COMODO Internet Security 3.5.52396.411 BETA 3 Bug Reports [CLOSED]

I suspect a driver conflict of some sort, but your question is more suitable in this thread:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_35_beta_questions_and_answers-t27001.0.html

I’m in a similar dilemma with BSODs on my system. If the final release hasn’t resolved this problem on my system, I’ll have to go back to Norton Internet Security. I realize that it’s hard to build a program that runs smoothly on myriads of systems, but I was so looking forward to using Comodo…I think it’s great.

[attachment deleted by admin]

Firewall, Intrusion Detection, SYN Flood does not LOG and does not put the Firewall on Emergency mode !

Scan a CFP2.4 host with:
nmap -sS -P0 -p 1- -D 1.2.3.4,2.3.4.5,3.4.5.6,4.5.6.7 victim.ip
It reports a DDOS SYN Attack, and puts the firewall in Emergency mode.
CIS does nothing NO Logging NO blocking, just prompts it i try to setup a connection from the scanner host.

1. Windows XP SP2
2. Nothing
3. See above
4. N/A.
5. N/A.
6. N/A.

Reported for Beta2 also:
https://forums.comodo.com/beta_corner_cis/comodo_internet_security_beta2_bug_reports-t27344.0.html;msg200352#msg200352

Hi

I’m running CIS in a work environment (I know I shouldn’t be but I take chances ;D ). Anyhow, I can update the main product (from beta 1 to 3) but can’t update the database (at all). Could you look into this? It gets to 5% then gives up (could be a proxy issue, I had similar problems with CVA). If you need any info, please let me know.

PC: Vista SP1 inc BOClean and SafeSurf (all latest versions).

I’m running a local proxy and have no problems, are you sure your proxy server allows you to download the files in question ?

How is your browser configured to use a proxy ?

Automaticaly detect settings ?
Use automatic configuration script ?
Proxy server (hostname / port) ?

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools, COMODO Vulnerability Analyzer 1.1.3.29, Logitech Setpoint 4.60.122

As per Performance issue when remembering answer from Def+ alerts

There are performances issue if there are many Custom D+ policies and it is needed to answer alterts marking them to be remembered.

Tested on a setup with over 200 custom policies.

I can confirm this, using all custom policies for D+ kill’s the performance because of the many extra registry rules you get in custom mode.

I can download files normally in IE / Firefox. CIS allows me to update (from beta 1 to 3) but not database files.

How is your browser configured to use a proxy ?

Automaticaly detect settings ?
Use automatic configuration script ?
Proxy server (hostname / port) ?

Currently but I’ve tried them all without success :'(.

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools, COMODO Vulnerability Analyzer 1.1.3.29, Logitech Setpoint 4.60.122

As per no icmp echo-reply log

I wasn’t able to block nor log ICMP echo replies although I only tested this using two PC on the same LAN.

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools, COMODO Vulnerability Analyzer 1.1.3.29, Logitech Setpoint 4.60.122

It looks like that Miscellaneous\Settings\Logging always revert back to “If the log size exceeds MB delete it and create a new file” after a while.
I was not able to exactly find when this happens but sometimes when I look at the Logging seting they revert back to default delete.
If I edit them and check again after few minutes the changes I made are still there.

EDIT: using a renamed log over 1MB size I confirmed that the issue that moved log backups in the wrong path is solved anyway the above mentioned issue prevent me to use the move log feature.

I can’t also block or log ICMP echo replies also not from routed networks. CIS Beta3

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools, COMODO Vulnerability Analyzer 1.1.3.29,Logitech Setpoint 4.60.122

As per “Purge” and limited user account (V3.0.15.277 X32)

The purge function in My pending file list can erroneously remove existing files if the user is running CIS GUI from a Limited user account and those files are pleced in on the desktop or in document folder of an Administrative account.

If CIS D+ is in Cleanpc mode when the Administrator log into his account those files willl not be listed in pending file list anymore and Defese+ will silently learn them if they are launched.

