Comodo KillSwitch Bug Reports

This is for reporting Bugs in KillSwitch

Please post all bug reports & BSOD’s here and make sure to include:

  1. Your Operating System (32 or 64 bit) and Service Pack revision
  2. Other Security and Utility Software Installed
  3. Step by step description to reproduce the issue
  4. How you tried to resolve the problem
  5. Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <–This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don’t want to post the link to the memory dump, then PM a Mod with the link for the dump))))
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful

It’s vital to provide all this information, so the developers can quickly identify and fix bugs faster.

This format will be strictly moderated. If your messages do not convey this format, they are not going to be taken into account.

For those who observe freeze issues while doing a full scan:

Here is what you need to do in order o identify the problematic file while scanning:

1 - Disable Defense+(If you have CIS installed)
2 - Download Process Explorer from Process Explorer - Sysinternals | Microsoft Learn
3 - Run Process Explorer
4 - In Process Explorer, select View->Lower Pane View->Handles
5 - In Process Explorer Process window, click on cce.exe
At this stage, in the lower pane, you should be seeing handles opened by cce.exe. You are particularly interested in “Type File”
6 - Open CIS and Run a Scan → My Computer.

Wait until the scan hangs. When the scan hangs, you must go to Process Explorer and check the Lower Pane for open “File Handles”. One of those handles are causing this issue. Probably an archive file. Please indentify that file and let us know.

==============================================
**edited by jay2007tech to add on how to produce or force a memory dump (If needed)
How to produce a memory dump

To Configure Your Computer for a Complete Memory Dump If you cannot locate a complete memory dump file or a complete kernel memory dump file, you can configure your computer to record them by generating an event report. To do so, follow these steps:
  1. Click Start, and then click Run.
  2. Type control sysdm.cpl, and then click OK.
  3. On the Advanced tab, in the Startup and Recovery section, click Settings.
  4. In the Write debugging information list, click Complete memory dump or click Kernel memory dump, and then click OK.
  5. Click OK to close the System Properties dialog box.
  6. In the System Settings Change dialog box, click Yes if you want to restart your computer now. Click No if you want to restart your computer later.
'Crash on Control Scroll'. This feature allows a user to manually crash the system, thus triggering the blue screen of death (also known as BSOD) and memory dump generation.

To enable that feature on a USB keyboard:

* Start the registry editor (regedit.exe)
* Locate the following key if you have a USB keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
  • In the Edit menu, click Add Value and add the following registry entry:
    Name: CrashOnCtrlScroll
    Data Type: REG_DWORD
    Value: 1
    • Exit the registry editor, then reboot.

if you have a PS2 keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
* In the Edit menu, click Add Value and add the following registry entry:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
* Exit the registry editor, then reboot.

After the reboot, you can now manually trigger a crash by pressing the SCROLL keyboard key twice while pressing the right CTRL key.
After you created a complete memory dump and restarted the computer, you need to know where the .dmp file is

Click Start, and then click Search.

Click All files and folders.

In the All or part of the file name box, type *.dmp.

Now that you know where it is
Use winrar, winzip, 7zip, or anything like that and create a archive(basicly a .zip file) (that so you can compress 1gb to 300-400mb’s) Thumb Up <—this will save you some bandwidth uploading later, trust me

Now you have a highly compressed memory dump file that’s in a .zip file
Next upload it to megaupload.com and save the link (because we know email won’t allow a couple hundred megabytes at a time

:slight_smile: I thank you ahead of time for taking the time to report a bug :slight_smile:
If you need help filling out a bug report or still not sure how, Just PM a mod anytime.

https://forums.comodo.com/comodo-cleaning-essentials-cce-killswitch-cce/comodo-cleaning-essentials-1417788949-rc1-ready-t68674.0.html;msg486273#msg486273
Updated Version is released; please update and make sure you include your version number while reporting bugs :slight_smile:

Jake

A few 64-bit Killswitch bugs I’ve spotted, at least on Windows 7 x64 SP1.

The BHO tab doesn’t read entries from the 32bit BHO node: “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects”

I also have the suspicion 64bit Killswitch doesn’t use WSCEnumProtocols32 to enumerate 32-bit LSPs, considering it misses the 32bit WindowsLive entry on my 64bit system…

In your C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\netds\winsock\lsp\common directory, there’s a file called provider.cpp, It’ll show how to enumerate LSPs correctly on both 32bit and 64bit platforms :wink:

Hope it helps.

dmex

1.windows 7 64bit
2.CIS 5.3
3. Use terminator on an frozen program
4. I have tried in more than 2 occasions and killswich get frozen also
5. Memory Dump while the program was frozen on a pm to jay2007tech
6. No screenshots
7. Any other information you think that might be useful
maybe its hard to reproduce this problems because it required to get a program to hand, and unable to finalize it thought task managed (yes this is a serious hand from my video players)
Terminator hands while on the thirth phase
happens on any version,

programs related: kmplayer sometimes hands while playing with DXVA
media player classic also hand in the same situation but both at random moments, because of that its hard even for me to reproduce this problem

  1. Your Operating System (32 or 64 bit) and Service Pack revision | xp sp3 , business(?)
  2. Other Security and Utility Software Installed | symantec enterprise
  3. Step by step description to reproduce the issue | under restricted user account. cant open cse or kill switch. ks executes itself with infinite loop. I cant kill ks , need to reboot to use pc.
  4. How you tried to resolve the problem | reporting bug

edit: using 1.4.177889.49 .

update: used with 1.5 too . Still bugy. At least make an error window that says user is not an admin.

Why different some test results from KillSwitch 1.4(CCE 1.4.177889.49 RC1) and KillSwitch 1.5(CCE 1.5.181743.64 RC2) ?

1.Your Operating System (32 or 64 bit) and Service Pack revision - two computers: Windows 7 Ultimate(x86, SP1) and Windows XP Professional(x86, SP3)
2. Other Security and Utility Software Installed - only CIS 5.3.181415.1237; CTM 2.8(on two computers)
3. Step by step description to reproduce the issue -
What I do:
run KillSwitch 1.4ViewShow only the unsafe images in memory.
After that, on the same computer, run KillSwitch 1.5ViewShow only the unsafe images in memoryand the results are different(lot of unknown files)!
also did a few times on two computers - Windows 7 Ultimate(x86, SP1) and Windows XP Professional(x86, SP3), - same situation.

4. How you tried to resolve the problem --------------------------
5. Upload Memory Dumps on crash… -------------------------
6. Attach screenshots to your posts to clarify the issue further - See attached screenshots
7. Any other information you think that might be useful -------------------

What is this bug KillSwitch 1.5?

Thank you for your attention!

[attachment deleted by admin]

killswitch using over 110 MB really???
vlc listed as fls.unknow??
razer mouse diver listed fls.unknow???

vista 32bit
norton

[attachment deleted by admin]