I use CIS last version, no sandbox, truster vendors list deleted, Defense+ setted in Paranoid Mode, MSI installer setted in defense as " ask ". Today I begin to install Libre Office: no alerts by Defense+ !!! I completed the Libre installation process without Defense + alerts. Only after the installation, when I launch for the first time Libre, Defense wakes up and alerts me asking what I want to do. I made some try launching many others programs installers and Defense+ - as it always did - see all them and alerts me. Why not Libre ?
Disable Cloud Lookup under File Settings, then delete Libre Office modules from File List (I think maybe they are rated as Trusted by Comodo). After the above, CIS Defense+ should generate alerts = treat Libre Office as Unrecognized.
I deleted File List and disabled Cloud Lookup when I installed CIS, and it's again disabled. This is the reason for I don't understand Defense's behavior.
Comodo had the behavior of repopulating the trusted vendor list on each update if I remember correctly, did you check if your trusted vendors list was still empty?
@blacknight So you did all of the following, correct ?: Disable Cloud Lookup Deleted entire File List Deleted entire Trusted Vendor List What security profile are you using: Comodo Internet Security, Proactive or firewall ? Check your Windows Explorer HIPS rule... Launch an Executable should be set to "Ask" and there should be no Modify exceptions...
Yes, correct. And as I wrote, I already tried to launch many executables, and Defense+ see all them, as always it did.
Don't get too upset with Comodo... currently I have bug report with Chief of Engineering - CIS Core Modules. It was accepted by Comodo Engineering a few weeks ago and classified as a potential bug. Now, I think it might very well be seeing that you are experiencing very similar CIS behavior. On my system - despite deleting File List, Trusted Vendor List, all HIPS rules and setting HIPS and Auto-Sandbox to "Block" - some installers are still able to install on system. Chief Engineer states "It appears to be a bug. We will investigate..." However, in your case, Defense+ alerts upon first execution of installed program... so you are protected.