hi again , and thank you for trying to solve the problem with comodo firewall ( acad 2010 and 3dmax 2010)…
honestly i am little busy with my work , and i am not capable to find the required time to work with you to solve the problem…
if you can …just try to install auto-cad 2010 and the 3dmax2010 along with the comodo firewall , in this case you can see exactly what is happening , honestly i do no know about software programing that’s why i can’t also be much help in this situation , please just try to solve the problem because this product is very nice and i am so sad i cannot use it, because of this problem now, i am sure there is lot of people need help in this situation not only me …
again wish you the luck finding the solution…
take care and have a nice day…
OK, this is LMU is probably an introduction with AC 11. To find out run process explorer, and watch what happens when autocad loads. You may need to do this with AC manually sandboxed, virtualised, at the unrestricted level, using ‘Add a program to the Sandbox’ if that’s the only way to get it to run normally . Look at acad.exe and FNPlicencingservice.exe and any other process with the vendor Autodesk or Acresso. Look to see what loads hierarchically beneath these files, as AC loads, if anything, and post the information. Anything that loads, make it an installer updater. You can copy the path by double clicking on a process in process explorer and choosing the image tab.
Then go to Options ~ configure highlighting in process explorer. Turn all highlighting off except jobs. Now run AC without manually sandboxing it. (You will need to remove it from the 'Add a program to the Sandbox dialog). Observe acad.exe and FNPlicencingservice.exe and any other process with the vendor Autodesk or Acresso. See what loads again - what are the differences from last time? Is anything coloured brown? Is any other process at all brown (apart from IE and Google chrome)? Please post the information. If you are lucky it will now load fine. If not please paste a screenshot of the D+ logs with all information in view, and tell me the time you loaded AC UN-sandboxed.
Hope this is clear enough - may have given more detail than you need!
OK good luck, and thanks for working through this with me!
Don’t worry that’s fine, as you see someone else is taking over from where you left off! I have loaded AC 11 which has helped, but it does not crash. Maybe because its the trial, maybe because it is the next version.
Hi Mouse,
Thanks for your help.
I have tried to work through the stages you suggest, but still not able to load Acad Un-sandboxed.
I attach screenshot of Process Explorer and CIS logs.
3.06 Acad manually sandboxed - loaded OK.
3.07 Acad loaded - Not OK.
Regards
That’s very helpful information thanks very much. I’ll need a while to digest this, then come back to you tomorrow if that’s OK.
Meanwhile can I check if you tried removing the registry key I specified from the protected keys list and rebooting? If not, if you would try that now it will eliminate another possibility.
It’s most likely protected file or registry access that is involved in some way. But there are a few other possibilities too.
Did you see any other files loading temporarily (via process explorer) when you ran autocad in the sandbox? This could be critical so please double check if unsure.
Hi Mouse,
Meanwhile can I check if you tried removing the registry key I specified from the protected keys list and rebooting? If not, if you would try that now it will eliminate another possibility.
I have removed “HKLM\system\ControlSet???\Services*” from My Protected Registry Keys and Rebooted the computer. This did not resolve the problem.
Did you see any other files loading temporarily (via process explorer) when you ran autocad in the sandbox? This could be critical so please double check if unsure.
When I ran Acad in the sandbox I spotted “Services.exe - svchost.exe - wniprvse.exe” loaded.
When I pressed OK in Acad new features window “Services.exe - svchost.exe - wsCommCntr1.exe” loaded.
OK, so nothing is now being auto-sandboxed, and its not the two things in the logs. Let’s check now whether it is D+ which is blocking it, then narrow down from there.
Check you are updated to current CIS version .828. Reboot and re-try.
In D+ settings check ‘disable D+ permanently’ reboot and retry.
If 2 works, in D+ settings set the security slider to disabled reboot and re-try
If 2+3 works we can progressively disable monitors, till we find the right one. If 2 does not then we disable guard32.dll then look at the firewall logs. If 2 does but 3 does not we can disable image execution control.
So not a long way to go, I guess. (I am a volunteer, like you!)
with D+ slider set to disabled, renaming guard32.dll so it does not load and rebooting. You find this in Windws/system32 and the CIS repair directory. Please rename both. Then retry. You’ll get reminded about an update - please ignore this.
with D+ security slider set to disabled, removing shellcode injection protection and image execution protection (set slider to disabled) and rebooting. (D+ ~ Advanced settings ~ image execution control). Then retry.
finally, with D+ security set to learning mode, rebooting, then retry.
If these fail then you have an unavoidable incompatibility with D+, so all you can do is either disable D+ fully or run AC in the sandbox I am afraid. If one of these succeed, then we may be able to formulate an exclusion rule.
Oh one more thing to ask. Are you running AC with admin OS privileges?
I think we’re making some progress now.
Firstly, yes I am running with admin privileges.
with D+ slider set to disabled, renaming guard32.dll so it does not load and rebooting. You find this in Windws/system32 and the CIS repair directory. Please rename both. Then retry. You’ll get reminded about an update - please ignore this.
with D+ security slider set to disabled, removing shellcode injection protection and image execution protection (set slider to disabled) and rebooting. (D+ ~ Advanced settings ~ image execution control). Then retry.
finally, with D+ security set to learning mode, rebooting, then retry.
Autocad loaded fine with guard.dll renamed and D+ slider set to disabled.
I reset names of guard.dll removed shellcode injection protection and image execution protection. Autocad did not load.
I reset shellcode injection protection and image execution protection and set D+ security set to learning mode. Autocad did not load.
I went back to 1 renaming guard.dll and with D+ security set to learning mode. Autocad loaded fine.
