Dear experts,
Here is my info for the bug in the required format, followed by additional details on how I reproduced it, etc.
Sorry for long post - I am trying to provide details that might be helpful.
============================================================================
A. THE BUG/ISSUE: BSODs + freeze on clean Win 10 Home 1709 + CIS with Proactive Firewall only v10.0.2.6420
Can you reproduce the problem & if so how reliably?:
Takes many hours but can reproduce within a day or so. Have to run a script to reboot PC every so often; disable auto-reboot on BSOD (so I can catch the BSOD). More details on how I reproduce are below.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
Please see details later in this post.
One or two sentences explaining what actually happened:
Clean Windows 10 1709 reinstall on recent PC runs fine for multiple days. Adding Comodo Firewall v10.0.2.6420 starts failing with different BSODs and occasional freeze.
One or two sentences explaining what you expected to happen:
No BSODs
If a software compatibility problem have you tried the advice to make programs work with CIS?:
Only software other than Comodo is Windows 10.
Any software except CIS/OS involved? If so - name, & exact version:
No other software installed.
Any other information, eg your guess at the cause, how you tried to fix it etc:
Please see below for how I tried to setup minimal environment to reproduce the issue.
B. YOUR SETUP
Exact CIS version & configuration:
version 10.0.2.6420 from verified offline download; Proactive configuration; Firewall only (not even AV). Other (likely less important) settings are described in post below.
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Firewall Safe mode, D+/HIPS Safe mode, VirusScope enabled, Auto-Containment disabled, Cloud-enabled lookup disabled
Have you made any other changes to the default config? (egs here.):
Please see exact steps of how I installed Comodo (twice) in email below in Details section
Have you updated (without uninstall) from CIS 5, 6 or 7?:
No, brand new install.
Have you imported a config from a previous version of CIS:
No.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win 10 Home v1709, 64-bit, default UAC settings, the only account setup during Windows install (Administrator account type), no virtual machine
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
No other sofware installed. I do see Windows Defender is On. Windows Firewall is Off because Comodo firewall is On.
C. ATTACHMENTS
In Comodo UI, I went to (? icon) → Support → Diagnostics and it said it found issues that it could not fix. Generated diagnostics file does not show any error events. Please see it attached.
Also attached compressed Minidumps for some steps described below.
Finally, I uploaded to a Google Driver large (zipped) MEMORY.DMP files as well as system info (per futuretech instructions below). Please let me know if you’d like to access them.
============================================================================
I saw another couple of BSOD related threads here with Windows 10 v1709 but my stop codes and WinDbg analysis seem different. Those threads mention cmdhlp.sys but I did not see anything related to cmdhlp.sys in my BSODs.
I’ve been pulling my hair for over 2 months now, trying to narrow down the cause of BSODs. I am finally in a position to state that Comodo is the most likely culprit or rather some combination of Comodo with Win 10 v1709. I’ve been using Comodo with Win7 without issues and like it a lot, but a new computer runs Win10 Home v1709. Multiple times I would run the system in different combinations and the only common denominator is that when there is no Comodo, there is no BSODs, and when Comodo is installed, BSODs happen on occasion (and even more rarely, computer totally freezes). Finally, the latest cleanest experiment was the most conclusive. There is no other software involved: clean Windows install + Comodo, both with minimal config changes.
---------- Experiment Steps ----------
(1) Install brand new Win 10 Home v1709 (see details below). Run it for over 2 days periodically rebooting and scanning with Win Defender (to simulate some activity) with no issues.
(2) Install latest Comodo (Firewall only; Proactive; see details below) =>
- first BSOD (stop code: Critical Structure Corruption) happened after 10 hours of occasional reboots + Windows Defender runs.
- within another hour, another BSOD (stop code: Clock Watchdog Timeout)
(3) Connected to internet (via wired connection) for the first time, updated all drivers and Comodo (Comodo update barely did anything as expected), Windows license got activated. Disconnected wire from internet.
(4) Got more BSODs: - 20 minutes after updates, got BSOD (stop code: Critical Structure Corruption)
- 10 minutes later, got another BSOD (stop code: IRQL NOT LESS OR EQUAL)
(5) Connected (via wire) to internet, installed Windbg from Microsoft site (to examine dump files, but did not know how to interpret these well. I think they do not show same cause as different threads on this forum). Disconnected wire from internet.
(6) Uninstalled Comodo from Program and Features (successfully). Just in case, uninstalled any other remnants using ciscleanuptool 2.0.0.3 which required 2 reboots as expected.
(7) Wrote a simple bat script that automatically reboots the PC every 20 minutes. Ran it for over 2 days with occasional manual starts of Windows Defender to scan the system.
