[June] What's New on Comodo Client Security?

Hello everyone,

We are excited to inform you that we are planning to have new releases scheduled to go live on Saturday (2019-06-08) morning!

The release is expected to take 30 minutes to deploy, during that time platform will be under maintenance mode. Post-deployment tests are expected to continue until 2 pm EST during which you may observe minor glitches. If you observe any issues, please feel free to share with us.
Comodo Client Security
Windows
Connectivity Issues Regarding CCS v11.2

  • The engineering team investigated the issue from the first day of the incident, as some firewall-sourced connectivity issues were reported from some customers. Eventually, the issue is identified as it sourced from the complications of Firewall module refactoring during the transition from v11.1 to 11.2. Therefore, it has been decided that these refactorings should be reverted in this release. Internal tests and the tests on several customer environments were completed successfully. The team will keep working in depth to prevent recurrence of similar incidents. Due to this reversion, a few recent Firewall features will disappear. The detailed feature list can be found below. Please note that these features were not reflected to Endpoint Manager. Therefore, it will not require you to make any changes on your configuration under usual circumstances.
    • Features to be reverted:
      • Ability to specify criteria for Firewall rules.
      • Rating, Containment status, Age, Parent Process etc
      • Ability to create Firewall rules for IPv6 address ranges
New Features
  • The antivirus scanner will now skip files that take longer than 5 minutes to scan. This improves performance in manual and scheduled scans. Skipped files are shown in the scan results screen.
Improvements
  • New rule to auto-contain .msi installers. The new ‘Run Virtually’ rule applies to msiexec.exe files if the parent process is in the 'Management and Productivity Applications' group. This improves security by virtualizing any unknown files launched via msiexcec.exe by legitimate applications in the group.
  • View logs straight from the tray icon. You can now access the ‘View Logs’ interface by simply right-clicking on the CCS tray icon.
  • Enable/disable HIPS from the tray icon. Quickly activate or deactivate HIPS from the right-click menu of the CCS tray icon.
  • Added ‘Block’ actions to the containment parent process tree. Processes blocked by the containment module are now logged in Containment Logs > Parent Process records. This improves visibility during forensic investigations.
  • ‘Reputation’ column renamed as ‘Rating’ in the auto-containment rules screen. This change is to improve language consistency across product interfaces.
  • Caps-Lock Warning. You are now warned if caps-lock is on when entering the client access password.
Bug Fixes
  • Fixed the issue of not minimizing Virtual Desktop
  • Fixed the issue of Full Antivirus scan failures
  • Fixed the issue of reporting internal containment services to EM
  • Fixed the issue of BSOD after CCS installation
  • Fixed the issue of BSOD when a cellular modem is enabled on the endpoint
  • Fixed the issue of internal Comodo services crashs on Windows Server 2012 R2
Linux
New Features
  • External device control rule for USB Devices. New rule lets you block the use of USB devices on Linux endpoints. You can create exceptions for specific devices if required.

Hi @Can

With the firewall we still had issues in v11.1, not as bad as v11.2 or v11.0.

These really is not a solution to the issue and not what anyone especially me was expecting.

It is obvious that due to constant changes by MS and the way you use NIC drivers to implement a firewall to provide containment and other features on the traffic just does not work.

As this does not work can you please provide a 100% working version with no firewall and no warning messages to end clients about the lack of this feature.

Sorry to be demanding, but we have had enough with the firewall and constant killing of networks to get one month of slight improvement and then be back in the gutter again the next month.

Hi

I’ve been using the pre-release version of CCS 11.2.2.7453 without any issues, which I understand will be released as version 11.3 this weekend.

I really wish there was a version of ccs without the firewall (and without the coresponding messages that the firewall is inactive when disabled). We’ve just pushed out ccs to some more of our endpoints but by default now we have the firewall disabled and the ccs taskbar icon hidden. (not ideal but better than the stress the comodo firewall causes). We have a short while longer to evaluate our position but I suspect we will simply use the Itarian platform for patch management and switch back to our previous AV supplier unless Comodo listen to their users requests.

I have some tests to do and then possibly some good news!

Did a very simple test. Disabled the firewall 7th Jun, and no WiFi disconnections until this morning, 12th Jun. Only change I did was to enable the firewall yesterday. :frowning:

Hi @DukePaul
Check out StrobeTech’s discussion here for an update about his test with the Firewall component.

Thanks Rick, I just deleted everything and left only the AV component.

@DukePaul ,

Can you please confirm that the version you currently have is 11.3.0.7495 for your client security coming from the last update.

Hi @Jimmy

Yes, we have 11.3.0.7495

Hello @DukePaul

We have created a ticket for you in order to investigate the issue further

With best regards

Thanks @DaveHD .

What I don’t understand is why it’s not consistent. I have one user who has everything enabled and not experiencing any connectivity issue. Others have the issue but happens just every now and then. And other’s have the issue like they can’t do any work because it disconnects them like every 10-15 minutes.

Hello @DukePaul

The requested logs mentioned on the support ticket will provide a better answer on your query above. As of now, we can share some ideas why however it is better to have the logs reviewed by the developer to provide better insight and solution on your case.

With best regards

Windows patch levels
Network card manufactures
Network card drivers
Mother board etc…

The list is almost endless, and is the reason this has been around for so long.

Hi @StrobeTech

But the PCs were purchased all at the same time with same specs.

Hi @DaveHD ,

I’m sorry for the stupid question but where can I find this support ticket you’ve mentioned? Can’t find anything in my Inbox/messages nor my email.

Hello @DukePaul

We have sent it to the email address you have registered to forums we will resend the message, please check your email box at your convenience.

With best regards

Thanks @DaveHD ,

Found it buried in all the junk mails. I’ll turn on the firewall again on a couple of PCs and get the logs sent to you as soon as I can.