BoClean question: how fast does it start after the OS? [Resolved]

As a user of BoClean for well over 4 years I would like to ask this.If you have a trojan setting on your computer and you startup from a cold boot how fast does BoClean start after the operating system to protect you from said trojan starting first before BoClean?My a/v and BoClean fight to start first after the o/s and sometimes one wins and other times the other app. wins first.

~Mod edited title to reflect issue~

Welcome to the forums, pugmug (:WAV)

Sysinternals has an application called Load Order that will help you see where BOCore falls in the grand scheme of things, as far as from boot.

As far as for login and applications loading from that point, you may want to utilize a startup manager, if you want to specifically control that order.

For specifics on it, I’m afraid I don’t have those details for you. There are a number of handy applications in our collection of useful free programs (including startup managers). https://forums.comodo.com/index.php/topic,1731.0.html

I hope that helps some,

LM

Little Mac,thank you for the welcome and the response.I don’t think a startup manager is what I want or need.I run very lean and mean at startup,lol.The o/s,a/v,BoClean,a/s and firewall are all that start.I guess my question goes to a coded trojan to start before any other of my 4 apps. with or after the loading of the o/s.

No problem. My guess is that the coders of malware would certainly like it to run b4 the protection runs. I would imagine that it’s possible. I swear I saw something from Melih on that, here in the BOC Boards.

I looked for it quickly, but couldn’t find it. Maybe it was the original announcement thread. Hmm… At any rate, I want to say there was an explanation about malware trying to execute b4 the protection comes on line.

And then again, maybe I’m smokin’ somethin’ and read it elsewhere; in which case it would have no connection to BOC.

LM

pugmug,

This does not really address your question specifically but from Configuration Section Free Malware Removal and Scanner 2022 | Best Anti-Malware

“The first item at the top left of the dialog is the option to “Automatically start BOClean at bootup.” This checkbox controls auto-startup of BOClean from the registry. When this box is checked, BOClean will start when your system does. This mode is HIGHLY recommended to ensure that BOClean is watching your system from startup when any latent nasties sitting on your hard disk are likely to be started. Many nasties can be downloaded and never triggered when first dropped on your system. Since BOClean is NOT a “file scanner,” it will not notice nasties UNLESS they actually try to RUN - this is the point where you’re most vulnerable, so it’s a good idea to leave this checked.”

munckman,thank’s for you input.That is closer to but not quite the answer I am looking for.Seems my security apps. start with or just after the o/s but who’s knows for sure how long or short a time it takes a trojan to do it’s dirty work on startup. ps.I have the load BoClean at startup button checked.

Can I get an answer to this question from someone in the know?Waited over a month,Comodo.

Well it seems Comodo can not or will not answer my question.I will take it to the net and let it be known that Kevin and the new owner Comodo,dis long time customers.

pugmug,

Sorry to hear that you feel you have been disrespected by the lack of a specific answer to your question. Pretty much the entire development team has been nose-deep in trying to work on improving the product. Apparently they have not been able to take the time to respond to your question.

The threat to bad-mouth Comodo to the internet is really not warranted, IMO, especially considering that the question is not necessarily related to the performance of a Comodo product. That is to say, you have BOC set to load at startup, and you have been provided with information regarding utilities to determine where BOC falls within the load order (ie, LoadOrder by SysInternals).

Your remaining question seems to be asking when malware loads, which is not BOC-dependent. Each malware probably has its own load time, depending on how it is coded; it will attempt to load when it loads, regardless of what anti-malware applications are in use. I would hazard an educated guess that the specific location of malware in the load order is going to depend on the malware in question; they will not all be the same…

LM

LittleMac is right, some malware may register a service and run service key, driver, kernel module or a normal run registry key. These all will load at different times in the boot process.

BOC as far as i know starts at some point at kernel level, and so do most anti virus vendors (They actually start as part of the OS i suspect). We cannot tell you exactly what is loaded where.

Anything past that is really testing my knowledge as i am not a kernel level programmer. In windows Vista the kernel is locked so User-mode API calls will have to be used.

Sorry for not having time for the forum - since the acquisition of PSC by COMODO, there’s been a lot of work in getting people trained in handling the malware and a raft of other things necessary in order to maintain BOClean during the transition that have had me and lots of other people incredibly busy. We all felt it to be a higher priority to ensure that everything was covered while ensuring that new people were trained in handling all of the malware which kept BOClean itself from being improved for a very long time.

When the system starts, first thing that happens as far as BOClean goes is loading of the kernel driver as soon as the kernel starts. When the system comes up, BOCORE starts, and after you login BOClean itself starts. For those who don’t know how Windows works, it will load EVERYTHING in a startup group at each startup step and there isn’t any “start order” at all. The kernel calls EVERYTHING and it’s simple matter of random luck as to what starts first which is why it appears to be as random as you see - each bootup, different things will start and that’s normal.

There are some programs which will allow you to SET a “boot order” but what’s actually going on is that program is called individually and then it loads things one by one in the order chosen. But doing this will actually slow down the bootups and should be done only when there are obvious conflicts. Otherwise, doing so doesn’t really help. Windows throws a handful of change up in the air, sometimes the quarters will land first, other times the pennies. All a matter of what gets what kernel time slices and when. You’ll see this same randomness in the traybar ordering too. :slight_smile:

In answer to your question, if there’s a trojan on your machine at bootup then it was there at shutdown and should have been detected there. BOClean will do cleanup of stubborn files that won’t delete at bootup but you’re still using the same database that was there when the system was running the last time so I wouldn’t expect much to happen at bootup. And while the kernel driver and services are running before you bootup and will catch some rootkits that aren’t seen by the main BOClean program - nothing will be done until you’ve logged in and BOClean changes from the blue color to black indicating that it’s finished checking everything.

So, to simplify, BOClean won’t do diddly until it’s in usermode after you’ve logged in. But the question itself has an issue in that BOClean should have gotten it before you shut off the machine in the first place so there shouldn’t be anything lingering at bootup in the first place. When we get to BOClean 5 (and yes, work HAS begun on it but it’ll be a while since it’s a total redesign from the bottom up) we’ll be looking for things BEFORE the system even starts to boot. For now, BOClean is still based on a 9 year old design that’s been added to over all these years because PSC never had the time or funding to develop very much - all the time and effort had to go into keeping up with all the malware. Under COMODO, we now have the resources to be able to do BOTH, and very well at that. :slight_smile:

Hope this helps … I’m the only one who had the answer you wanted, but lacked the time …

LM,sometimes a voice needs to be heard from the wilderness anyway it can.Kevin,thank you for the reply!