Bye CIS 5. I give up. Back to CIS 4.1

Comodo Internet Security - CIS Defense+ / Sandbox Help - CIS
#1

Well It is definitely a no, no for Cfw 5 in my machine.

I have tried all and every advice given by Greg, mouse, Eric, and I think Heffe for the past 4 weeks. I have read all the guides and FAQs I found, or I was advised to read. I have tried “Training Mode”, “Clean PC Mode”, “Safe Mode”, and “Paranoid Mode”. BTW in “Paranoid Mode” was when D+ and Sandbox behaved better because I had to answer all the alerts Cfw5 was trowing at me, however, Cfw5 forgot rules, or files added in “Trusted Files” were sandboxed once in a while, no big deal, but what is unforgivable was the hanging of the system when booting cold.

I added a bunch of files and applications to exclusions in BO. I treated a bunch of files as Installers/Updaters. Hey, I can not treat all of them as such because then what would be the meaning of having CIS in my PC ?

Files giving Cfw5 problems: jqs.exe, Spy SweeperUi.exe, SsiEfr.exe, hpqcxs08.exe, hpqtra08.exe, hpqste08.exe, QuickCam.exe, LvComSer.exe, LvPrcSrv.exe, rundll32.dll, CTMBHA.dll, clclean.0001, nvcpl.dll, nvsvc32.dll, IAANTmon.exe, IAAnotif.exe, STsystra.exe, net.exe, usernit.exe, and others.

The thing is that my Java does not load fast enough. My Logitech cam does not show in my tray. My Hp Digital Imaging Monitor gets stuck at boot time. My PC does not connect, or at least it seems not, to the web. Comodo does not respond. My Task Administrator either. So I end up shutting down my machine by cutting out the power.

I have reinstalled my OS and all the offended applications, several times, and nothing. Nada.

What gets me mad is that CIS 4.1 works like a charm. So what is it with CIS 5 that is so complicated?

Well guys it would be until next version because I give up. Four weeks is more than enough time to find out what was wrong with my machine and Cfw 5, and unfortunately, I was unsuccessful.

One question though. Which is better Cfw 3.14 or Cfw 4.1?? which would you stick with until next version to try??

Thank you all for your time.

#2

I confirm that I have been finding the same problems. In particular I have a Logitech QuickCam so I have the same drivers as iroc9555 and Comodo does not respond about 80% of the times.

I just hope that a solution is soon found.

#3

Hi maiq.

Sorry to hear about your problem.

Any body having similar problems should post here or new own post so that Comodo dev. could take matters into considerations. For example I have a post with this problem I have with CIS 5 and XP that was read 1430 times and not one posted or replied any coments besides mouse and Heffe.

https://forums.comodo.com/install-setup-configuration-help-cis/cis-5-and-is-not-spy-sweeper-xp-spk-3-hang-at-boot-time-t62544.0.html

Other troubleshooting I have done to fix my problem:

https://forums.comodo.com/defense-sandbox-faq-cis/app-is-not-working-correctly-but-does-not-seem-to-be-sandboxed-what-to-do-t61684.0.html;msg434597#msg434597

https://forums.comodo.com/defense-sandbox-help-cis/help-materials-feedback-topic-t53270.0.html;msg449471#msg449471

The post above is related to this FAQ:

https://forums.comodo.com/defense-sandbox-faq-cis/trusted-files-and-applications-are-these-different-v5-t61611.0.html;msg433957#msg433957

Is there no one else with hangging problems boot time with CIS 5 and XP???

Any one???

#4

I think I can solve your problem. Where it could be a Shellcode injection problem I doubt it. Your problem more than likely is with a system application. I would bet the farm that when you boot the conflict is in either in wininit.exe or userinit.exe for some reason not asking permission to launch an app or modify a key or access a protected interface. For example wininit.exe needs to modify certain registry keys at boot under HKLM/SYSTEM/ControlSet???/Services and other critical functions. Your first clue lies in a post you made here :

https://forums.comodo.com/install-setup-configuration-help-cis/cis-5-and-is-not-spy-sweeper-xp-spk-3-hang-at-boot-time-t62544.0.html

On the active process pictures you sent -

If you will notice that the process wininit.exe is not even listed and running where it ■■■■ well should be, and I also notice the lack of a couple of other processes that should be there under system.