No BSODs or freezes or issues for over 2 days and 140+ reboots.
(8) Installed Comodo (Firewall only; Proactive; see details below): ~9am (Dec 18’17)
(9) 3 BSODs + 1 freeze:
(9a) ~3pm: Got BSOD (stop code: Critical structure corruption) ~6 hours after Comodo install and ~18 reboots, once every ~20 mins.
(9b) 5:32pm ET: 2.5 hours later (and few minutes after starting a Windows Defender scan), got BSOD (stop code “IRQL NOT LESS OR EQUAL”).
(9c) 6:02pm ET: after 2 more reboots, at 5:40pm and my script-based one 6:00pm, computer completely froze at 6:02pm timestamp. Hard shutdown was required.
(9d) ~8pm: after another reboot at 7:55, got BSOD (stop code: Clock Watchdog Timeout)
---------- Details ----------
(A) Details for how I installed Windows (in Step 1)
“Install new Win 10 Home v1709” was done by completely reinstalling Windows using DVD created off of Windows media creation tool downloading Windows from the Microsoft website.
Options applied during the install:
- select defaults for keyboard, time on first screen
- answered as follows to questions that come up during install:
Add a second keyboard layout SKIP; Connect to a network SKIP; Make Cortana your personal assistant NO
Location OFF; Diagnostics BASICS; Relevant Ads OFF; Speech Recognition OFF; Taiored Experience with Diagnostic Data OFF
Note: per Device Manager, while some device drivers did not get installed at first, that did not seem to matter and they all got installed and cleared up after connecting to internet in step (3) above.
Configuration of Windows 10 after the install:
- Right click on desktop screen → Personalize
→ Background → picked Solid color
→ Taskbar → Location (dropdown): left
→ Lock Screen → Screen Timeout Settings → “Never” for both Screen and Sleep
Pinned to Start: Control Panel and created desktop icons for Event Viewer and Notepad
Changed Windows Explorer settings to show all files and all file extensions.
In order to detect BSODs without having to watch my computer 24/7, had to do disable auto-restart on failure:
Control Panel → System → Advanced System Settings → Advanced tab → Startup And Recovery Settings… button → unchecked Auto restart on system failure
Disabled bluetooth and wireless (only want wired Internet connection):
Settings → Devices → “Bluetooth & other devices” on LHS → set to Off
Settings → Network and Internet → Wi-fi → set to Off
Control Panel → Network and Sharing Center → “Change adapter settings”
→ right-click Wi-fi → Disable
(B) Details for how I installed Comodo (in Steps 2 and 8):
CIS version 10.0.2.6420 using offline download from Comodo
- downloaded on December 1’17 from http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_only_installer.exe#_ga=2.103183808.1334636029.1513644158-573876786.1513457526
- tripple checked that file size (69,534,888 bytes) and both hashes (MD5 and SHA1) match those of the Comodo post announcing it (https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-v10026420-hotfix-released-t121047.0.html)
During install- unchecked 3 checkboxes on first screen (Comodo DNS setup, Enable Cloud Based behavior, Send anonymous stats to Comodo)
- unchecked Comodo AntiVirus component, so only Firewall component is checked and installed
After install, activate Proactive security profile and for UI, changed to Classic Theme; first reboot after install. Then, - disabled file cloud lookup (under File Rating → File Rating Settings)
- disabled auto containment (under Containment → Auto-Containment);
- under General Settings → User Interface, disabled “Show messages from Comodo Messsage Center” and “Show welcome screen on startup”
No other configuration changes. Reboot again for good measure.
---------- Other Notes ----------
- At one point earlier, i.e. before this latest experiment, I had also upgraded to Win 10 Pro, but that did not resolve the BSOD issues.
- I attached to this message 3 Minidumps in zipped format for steps 9a, 9b, and 9d.
- I have uploaded system info file (per request from futuretech below) and, for step (9), zipped up full MEMORY.DMP files to a Google drive. Please let me know if you’d like location of those (so far, I PMed these to futuretech and PremJK).
- Security Event Logs indicate a failure where Code Integrity determined that image hash of a file is not valid for System32\guard64.dll. (Event id 5038, source “Security-Auditing” event). Claims file might be corrupt - I’ve seen this warning message before too and don’t know whether it’s important, or to be ignored. As I had mentioned, I tripple checked correct size, and both hashes as posted by umesh, so I am certain I have the right file downloaded.
Please help! I’d love to continue using Comodo with Windows 10, if I can!
Justin
[Update from Dec 19’17] updated above post to indicate I uploaded memory.dmp and system info files.