Comodo Firewall 4.0.1
Windows XP Pro SP-3
After installing CIS4, there is a constant attempt to run an installation for DAO (Data Access Object) software. I cannot narrow it down to a particular application. I could be running:
Internet Explorer 8 (with or without add-ons)
nrg2iso (convert Nero .nrg files to .iso files)
Windows Movie Maker
That was the last time that I monitored what programs that I started when the DAO install started (which I cancel every time).
The DAO install complains that a file is missing and is pointing into the %temp% folder. Well, yeah, there won’t be that file there. After all, I’m not the one that tried to run DAO.msi. It isn’t the above software that initiates the DAO installation. If I try to rerun those same programs, sometimes it triggers the DAO install and other times not. There are other programs that I’ve run that started the DAO install. In fact, almost any program that I run might initiate the DAO install but there is no reproducibility in when I can make it happen. So far, the only thing that is common is the Comodo Firewall.
So I had to find out who was trying to run an install of the DAO (Data Access Objects) software. Using Process Explorer from SysInternals, I saw that the program trying to run the DAO install was rundll32.exe. That is a program that executes methods (functions) out of DLL files. A parent program executes rundll32.exe to run some other program. So now I had to find out who was calling rundll32.exe to load.
It looks like WinPatrol is trying to execute the rundll32.exe program. When I exit WinPatrol, I don’t get prompts to install DAO. Something that WinPatrol is trying to do is triggering the install of DAO but this only started after the install of Comodo Firewall.
Well, I thought it was WinPatrol but then later I loaded Internet Explorer. However, I didn’t load it directly but instead used a search qualifier in the Address Bar in the Windows Taskbar (to perform a Google search). In IE, you can define search prefixes, like “g +outlook +password” would do a Google search using “+outlook +password”. I did this and, ■■■■, IE ran rundll32 to perform some “manifest” function. IE8 wouldn’t load and instead complained “Windows cannot find 'Google…” and follows by opening another instance of IE. I take IE out of the “Programs in the Sandbox” (where I had disabled file virtualization since I just wanted to run IE under reduced privileges). Now IE wasn’t protected anymore by Sandbox. Alas the next time I ran IE, the DAO install tried to run again. WinPatrol hadn’t been running for a long time so that wasn’t it.
So I disabled Defense+ and started up a slew of different applications. As soon as I hit Windows Movie Maker, the prompt appeared asking for a file for the DAO install (but it could be any program). Disabled the Sandbox and retested. When I happen to load IE8 (after about half a dozen other program), the DAO install popped up again.
So I uninstalled Comodo Firewall, rebooted, and retested. Sure glad I used Zsoft Uninstaller to monitor the installation of Comodo. It cleaned out a lot of remnant garbage left by the Comodo uninstall, and not just entries that Windows adds because of use of a program but HIPS rules left in the registry for Comodo. After loading more than 50 applications, which included loading IE8 several times to different sites, not once did the DAO install startup. So the culprit was Comodo’s Firewall product.
Comodo wins. I give up. I’ve spent far too much time on this product trying to get it to work or workaround its problems or deficiences. Time to move on and trial another choice.