BSOD caused by Comodo says WhoCrashed

A. The bug/issue

  1. What you did: I was doing some things on the pc (word /Internet explorer)
  2. What actually happened or you actually saw:BSOD
  3. What you expected to happen or see: No BSOD
  4. How you tried to fix it & what happened:Restarted pc
  5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?:No it’s not
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): I used a program “whocrashed” to find the cause of the crash
  7. Whether you can make the problem happen again, and if so exact steps to make it happen:
    Can’t make it happen again but had another BSOD a few weeks ago (after more than a year without this issue)
    I had just done a Windows update (7updates) and forgot to use whocrashed. Used system restore to return before Windows update and then did the updates one by one over a period of 2 weeks.
  8. Any other information (eg your guess regarding the cause, with reasons):
    This is the information whocrahed gave:
    On Tue 20/03/2012 15:16:18 GMT your computer crashed
    crash dump file: T:\Minidump\Mini032012-01.dmp
    This was probably caused by the following module: cmdguard.sys (cmdguard+0xD278)
    Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFFA008CF59, 0xFFFFFFFF8CC2EAF0, 0x0)
    file path: C:\Windows\system32\drivers\cmdguard.sys
    product: COMODO Internet Security Sandbox Driver
    company: COMODO
    description: COMODO Internet Security Sandbox Driver
    Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cmdguard.sys (COMODO Internet Security Sandbox Driver, COMODO).

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): BSOD so not possible
  2. Screenshots illustrating the bug: BSOD so not possible
  3. Screenshots of related CIS event logs:BSOD so not possible
  4. A CIS config report or file.BSOD so not possible
  5. Crash or freeze dump file: Attached
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version.

C. Your set-up

  1. CIS version, AV database version & configuration used: CIS 5.10.228257.2253, AV: 11889, Internet Security config.

  2. a) Have you updated (without uninstall) from from a previous version of CIS: probably I update regularly
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: No

  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:N/A

  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):No

  5. Defense+, Sandbox, Firewall & AV security levels: D+= safe, Sandbox=off , Firewall = safe , AV = Statefull

  6. OS version, service pack, number of bits, UAC setting, & account type: Windows Vista Service Pack2 32 bits UAC=default account=admin

  7. Other security and utility software currently installed: None

  8. Other security software previously installed at any time since Windows was last installed:None

  9. Virtual machine used (Please do NOT use Virtual box):No

Can you give me instrructions of things to do/check if BSOD occurs again?

[attachment deleted by admin]

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post (Please note that the red text in the format post links to explanations of the terms used, and how to find any files requested).

  • B.5 Please zip and append the dump file you refer to.
  • C.2(b) Have you tried re-installing? If no just put NO here
  • C.3(a,b) Have imported a config/tried a standard conifg? If you don’t know what it is the answer will be No to both
  • C6. Account type is admin or standard user, UAC setting is explained via a red link in the format post

Re things to look for, the most important thing is to get a dump file. It can also be important to describe as precisely as you can what you were doing, or what you system was doing, just before the crash.

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again


•B.5 Please zip and append the dump file you refer to.- Couldn’t attach original - made copy and attached
•C.2(b) Have you tried re-installing? If no just put NO here •NO
C.3(a,b) Have imported a config/tried a standard conifg? If you don’t know what it is the answer will be No to both-NO
•C6. Account type is admin or standard user, UAC setting is explained via a red link in the format post
Account : admin UAC : on

For the dump file I have a problem I tried looking for %LOCALAPPDATA%\Microsoft\Windows\WER\ReportQueue But file was not found. Probably windows reporting has been undone somewhere.
I only have minidump file but thats a .dmp file and I can’t add that

Could a moderator help me:

  1. Reinstall windows reporting so that next time I can give good info
  2. Explain how to add mini dump file.

Edited and added: Minidump file added see reply 13 (couldn’t add it here after editing)

Ta sorry bit busy now. Ill relative. Will get back tomorrow if not still at her house.

Best wishes


danyb, the version of CIS you appear to have installed (5.0.162636.115) is an older version, CIS 5.10.228257.2253 is now available. Since some of the fixes leading up to CIS 5.10 did relate to fixing BSOD issues, I recommend that you upgrade to the latest version and see if this problem persists.

Sorry for being so dumb.
My only excuse is that Comodo gives few problems so I am not used to filling in these forms.
The CIS I am on is CIS 5.10.228257.2253 - Kail I don’t know why you think I’m on an older version.
Looking in my previous posts I can’t find my version.
I remember having mentioned it somewhere because I definitely remember also having given the AV version :11889 and stating that this is my current version that may have been updated since the problem.

Could someone help me with this :

  1. Reinstall windows reporting so that next time I can give good info
  2. Explain how to add mini dump file.

So that I can make better report next time?

Hi danyb.
Kail has most likely read your Signature, which is stating V5.0.162636.115.

Indeed. :slight_smile:

But, since that’s obviously out of date. Please ignore my post danyb.

Sorry - and thanks for pointing this out. Deleted signature

No problems, you are welcome.

Could someone help me with this : 1. Reinstall windows reporting so that next time I can give good info 2. Explain how to add mini dump file.
Information about crash dump files found [url=;msg456617#msg456617]here[/url].

In Mouse1’s reply 7 under “Setting up your machine to help you record BSOD error messages”
He shows how to create and find mini dumps.
I have this dmp file for the issue I had. Only : I can’t add .dmp files to my post.

Can anyone help me to post this dmp file?

On the other hand I think the Whocrashed comment I have posted in my first post uses this mini dump file so I think you already had all you needed there???

Right click file and send to a Compressed (Zipped) folder then attach via additional options.

Sorry - this is soo frustrating -
I right click the dmp file and with 7 zip try to create a zip file.
I can create zip file in an email but can’t save the zip file.
I get the error 7zip cannot open Mini…zip
Also tried to save the attachment from the mail but it’s “read only”
I think it’s got something to do with administrator rights
And the frustrating thing is I do have ald dmp zips so I must have been able to do it at some time.

Either - help with zipping - or a mailadress to send zipped file

OK after some more googling I solved it:
Had to copy the dump file to another location first
I’m adding it here and will also try to add it to my original post

[attachment deleted by admin]

Thanks very much Danyb

Have edited your post with the extra information.

I omitted to ask for the configuration you are using. To find this go to More ~ Manage my cnfigs and tell me which is ticked. It will be ‘Internet Security’ if you have not changed it.

I’d also prefer it if you would append an active process list. You are right that you cannot append one at the moment of the crash. Indeed the devs may be able to extract [Edit: some of] this info from the minidump, though this depends on the state of your computer at the point of crash. However appending one as of now, presuming you have not installed much more software since, may help the devs to quickly identify a software conflict.

To record the active process list take a screenshot of the whole list, and zip it. If vista is like win7 you should find a tool to do this. the ‘Snipping tool’ under Start ~ Programs ~ Accessories.

Best wishes


configuration : CIS

I think I can add the images of the running services without zipping

Hope you have all you need now

[attachment deleted by admin]

Hi Danyb

That’s the OS one which is probably good enough, yes, in this case. So I’ll forward now.

The active process list is actually part of CIS, and is better. Go to D+ and you will see View Active Process list. You can append it in another post if you like after I forward this.

Thank you very much for your report in standard format, with all necessary information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

I have enclosed the Comodo active proces list

If crash happens again I will try to post it right from the first.
But hope it won’t happen again :wink:

[attachment deleted by admin]

Thanks very much danyb.

Best wishes