Author Topic: CIS and BSOD at boot only  (Read 2095 times)

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4197
Re: CIS and BSOD at boot only
« Reply #15 on: January 01, 2019, 02:30:52 PM »
Try booting into safe mode and uninstall from there, I just know that it is a cause of many BSoD as other reports found through goolge search indicate.

Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #16 on: January 02, 2019, 07:14:17 AM »
Hi anuswara,

Thank you for providing us required logs and dumps, but unfortunately it seems that dumps are not fully collected, because the part of required data is absent in the dumps.

Could you please configure the system to collect Full Memory dumps during BSOD.

Here is the steps:

Note: Please make sure you have enough disk space before you proceed.

i. Run > regedit
ii. Go to : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
iii. Manually set the CrashDumpEnabled registry entry to 1
iv. Restart computer system

Then upload full memory dump to any online storage and share us the download link (after next BSOD)

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #17 on: January 02, 2019, 11:38:07 AM »
[at]futuretech: not allowed, I tried in Safe Mode too.
[at]Metheni: as said, that is exactly what I did: regedit value to "1" , reboot, and full memory dump uploaded on google drive;
here what I posted on 25th december here: the FULL dump (2.99GB):
https://drive.google.com/file/d/1htDig80888use2nMltIgnFh2thiZGUox/view
Metheni, the "minidump" I posted on December 29, 2018, 07:26:39 AM was offered here just to indicate the dump collected and produced by "Comodo itself" during its crash ;)

!]]
Please pay attention that *always* when CIS installs defs update, the regedit value changes "automatically" into 2 or zero value! Therefore, before EACH shutdown, I switch it manually (every evening: I have the regedit shortcut on my desktop!) into "1" for collecting always the required full dump, if it happens.
!]]

[at]all:
short summary:

1) this BSOD arised after the CIS major upgrade from 8th December 2015.
2) from 5th June 2018 until 28 november 2018 all was ok, every day! (a big mistery)
3) Intel people says "we dont know well Comodo sw therefore we are unable to make ameliorements for better compatibility with Comodo", then they offer these (OLD!) drivers https://downloadcenter.intel.com/it/product/55005/Intel-Rapid-Storage-Technology-Intel-RST-?pg=2&keyword=Intel%C2%AE%20Rapid%20Storage%20Technology%20(Intel%C2%AE%20RST
as you see 2007, 2009, I have 2009. They add "Intel Matrix Storage does not exist, perhaps do you mean Intel Rapid Storage Technology?" No dear Intel, I mean just what I wrote.
4) Comodo (if I understood right) says "the CIS crash (and eventually the BSOD) its due to Intel Matrix driver only, not to Comodo sw".

Question:
what should the patient user anuswara do now?
1) to try installing other sw antivirus/firewall if they may result "more compatible" with Intel Matrix Storage at boot?
2) to change OS (and therefore printer, bluray burner, scanner, router, UPS sw and therefore the whole UPS...)?

thanks.





Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #18 on: January 03, 2019, 08:01:41 AM »
Hi anuswara,

We are working to find the reason for BSOD. We’ll get back to you as earlier as possible.

Thanks,
Metheni R
« Last Edit: January 03, 2019, 08:54:02 AM by Metheni »

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #19 on: January 03, 2019, 09:20:29 AM »
I warmly thank you Metheni, much appreciated.
Best,


Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #20 on: January 03, 2019, 02:34:49 PM »
anuswara,

Thank you for the effort you took in providing us all the required information. Could you please run this cisreport tool now and share cisreport data.

http://download.comodo.com/cis/download/installs/cisreporttool/cisreporttool.exe

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #21 on: January 03, 2019, 03:43:47 PM »
Hi Metheni,

Ok, the whole log file has been just uploaded on your server.

PS:
"Sysinternals" in cisreporttool: handle.exe crashed, but the log says "successful".

Best,

Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #22 on: January 04, 2019, 04:17:06 AM »
Thank You. Please upload the package with logs in any online storage like mega.nz or dropbox and share us the download link.

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #23 on: January 04, 2019, 07:53:45 AM »
oh, after automatic uploading I deleted the log.
OK I restart from the beginning running again the tool. I will send it to you as requested, but via PM ;)
« Last Edit: January 04, 2019, 07:55:18 AM by anuswara »

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #24 on: January 04, 2019, 09:55:49 AM »
Done!

Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #25 on: January 04, 2019, 10:51:34 AM »
We received your log files, thank you for your cooperation. Our developers are working on it.

Offline Metheni

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 663
Re: CIS and BSOD at boot only
« Reply #26 on: January 07, 2019, 10:44:49 AM »
Hi anuswara,

Thanks for your patience. Please try following cases and report if it works.

Case 1: Add "All Applications" to shellcode injection exclusion (Refer enclosed image1 and follow below steps):-

Step 1: Open CIS
Step 2: Select Settings
Step 3: Select Advanced Protection -> Miscellaneous
Step 4: "Don't detect shellcode injections" -> File Group ->Add "All Application"
Step 5: Reboot

if Case 1 does not solve the problem, try Case 2.


Case 2: Create/set GUARDMODE(REG_DWORD) (Refer enclosed image2 and follow below steps):-

Step 1: Run-> type regedit
Step 2: Select HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> CmdAgent -> Mode
Step 3: create/set GUARDMODE=0x40, reboot. (if it works, report D1)
Step 4: set GUARDMODE=0x80, reboot. (if it works, report D2)
Step 5: set GUARDMODE=0x100, reboot. (if it works, report D3)
Step 6: set GUARDMODE=0x200, reboot. (if it works, report D4)
Step 7: set GUARDMODE=0x400, reboot. (if it works, report D5)

Thanks,

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #27 on: January 14, 2019, 06:49:27 PM »
Hi Metheni,
could you please explain more verbose the case2 after step2?
(have I to write GUARDMODE in the new key? what means report d2, d3? are they logfiles named d2, d3?

thanks.



Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4197
Re: CIS and BSOD at boot only
« Reply #28 on: January 15, 2019, 10:18:47 AM »
Hi Metheni,
could you please explain more verbose the case2 after step2?
(have I to write GUARDMODE in the new key? what means report d2, d3? are they logfiles named d2, d3?

thanks.
You create a new REG_DWORD value called GUARDMODE and set the value data to 40 then reboot and replicate steps that caused the BSoD. If no BSOD happens then you say D1 works, if you still get a BSOD then edit the value data to 80 and keep repeating until BSOD doesn't happen anymore.

Offline anuswara

  • Comodo Loves me
  • ****
  • Posts: 117
Re: CIS and BSOD at boot only
« Reply #29 on: January 15, 2019, 10:29:48 AM »
Ok I will do it.
https://postimg.cc/hJzKHtKq
https://postimg.cc/Wdf2WkLn
I guess I created it right.

PS: How can you explain that since 2 weeks I am not BSOD? (and at the same time the CrashDumpEnabled value is always 1!! withouyt manual corrections!).
PS2: doing this task the CrashDumpEnabled changed itself to 2, instead of 1.
PS3: to avoid lost of time (try, wait, try, wait...), I set the value to 400, the maximum.
« Last Edit: January 15, 2019, 10:45:37 AM by anuswara »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek