Avast claims Comodo FW bug

Avast has been releasing beta updates to their version 6.0 AV. Their most recent refresh, 6.0.1035, caused BSODs for some users. Avast has traced the problem back to Comodo FW. A member of their staff wrote on the Avast forum –

I still add new & new features even between two public builds. In 1035 build I included better win32k.sys & ntdll.dll hooking, however Comodo IS wasn't expected such non-standard hooking variant (in fact, its component guard64.dll corrupted ntdll.dll file which led to wininit.exe crashes). I removed the problematic part, because we won't wait than they'd fix it.

The upshot is that they will work around the issue. What is most interesting is the charge that guard64.dll is corrupting ntdll.dll. That seems to me like a very significant issue. Would someone from Comodo care to comment?

haha, that was fast! ;D

I wrote that post… comodo’s author of guard64.dll component can contact me directly (kurtin@avast.com). I can provide him some technical details. I modified syscalls patching and I think comodo didn’t disassembled it well.

I send a pm to egemen the head developer pointing to this topic.

any update on this?

This is interesting…any news about this…

I sent the message again. May be something hiccupped with the pm system…

So this is why i have ntdll.dll crashes like this…

Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0007c506
Faulting process id: 0x1a50
Faulting application start time: 0x01cbe9a9e9143577
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 31938262-559d-11e0-b3d4-001fc6f3c270

Is it enough to uninstall Comodo to get the “uncorrupted” ntdll.dll?

I got a reply from egemen and he said Comodo and Avast are on speaking terms about it. It is being worked on.

I have AIS ver6_1035 in one of old pc here. Not experienced that problem…well personally (just my own opinion) Avast ver6 is still buggy(there’s a weekly RC update there…now at 1044). The claim should not be on just CIS but both ethically speaking.

And as noted above, this IS being worked on.

I assume those crashes only happen if Defense+ is monitoring the system for applications that hook into the core.

I see Avast has officially released 6.0.1091 Has this issue been resolved?

It was not on the change logs:

yes, we fixed it, because comodo refused to fix it in their library

Real professional Comodo

That’s really bad, I’d hope they would fix this since it’s not only affecting AVAST users.