So it’s probably another guard32.dll bug. This has narrowed it down quite a bit for the devs, and I’m glad (well sort of!) to say several other apps have a problem with guard32 as well. So there is a good chance that it will be fixed.
Disabling guard32 removed some of the protection from cfp [Edit: in version 3, not 4 I know understand], and possibly some fixed protection for some CIS/cfp related registry keys. But I think this is less serious than it seems, since protection for cmdagent, which I think is really what does the D+ work (CFP is sort of the UI for cmdagent), remains. The upshot is leaving guard32 disbled for the moment might not be too bad an option [Edit: I am currently checking this]. (CIS will prompt you to update due to the fact that Guard32 is disabled - you should ignore this and check for updates instead). [Edit: I am currently checking this]
Could someone, EricJH perhaps, confirm this?
Meanwhile. Can you check or post the CSP to see if any rules have been added by training mode? Also can you try with guard32 disabled, but in safe mode.
If this works then there is one other thing we can try. I understand from Autocad readme files that AC (well the copy protection stuff) writes to some ‘deep’ registry keys, which arguably it should not. That’s why I asked about accounts. If you were running a user account under Vista 64bit AC probably would not function at all! AC recommend that you sort this out by copying the key structure to a more accessible position, which AC licensing also checks. Just possible that this would escape guard32.dll.
A simple fix which is worth trying but which I doubt will work is to define all the files you previously defined as installers as Windows System. Which grants them the highest possible access. Unfortunately if any are unsigned or signed by an untrusted vendor they may also be sandboxed. So I’d recommend adding the files to my safe files first, then defining them as Windows System (may not work the other way round!).
Beyond that it would be a question of editing the registry. Reasonably safe enough if you make a restore point first, and then install no more software before you have checked that all is stable and done a restore if not. I can give you detailed instructions. What do you think? I need to check that the AC readme gives enough info first anyway - risk is the info is for 2011, unless you can find the same thing in the 2010 readme.
Best wishes
Mouse
PS here is the path to the autocad readme in autocad 2011
file:///C:/Autodesk/AutoCAD_2011_Multilingual_Americas_WIN_32bit/x86/en-US/acad/Acad/Program%20Files/Root/HelpHtml/filesReadme/WS1a9193826455f5ff1e973db110e6c76659-7de0.htm
The update option in CIS restores guard32.dll so should be avoided. I think I will have to check the forums for updates when annouced.
So far as I can see several entries have been added to the Computer Security Policy - All applications section. I don’t have a before/after comparison to check.
With guard32.dll disabled, but in safe mode, but in safe mode Autocad loads fine.
I have attached Autocad 2010 readme file.
I think my best way is to run Autocad with guard32.dll disabled and hope the devs at Comodo sort it out.
I have reported elsewhere a problem with Writing to CD/DCD drives with is resolved with guard32.dll disabled.
That’s fine just seeing if we could get any info on what guard32.dll was blocking. You have previously posted the CSP I think, so that’s a ‘before’ shot. If any file rule related to ac had been created that might give us a hint. Or if one of the policies had changed from ‘installer updater’.
Regarding the other things I suggested, they are just ways of seeing if we can avoid disabling guard32 by allowing access to keys it might be blocking. You can’t do that via D+ settings I think, since the slider did not affect the malfunction. Its possible that you can do it by making the files ‘windows System’ (windows system files ought to have access to the whole registry) or by duplicating the registry entries to a part of the registry which is not affected by guard32. This is speculative - largely based on the hint in the AC readme. Up to you if you want to try it!
Thanks for mentioning this fix in the DVD topic. I’ve also asked EricJH there if he can confirm the function of guard32, since on reflection I feel I only have partial information on this.
Hope this help make things clear
Best wishes, and well done for following all this through to a reasonable resolution!
Well Endymion is doing amazing work on our behalf trying to work out guard32.dll’s function.
Meanwhile have people tried running these apps permanently (via ‘add a program to the sandbox’) sandboxed, unrestricted, not virtualised. This should leave all you files in the normal place.
This places almost no restrictions on the apps. [Edit: and according to Endymion’s researches, inhibits the loading of guard32.dll for just those apps.. Please see update below].
Indications so far from Endymion are that guard32 does more than it used to, so maybe best not to disable it for all apps until we know more.
Results of investigations largely carried out by Endymion (Thanks a lot, Endymion). But NB I am responsible for any errors in interpretation!. This is also a summary of what we know.
As we know Guard32.dll causes some apps not to load. An interaction with Java seems to be implicated in some cases.
Loading of guard32 into all apps can be prevented by renaming the file, or disabling it using Sysinternals (now Microsoft) Autoruns (Just Google it) Appinit tab. The latter has the advantage that you should not get constant update reminders from CIS. Please note however that Autoruns should be used with caution - best to create a system restore point first.
However you should note that in V4 Guard32 appears to have a role in:
automatic sandboxing (you can of course just turn this off to avoid problems)
buffer overflow protection (could use OS facilities instead - Enable DEP in My Computer ~ Properties ~ Advanced ~ Performance ~ Data Execution Prevention)
alert simplification for registry access alerts (no work around)
It may have other undiscovered roles, but cannot determine these unless we get feedback from the devs (which has been requested).
Therefore it would be better to disable guard32 temporarily and/or only for apps that object to it.
Some of the effects of Guard32 on specific apps can be disabled by deliberately sandboxing an application as limited and virtualised. (I am not not clear which of these is essential). Sandboxing unrestricted unvirtualised should not have significant effects on an application and so is worth trying but probably won’t be sufficient.
We are still looking for a better work-around, and will get back if we find one.
