Author Topic: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)  (Read 38259 times)

Offline BBeat

  • Comodo Loves me
  • ****
  • Posts: 119
[Hotfix] Remove the AppInit hook  (guard32.dll/guard64.dll)

if guardXX.dll cause crash of your progam, you can remove it.
No need del guardXX.dll, Only need modify the registry values.

>Firewall only Users
import .reg file
logout and login the user account  (9x% not need)

>Defense+ Users
disable Defense+
Deactivate Defense+ Permanently
No restart (9x% not need)
import .reg file
logout and login the user account  (9x% not need)

PS:import .reg file, need Admin permission

----------------------------registry file for 32bit System-----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


-----------------------------registry file for 64bit System----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


------------------------------------------------------------------------------------------

1.Copy text
2.Paste to notepad
3.Save to file (ext=reg, format=unicode)
4.double click the .reg file
« Last Edit: June 10, 2010, 05:06:36 PM by Natori »
Win10x64, CFW 10.0.1.6294
        ~BFE Bug never fix :D~
CIS have firewall allow/block mixing rule bug started in CIS 5.12, new connection maybe identified as aother app initiate, trust me ;)

Offline Saul Luizaga

  • Computer Security Testing Group
  • Comodo Loves me
  • *****
  • Posts: 141
This is for 64-bit apps:
-----------------------------registry file for 64bit System----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

This is for 32-bit apps:
Quote from: Natori
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
!! WARNING !!
Doing so will compromise a part of your security.

It would be better to add the conflicting applications to the 'Image execution' exclusion list.
If that doesn't work you could try to remove these from the registry on your own risk.

To add an exception please open
Defense+ --> Defense+ Settings --> Execution Control Settings --> Detect shellcode injection [Exclusions]
And add the affected executable(s) there.

In any case please file a bug-report with as much details as possible (preferable the mini-dump created by windows on BSOD). so dev's can fix the issue faster.
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline FN2PGF

  • Comodo Member
  • **
  • Posts: 29
Same problem here, but I only use the firewall, nothing else.


Offline Nantes

  • Newbie
  • *
  • Posts: 1
I'm also having this issue, and I only use Comodo Firewall. HIPS, Viruscope and Auto-sandbox are all disabled. Chrome crashes upon opening with the following error message:

Problem signature:
  Problem Event Name:   BEX
  Application Name:   chrome.exe
  Application Version:   45.0.2454.85
  Application Timestamp:   55df881b
  Fault Module Name:   guard32.dll
  Fault Module Version:   8.2.0.4674
  Fault Module Timestamp:   55c148a3
  Exception Offset:   000269c9
  Exception Code:   c0000409
  Exception Data:   00000000
  OS Version:   6.1.7601.2.1.0.256.1
  Locale ID:   1046
  Additional Information 1:   f871
  Additional Information 2:   f871d276997ae8cdb84cc090831ddf8c
  Additional Information 3:   349e
  Additional Information 4:   349e53c6719355c0348f9b83ced957a3

Offline captainsticks

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11197
    • Comodo Help
Hi Guys,
Please note this is an old topic, with a similar issue that has resurfaced when using Chrome 45.
Current topic found in the link below, please continue any further discussion there involving Chrome errors when using Comodo.
Comodo Firewall crashes Chrome 45 [merged]

Topic locked, thanks.
Hello everybody,

We would like to inform  our users who had crash after they update their Chrome 44 to 45 ( related bug report is here https://forums.comodo.com/bug-reports-cis/guard32dll-kills-chrome-45-t112785.0.html;msg817958#msg817958); you will receive an update on Monday as we are now working on the fix and it will be released on Monday.

In the meantime, here is the temporary fix for you to apply:

https://help.comodo.com/topic-72-1-623-7731-HIPS-Settings.html#detect_shellcode_injections

Try adding Chrome to the Exclusions of Detect Shellcode Injections.Add the exclusion when chrome is not running, it will work after you add the exclusion and detect shellcode injections must be enabled for the exclusions to take affect.


For your kind attention please,

Best Regards
Buket
« Last Edit: September 05, 2015, 11:03:18 AM by captainsticks »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek