I haven’t found a KB article or forum post on this, so I have no clue how to configure, but I need to allow users to install (and update) Chrome / Firefox.
Repeatedly, when trying to update Chrome (or allowing it to auto-update), the uninstall step works (removing Chrome), but then reinstalling the new version fails (it looks like due to being ran in containment, there’s a green box around window, etc).
I’ve tried multiple ways of adding the Chrome / FireFox installers to the excluded permissions list in the security profile, but the reinstall / update process continues to be marked as “unrecognized” and ran in containment.
Under normal circumstances, installation should not run in containment. Have you tried repeating the reinstallation process? We will need to investigate and determine its root cause. A support ticket had been open to assist you further. Please check your forum registered email at your convenience.
What are “normal circumstances”? I’m using the default security profile for Windows, every installer that Comodo doesn’t “recognize” (which is pretty much everything) is marked to run virtually in containment since it as the “unrecognized” status. This is a policy setting, so I’m not sure in what circumstances installers would ever /not/ run in containment.
Should I simply switch the policy to allow running all unrecognized applications outside of containment? Wouldn’t this defeat the entire purpose of having containment?
Installers signed by trusted vendors that CCS would recognize and provide a trusted rating should run fine. On your other note, you are correct, there is no need to switch policy in regards to installation.
That’s strange, I see Google Chrome on the list. However, when I download and save the installer from the Chrome website and try to run the installer, it always shows in Comodo Device Management > Security Sub-Systems > Containment as:
Parent Process: browser_broker.exe
Comodo Rating: Unrecognized
Our support team has already reached out to you through a support ticket, @RoninMedia. Please discuss further details in that ticket to prevent any PIDs being published in the forum. Thanks!
Have you tried updating Chrome using the application store inside Itarian platform?
I’ve been dealing with this for over a year now. Still, almost every new app installation / update runs in containment, by default. Whether it’s trusted or not. And now they want to charge for their beta app to keep development going. Haha
We have sent a couple of replies regarding your reported issue so we could help further in determining the root cause. The last 3 emails we’ve sent were left unanswered from your end - dated 17th, 24th, and 31st. Thus, we optimistically assumed that your case had been addressed with our updates.