I wish I could have spoken with you before CIS5 was removed just to see if there were any rules for these processes under the defense+ rules.

If you want to run CIS5 do this and it will work :

  1. I would do a total restore on the PC. (make sure that any external drives are disconnected and disable auto updates when you come to that screen.)

  2. If your doing a factory restore then uninstall any useless apps first that you don’t want.(if Any)

  3. Install CIS5 and reboot. If at that point you were to have any problems rebooting (which I doubt) then go into safe mode any follow step 4.

  4. At this point set your configuration as you would like it. Then Set D+ to training mode and MAKE SURE that create rules for safe applications is checked under defense+settings.

  5. Now reboot the system. At this point the system is clean and should in no way have any conflict. If you go under D+ rules and look you should she several windows processes under all applications. including
    wininit.exe ,logonui.exe, and userinit.exe.

  6. Now leave the D+ in training mode go to control panel → windows update and update the system and reboot.

  7. Now set the D+ to where you would normally have it and uncheck create rules for safe applications

  8. Just install one of your apps at a time. I think you said you use Avast. Install reboot and no problems with that then install the next app and so on. Then if you install an app, say spy sweeper and then your problem returns then you know. I really don’t think it was your apps.

#5

Hi sAyer.

Thank you for taking time to review my problem. Yes, it could be some file in my system or one of my applications. I know that Spy Sweeper is not the problem. I tried CIS 5 without it, and my machine hung at boot time anyway.

It can not be Wininit.exe since it is a Vista file and I am running XP.

Userinit.exe, I had it as a Safe File and as a Trusted Application, BTW it should not be set as such because there is a virus called userinit exe and it could be mistaken as the real file in C:\Windows\system32.

Logonui.exe is a hidden file and I have never had it shown in Active Process List in any of the CIS I have ran, and I have been using Cfw since V. 3.5. It could be it since it is the one that help to interchange log users or switch between interface, but then again have to be careful how it is set up since it could help to install a backdoor virus.

Next time I reinstalled my system, I will do it backwards, like you said. After the OS I will install CIS and then I will try one by one the rest of my applications. Well I am hoping that next version comes troublefree, at least for my system.

I thank you again sAyer and I will keep you in mind when installing my OS again.

#6

What’s up iroc9555 ? I see your point some what ,and yes logonui.exe is a hidden process but none the less performs a background task and has to be given access rights like any other file in CIS5.

As for wininit.exe and Windows XP :

Description: wininit.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 95,744 bytes (53% of all occurrence), 96,768 bytes, 100,957 bytes, 338,432 bytes, 96,256 bytes, 95,232 bytes, 94,208 bytes, 100,864 bytes.
wininit.exe is a Windows system file. The program has no visible window. wininit.exe is a trustworthy file from Microsoft. wininit.exe is able to record inputs, manipulate other programs.

This would be valid for XP. In Vista and 7 wininit.exe took the role winlogon.exe had on XP. So wininit.exe is a very vital system process. It will, for example, give instructions to replace system files in use on reboot (when you upgrade a resident exe i.e.). It is also a host for services (svchost).

Wininit EXE is one of those “mini programs” that helps windows 7,Vista (and the XP operating system) start up.

I think this information is correct to the best of my knowledge. Let me know if I’m missing something.

Take Care iroc9555

#7

sAyer.

I do not have wininit.exe in my XP, neither my sister’s or my cousin’s XP machine. I do have a wininit.dll but that is another matter.

If winlogon.exe was replaced by wininit.exe in Vista and W7, I do not know. I am not an expert; However, the definition given by BillP of them sound a little different.

Wininit.exe:

http://www.winpatrol.com/db/pluscloud/wininit.html?wininit.exe&0&0&0&0&0&1&10&4&0

Winlogong.exe:

http://www.winpatrol.com/db/pluscloud/winlogon.html?winlogon.exe&3&0&0&0&1&1&199&51&139

Don’t get me wrong. I know my problem is mine alone since there are thousands of XP using CIS 5 right now troublefree. I even checked my install with sfc /scannow looking for a corrupted file, but it came out clean. So, what else?

Take care and thank you again.

#8

iroc9555 I looked a little deeper and seems your right and wininit.dll is used instead. wininit.exe was used on windows 95,98,Me and 2000. Changed on XP then brought back on server 2008, Vista and 7.

I nonetheless think my original post would solve your boot problem with CIS5.

  • Peace