Author Topic: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...) (Read 38259 times)

BBeat · « **on:** June 10, 2010, 05:00:33 PM »

[Hotfix] Remove the AppInit hook (guard32.dll/guard64.dll)

if guardXX.dll cause crash of your progam, you can remove it.
No need del guardXX.dll, Only need modify the registry values.

>Firewall only Users
import .reg file
logout and login the user account (9x% not need)

>Defense+ Users
disable Defense+
Deactivate Defense+ Permanently
No restart (9x% not need)
import .reg file
logout and login the user account (9x% not need)

PS:import .reg file, need Admin permission

----------------------------registry file for 32bit System-----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

-----------------------------registry file for 64bit System----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

------------------------------------------------------------------------------------------

1.Copy text
2.Paste to notepad
3.Save to file (ext=reg, format=unicode)
4.double click the .reg file

Saul Luizaga · « **Reply #1 on:** July 13, 2011, 04:17:47 AM »

This is for 64-bit apps:

Quote from: Natori on June 10, 2010, 05:00:33 PM

-----------------------------registry file for 64bit System----------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

This is for 32-bit apps:

Quote from: Natori

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

Ronny · « **Reply #2 on:** July 13, 2011, 10:35:54 AM »

!! WARNING !!
Doing so will compromise a part of your security.

It would be better to add the conflicting applications to the 'Image execution' exclusion list.
If that doesn't work you could try to remove these from the registry on your own risk.

To add an exception please open
Defense+ --> Defense+ Settings --> Execution Control Settings --> Detect shellcode injection [Exclusions]
And add the affected executable(s) there.

In any case please file a bug-report with as much details as possible (preferable the mini-dump created by windows on BSOD). so dev's can fix the issue faster.

FN2PGF · « **Reply #3 on:** September 04, 2015, 03:17:22 PM »

Same problem here, but I only use the firewall, nothing else.

Nantes · « **Reply #4 on:** September 05, 2015, 10:46:23 AM »

I'm also having this issue, and I only use Comodo Firewall. HIPS, Viruscope and Auto-sandbox are all disabled. Chrome crashes upon opening with the following error message:

Problem signature:
Problem Event Name:   BEX
Application Name:   chrome.exe
Application Version:   45.0.2454.85
Application Timestamp:   55df881b
Fault Module Name:   guard32.dll
Fault Module Version:   8.2.0.4674
Fault Module Timestamp:   55c148a3
Exception Offset:   000269c9
Exception Code:   c0000409
Exception Data:   00000000
OS Version:   6.1.7601.2.1.0.256.1
Locale ID:   1046
Additional Information 1:   f871
Additional Information 2:   f871d276997ae8cdb84cc090831ddf8c
Additional Information 3:   349e
Additional Information 4:   349e53c6719355c0348f9b83ced957a3

captainsticks · « **Reply #5 on:** September 05, 2015, 10:53:43 AM »

Hi Guys,
Please note this is an old topic, with a similar issue that has resurfaced when using Chrome 45.
Current topic found in the link below, please continue any further discussion there involving Chrome errors when using Comodo.
Comodo Firewall crashes Chrome 45 [merged]

Topic locked, thanks.

Quote from: BuketB on September 04, 2015, 04:20:04 AM

Hello everybody,

We would like to inform our users who had crash after they update their Chrome 44 to 45 ( related bug report is here https://forums.comodo.com/bug-reports-cis/guard32dll-kills-chrome-45-t112785.0.html;msg817958#msg817958); you will receive an update on Monday as we are now working on the fix and it will be released on Monday.

In the meantime, here is the temporary fix for you to apply:

https://help.comodo.com/topic-72-1-623-7731-HIPS-Settings.html#detect_shellcode_injections

Try adding Chrome to the Exclusions of Detect Shellcode Injections.Add the exclusion when chrome is not running, it will work after you add the exclusion and detect shellcode injections must be enabled for the exclusions to take affect.

For your kind attention please,

Best Regards
Buket

Author Topic: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...) (Read 38259 times)

BBeat

[You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)

Saul Luizaga

Re: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)

Ronny

Re: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)

FN2PGF

Re: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)

Nantes

Re: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)

captainsticks

Re: [You May Need It] Remove the AppInit hook (guard32.dll/guard64.dll or etc...)