox but now looks like when you exit sandbox all process from sandbox are gone.

Eh. Shady business practises by their company. I'll never use their programs again.

Well, I think it's more secure now. No?

 

[lab34]

Before was when you quit app from Sandbox process remain in sandbox but now looks like when you exit sandbox all process from sandbox are gone.

Yes thats it !

 

[ctrlz]

New hotfix released

Version 10.0.1.6209 (Hotfix) - 10 April 2017
Fixed:

• Trusted Vendor List could be reduced to fewer entries when updating from older CIS version to latest.

Spoiler: Full changelog

Source: Comodo Internet Security v10.0.1.6209-Hotfix Released - News / Announcements / Feedback - CIS

Fixed:
- Upon update, older CIS versions (version 8.x and older), could find trusted vendor list affected. This could result in certain cases alerts for known safe applications as if they were unknown.

All users should receive update.

Note: After you update to this hot-fix, you will still find product version unchanged and staying at v6209.
This was fastest way to get updates out. So please bear with us.

Following are known issues as have been observed in last release:
Issue - A:
Many users have reported Comodo Security Agent could not be started problem upon system re-start.

Re-production:
This bug can not be produced always.

Reason:
Upon system re-start, cistray.exe could launch before Comodo services started.

Impact:
There is no security impact. You are still protected. You just do not see CIS interface.

Possible Workaround:
Step - 1: Try to launch CIS interface from desktop shortcut, if doesn't work try step-2.
Step - 2: See if you can locate CIS tray icon in system tray, exit and try to launch CIS interface as mentioned in Step-1, if doesn't work try Step-3
Step - 3: Locate cistray.exe in TaskManager, terminate and launch CIS interface as mentioned Step-1
-----------------------------------------------------------

Issue - B:
In Network Settings, IP4 and IP6 entry names could be distorted.

Re-production:
We have seen it happening with Windows Creators update preview build Win 10 1703 (build 15063) but have not been able to produce with newest Win 10 IP build 16170.

Impact:
There is no security impact. It's just the name issue. Network is still fully functional and you can make changes.
-----------------------------------------------------------

Next Steps:
- We will be making full CIS release by next week-end that will fix above mentioned issues.