CIS Defense + doesn't see Libre Office installing

Discussion in 'other anti-malware software' started by blacknight, Aug 24, 2015.

  1. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    I use CIS last version, no sandbox, truster vendors list deleted, Defense+ setted in Paranoid Mode, MSI installer setted in defense as " ask ". Today I begin to install Libre Office: no alerts by Defense+ !!! I completed the Libre installation process without Defense + alerts. Only after the installation, when I launch for the first time Libre, Defense wakes up and alerts me asking what I want to do. I made some try launching many others programs installers and Defense+ - as it always did - see all them and alerts me. Why not Libre ?
     
    Last edited: Aug 24, 2015
  2. hjlbx

    hjlbx Guest

    Disable Cloud Lookup under File Settings, then delete Libre Office modules from File List (I think maybe they are rated as Trusted by Comodo).

    After the above, CIS Defense+ should generate alerts = treat Libre Office as Unrecognized.
     
  3. hjlbx

    hjlbx Guest

     
  4. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    I deleted File List and disabled Cloud Lookup when I installed CIS, and it's again disabled. This is the reason for I don't understand Defense's behavior.
     
  5. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Comodo had the behavior of repopulating the trusted vendor list on each update if I remember correctly, did you check if your trusted vendors list was still empty?
     
  6. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Yes, it was the first thing that I did because I had the same doubt than you.
     
  7. hjlbx

    hjlbx Guest

    @blacknight

    So you did all of the following, correct ?:
    • Disable Cloud Lookup
    • Deleted entire File List
    • Deleted entire Trusted Vendor List
    What security profile are you using: Comodo Internet Security, Proactive or firewall ?

    Check your Windows Explorer HIPS rule... Launch an Executable should be set to "Ask" and there should be no Modify exceptions...
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Yes, correct. And as I wrote, I already tried to launch many executables, and Defense+ see all them, as always it did.
     
  9. hjlbx

    hjlbx Guest

    Don't get too upset with Comodo... currently I have bug report with Chief of Engineering - CIS Core Modules. It was accepted by Comodo Engineering a few weeks ago and classified as a potential bug. Now, I think it might very well be seeing that you are experiencing very similar CIS behavior.

    On my system - despite deleting File List, Trusted Vendor List, all HIPS rules and setting HIPS and Auto-Sandbox to "Block" - some installers are still able to install on system.

    Chief Engineer states "It appears to be a bug. We will investigate..."

    However, in your case, Defense+ alerts upon first execution of installed program... so you are protected. :D
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Thank you. I too thought that it could be a bug.
     
Loading...