BSOD when using sandbox or Virtual Kiosk [M210] [v6]

A. The Bug

  1. What you did: Execute Virtual Kiosk or try to run program in sandbox.
  2. What actually happened or you actually saw: Blue Screen of Death
  3. What you expected to happen or see: Virtual Kiosk or run program in sandbox
  4. How you tried to fix it & what happened: Tried on different computer with different hardware and all causes blue screen of death
  5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?:Not Applicable
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware):Not Applicable for first part, for second part it doesn’t matter which application it is it cause blue screen of death on all.
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Open CIS and execute virtual kiosk and within few short second blue screen of death will show up again. Culprit driver seem to be fltMgr.sys as it is shown in all different configuration for me at least.
  8. Any other information (eg your guess regarding the cause, with reasons):
    a. When BSOD occurs I get page fault in nonpaged area.
    b. I have Reboot and restore application and 99.9% positive about clash between these two applications. It may be possible both are fighting for same resources. However in previous of CIS this doesn’t happen when application was sandbox.
    c. The applications I have for reboot and restore also works on kernel level and take control of OS in really early phase of starting os. Application name is deepfreeze from faronics.
    d. Reboot and restore application is same regardless of CIS version.

B. Files appended. (Please zip unless screenshots).

  1. A diagnostics report file See towards end of this post
  2. Screenshots of the 6.0 Killswitch Process Tab See towards end of this post
  3. Screenshots illustrating the bug: See towards end of this post
  4. Screenshots of related CIS event logs: Not Applicable
  5. A CIS config report or file.See towards end of this post
  6. Crash or freeze dump file:See towards end of this post
  7. Screenshot of More~About page. Can be used instead of typed product and AV database version.
    See towards end of this post

C. Your set-up

  1. CIS version, AV database version & configuration used: 6.0 260739 2674
  2. a) Have you updated (without uninstall) from from a previous version of CIS: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:Already did still cause blue screen of death.
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):Firewall is set to use block incoming connection in stealth port setting.
  5. Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: D+/HIPS=Safe, ASB/BB=Enabled, Firewall=Safe, AV=Not Applicable
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7(x64) Service Pack 1 (64 bit) UAC=ON account type=Admin
  7. Other security and utility software currently installed: CIS & Ad Aware Antivirus
  8. Other security software previously installed at any time since Windows was last installed: Microsoft Security Essentials
  9. Virtual machine used (Please do NOT use Virtual box): No

[attachment deleted by admin]

Sorry you are having this problem.

Have you tried the fixes in this post: Comodo Forum

If not please do try them, and I will forward if they do not resolve the issue

Best wishes


here’s a link i found in google on that particular file causing blue screens

Thank you, for getting back to me. However I am sorry to say program compatibility issue post is not applicable to me. Perhaps I haven’t made myself very clear in regards to the behaviour of CIS and other program I am using.

I am gone break this post in to sections and try to cover what problem is and what additional step I took after initial posting to isolate problem.

CIS consist of several programs in one package and each of them uses their respective drivers to accomplish their job. For this post one can take out firewall and antivirus driver(s) from perspective as they are not causing problems. However sandbox is indeed conflicting with other program.

My understanding is in order for sandbox to do its job it has to use driver(s) which can handle read and write request made from the sandbox application and thus isolating from host OS. It may use other drivers but for scope of this I will limit to only one being affected.

The other application (deepfreeze) I am using is doing same thing, however there is one key difference between them, sandbox only isolate when request is made for particular application. Where other program sandbox entire host OS which happen in very early phase of OS initialization.

Both programs using sandbox technique, however how they do it is the one I want took look into. My assumption is both programs are using a kernel driver which is responsible for handling read and write request made. At this stage “Fltmgr.sys causes BSOD simply because it doesn’t know what to do with request made by other drivers.

While at it I want to mention previous version of CIS 5.10.228257.2253
didn’t cause BSOD when application(s) were sandbox and other application was running (deepfreeze). Simply put both were running without any problems.

If I uninstall deepfreeze BSOD doesnt occur on any of the four test machine. If I Install and keep previous version of CIS it doesnt cause crash either. At this stage one may say driver is the cause of problem or it is malfunctioning if that was the cause my OS simply won’t boot.

I will contact other party and see if they can repeat the issue and ■■■■■ if their software is at fault. Very unlikely since it doesn`t crash with other CIS version other than version 6.

Thanks for the detailed feedback. If DF is virtualisation software CIS may not work with it. But it seems to me that it’s really image and restore software, which CIS should work with?

Anyway will forward for now :slight_smile:

Best wishes


Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


Deepfreeze doesn’t use Image based restore function, you can understand probably understand frustation if you had to wait 4-5 minute every time you restart machine.

I also requested vendor of deepfreeze to see if they can produce this in their labs and isolate leading cause of this issue. It will help a lot to know if it is their program or CIS being at fault.

What took me off surprise that it worked in previous version of comodo, even thogu deepfreeze version wasn’t changed at all.

Is it technically more like VMware in it’s virtualisation approach then? If so I think CIS might aim to work with it, unless based on VirtualBox, which is a known conflict. For the moment I am marking MN, which means devs should review, but mods are not tracking. If tech is like Vmware I’ll upgrade to tracked.

Hope that’s OK


mouse1 you are making good effort to understand the concept ;D so what I am gone do is post link of Infographic and how it works and how one should setup if they choose. It is my believe in order for developer troubleshoot it will be good idea to have understanding of program or at least basic concepts.

I Just realized diagram may not very clear to understand underlying function. So I will try to explain which may or may not benefit developers or other readers.

Consider a scenario where we have ideal configuration of a pc just that way we want. Then program is installed, as a result kernel of program is now responsible for tracking read and write change. As a result when write request is made it is redirected to scratch space and if read request is made it is first checked to see if file exist is scratch space if so it feed that file to file system from that location. Otherwise it point outside of scratch space for read request only.

When you reboot or shutdown scratch space is deleted and file is read from original location, however write request is always inside scratch space, when program is enabled.

To sum it up all new file are written to the hard disk is store at “Temporary” space or sector, so this will automatically deleted after shutdown or reboot.

OK so in effect changes to settings are virtualised, and the settings sandbox is or can be reset on each reboot. Is that sort of right?

Likely very helpful to devs, in fixing this, thanks. So it’s not an app virtualiser but a windows and app settings virtualiser. I’ll forward to verified track it as its not a directly parallel product

Best wishes



I just want to thank you for all your help and suggestion throughout the session, I know you can’t fix it but giving end user assurance is great help.

No problem I realise that both DeepFreeze and CIS are core for you, so what you are experiencing is not pleasant. Hopefully the devs have enough now to fix it.

There’s another trace somewhere mentioning something-freeze tickling my memory. If I find it and it’s DeepFreeze I will insert an xref. Unfortunately searching for ‘freeze’ brings back 5000 posts.

Best wishes


Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

I just ran installer on my machine and so far there is no conflict between two programs. However I have to perform some in depth checks before I can really say it is gone for good.

In meantime, I can say initial indication and test indicate it is gone. I will post another reply after I have done comprehensive test which will take some time.

Your link has a RED wot rating.
Dodgy registry scanners.

Just an observation.

OK thanks, please do post with your conclusions. Leaving open.

I will certainly post a feedback with my conclusion.

Have you been able to test this yet? Can you confirm that this bug is fixed?

PM sent.

I am sorry for not replying earlier I was very busy. Good news both program get along well know, and haven’t run into problem.