BSODs after CFW v5.8 install


BSODs after installing CFW version 5.8.213334.2131

A. The bug/issue

1. What you did: uninstalled v 5.5, installed v 5.8 ( did twice - BSOD happened both times )

2. What actually happened or you actually saw: First time: BSOD on rebooting as part of installing v5.8 (no previous config imported). Second time: Random cold boot BSOD a few days later. Third time: After a system restore and uninstalling v5.5, CCleaner clean-up, and fresh install of v5.8, BSOD while ticking Defense+ Monitoring settings (i.e before chance to reboot after the install).

3. What you expected to happen or see: No BSODs.

4. How you tried to fix it & what happened: system restore and clean re-install, turned off Enhanced Protection Mode. BSODs have yet to re-occur (after three days).

5. If it's a software compatibility problem have you tried the compatibility fixes (link in format)?: CIS FW and Defense+ previously worked fine with existing Avast free AV and no other system settings or services have been changed during upgrade so unable to guess if compatibility problem exists.

6. Details & exact version of any software (except CIS) involved (with download link unless malware):
Was only installing CIS.

7. Whether you can make the problem happen again, and if so exact steps to make it happen: No. BSODs occurred immediately after the installation of v5.8, one other BSOD was a random event on cold boot (note: not had any BSODs with current setup until these events).

8. Any other information (eg your guess regarding the cause, with reasons):
I am using x64 bit Windows 7 and it seems that CIS's 5.8 upgrade has enhancements for 64 bit protection so my guess this is causing a conflict. Ran full disk check, sfc and Windows Memory Diagnostic --- no reported issues).

B. Files appended.
1. Screenshots of the Defense+ Active Processes List (Required for all issues): Append 1 & 2 - x 2 screenshots

2. Screenshots illustrating the bug: BSODs not captured live

3. Screenshots of related CIS event logs: ?

4. A CIS config report or file. Default 'Proactive Security' config was unchanged at time of BSODs apart from Enhanced Protection Mode

5. Crash or freeze dump file: 

Append 3 - zipped Windows minidumps for each BSOD
Append 4 - zipped Process Explorer .txt save (processes + lower pane view: handles)
Append 5 - zipped eventviewer error log re 'CIS Helper Service' ( error did not occur under previous versions of CIS).

6. Screenshot of More~About page. N/a

C. Your set-up
1. CIS version, AV database version & configuration used:

CFW version 5.8.213334.2131 (Not CIS AV).
At time of BSODs: Default Proactive Security with Enhanced Protection Mode.

2. a) Have you updated (without uninstall) from a previous version of CIS: Initially yes.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: 

The first time v5.5's updater froze; uninstalled v5.5; fresh installed v5.8; system-restored to before v5.5 uninstalled; turned off all CIS settings; uninstalled v5.5 again; ran CCleaner's registry cleaner; re-installed v5.8 without importing any old config. BSOD re-occurred even before rebooting.

3. a) Have you imported a config from a previous version of CIS:  No

4. Have you made any other major changes to the default config? (eg ticked 'block all unknown requests', other egs here.): I ticked the Enhanced Protection Mode and Create Rules for safe Applications in Defense+ (no other General Settings).

5. Defense+,  Sandbox,  Firewall security levels: D+= Safe , Sandbox= On, Firewall = safe, AV = n/a

6. OS version, service pack, number of bits, UAC setting, & account type:
Windows 7 Pro SP1 x64 bit, UAC maximum. Standard user (Admin elevation for installing etc)

7. Other security and utility software currently installed:

-Avast free Antivirus version 6.0.1225 = sandbox disabled; Avast AV runs rootkit scan on boot.
-EMET 2.1: DEP = Always On; SEHOP = Application Opt In; ASLR = Application Opt In
-GP Software Restriction Policy = Default-Deny
-Malwarebytes used for on demand scans. Windows Defender used only for on demand scans.

8. Other security software previously installed at any time since Windows was last installed: No

9. Virtual machine used (Please do NOT use Virtual box): No

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Moved to Verified.

Many thanks again