Disabling " Simple File Sharing" (simple file privileges) to setup more restrictive file/folder non overlapping ownership privileges could possibly increase the chances to reproduce this issue aslso for other folders/files.

Default Stealth Firewall is not Alerting ANYTHING !!
I can fully scan the host without getting one single alert. Global rules contains the default
“Block in ICMP echo request” totally out-of-the-box (except for Safesurf/Toolbar) install tested.

1. Vista SP1, Enterprise, UAC, x32.
2. CMF, BOClean, Winpatrol.
3. Installed CIS default settings, put a [nmap -O -PN ip.host] against it, did not get a single alert or anything in the logfiles, nmap reports ports 135, 445, etc are open.
4. Uninstalled winpcap, Unbound Deterministic Network Enhancer, Virtual Machine Network Services, Qos Packet Scheduler, File and Printer sharing for MS Networks. Did not help.
5. N/A
6. Done
7. N/A
8. Maybe related, my VirtualPC also no longer alerts on outgoing traffic from the Virtual host, on previous versions this resulted in a Firewall Alert. Tested also on Windows XP SP2 that seems not to be affected.

[attachment deleted by admin]

Run A Scan is missing a [Close] or [Cancel] button

1. Vista/XP
2. N/A
3. N/A
4. N/A
5. N/A
6. Done
7. N/A
8. All other windows have [Close] or [Cancel] buttons except this one. Now you have to click the [X] if you want to leave without scanning.

[attachment deleted by admin]

CIS is still causing a one Core 100% cpu load in conflicting with CMF.
If you install CIS and CMF on Vista SP1, Enterprise, UAC, x32 you only have to open a command-box and type exit.
Now take a process monitor and cmd.exe is using 50% cpu load (dual core). and the command-box won’t close.

1. Vista SP1, Enterprise, UAC, x32
2. CMF, BOClean, Winpatrol
3. See above
4. Yes, you can put the cmd.exe on the CMF exclusion list or you can disable the AppInit for guard32.dll
5. N/A
6. Done
7. N/A
8. This was there also for CFP 3.x

See also bugreport for CFP:
https://forums.comodo.com/bug_reports/cfpsetup3023364xpvistax32_high_cpu_load_on_process_100_on_1_core-t23177.0.html

[attachment deleted by admin]

!ot!

Haha, Ronny: you are truely “Comodo’s hero”! I think you’ve posted more bug reports than anyone else. Really impressed…

Keep up the good work, mate! :-TU

browsing folder to which WIM-image was mounted causes BSoD, minidumps provided;

previous reports & description by this link ;

CIS beta3, SafeSurf 1.0.0.6 ;

disabling cmdguard.sys and inspect.sys removes BSoD

[attachment deleted by admin]

For the AV Scan “Critical Areas” the \Users{LoggedOnUser} folder is not scanned.

It scans:

• \Windows
• \Program Files
• \ProgramData → All Users [C:\ProgramData]

I think the user folder should be part of “Critical Areas” also.

1. Vista SP1, Enterprise, UAC, x32
2. CMF, BOClean, Winpatrol
3. But a detectable malware in the \Users{LoggedOnUser} folder and start a Critical Areas scan.
4. N/A
5. N/A
6. N/A

After a manual scan when the Results window has focus and you click “ESC” for some reason the window closes without warning, this is not very nice if you have had to wait for a long time to find your results disappear, this “result” should also be written to the AV logfile that way you can find back your scan “details” later to compare etc.

1. Vista SP1, Enterprise, UAC, x32
2. CMF, BOClean, Winpatrol
3. Run a manual scan and have focus on the results window, press ESC and gone are the results.
4. N/A
5. N/A
6. N/A

32 Bit | Windows XP Pro | Service Pack 2
Comodo Firewall 3.5.52396.411 Beta only security program
Defense+: Clean PC Mode

Image Execution Control Settings > Files To Check: by default, only *.exe is included. It’s missing *.bat (which Vista doesn’t seem to be affected).