TOPIC TITLE
This should summarise the issue. May be best to write it after drafting the issue report. A good title makes sure the right mods and the right devs look at the report
The bug/issue
What you did: I installed the New CIS 5 cfw after I uninstalled CIS 4.
What actually happened or you actually saw: PC starts to boot AV (Avast) loads partially, WEb and E-mail services do not load until communication with web is established, Creative (sound) loads, Win Patrol loads, Comodo loads (apparently), and then I can see Spy Sweeper (Webroot) Splash screen appears and then nothing. Whatever I click nothing happens. I even have to shut down the PC by depressing the turn on button. No good.
What you expected to happen or see: Avast loads (partially), Creative, Win Patrol, Comodo, Icon for local network load and stablishes connection with Internet, Avast loads completely, Spy Sweeper loads, and HP solution center loads.
How you tried to fix it & what happened: I reinstalled CIS 5. I made webroot a trusted software vendor. I reinstalled Spy Sweeper. I added Spy Sweeper to My trusted files. I rebooted the PC with Comodo in training mode (FW and D+) several times. Nothing. If the PC is turned off and several minutes later it is turned on, It hung again.
Details (exact version) of any software involved with download link: Avast 5.0.677. Spy Sweeper 6.1.0.145. CIS 5.0.xxxxx.1135
Any other information you think may help us:
If the PC is turned off by depressing the ON button and then depressed again to turn on the PC it might reboot to completition and that is why I was able to uninstall and to reinstall CIS and Spy Sweeper to try other ways.
Files appended
Screenshots illustrating the bug:
NO Screenshots. the only reports found are in the Windows logs viewer. No ID numbers only reports about Spy Sweeper not finding a path or a file. This is written in Spanish and thing like this in English:
D: [ThreadID] (LogonManager).
D: Failed to resolve image path for [PID:3200] [Name:verclsid.exe] (GetProcessFilePath).
D: Failed to resolve image path for [PID:3944] [Name:verclsid.exe] (GetProcessFilePath).
D: Service control message:[SERVICE_CONTROL_SESSIONCHANGE] (TSpySweeperService::HandlerEx).
D: Failed to resolve image path for [PID:4008] [Name:MIDIDEF.EXE] (GetProcessFilePath).
These reports are repeted the same on several hungs at different ocations
Screenshots of related event logs or the active processes list:
A CIS config report or file.
Crash or freeze dump file:
Your set-up
CIS version & configuration used:
CIS 5 FW and D+ in safe mode. Proactive Security. Sandbox enable.
Whether you imported a configuration, if so from what version:
No. Clean install
Defense+ and Sandbox OR Firewall security level: D+ in safe mode. Proactive Security. Sandbox enable.
OS version, service pack, no of bits, UAC setting, & account type:
Windows XP Pro Spk 3, 32 bit. fully patched.
Other security and utility software running: Avast 5.0.677. Spy Sweeper 6.1.0.145. CIS 5.0.xxxxx.1135
Thanks for this informative report. Please could you indicate
whether you were running an admin account and
whether you are running Malwarebytes as well?
If you can get a screenshot of the active processes list and/or your logs before the machine hangs, it will help matters greatly. As would an OS crash dump file if one is produced
I forgot to say that SS is used without the AV. I got only the anti spyware.
There is the admin and myself with admin rights
Malwarebytes´ is installed but is the free version, and it is only used for on demand scans.
When the machine hangs I can not do anything but to turn it off hard. It does not generate an OS crash dump or minidump for that matter.
I attached screen shots of my System and applications using CIS 3.14 Active Process List. I am currently using CIS 3.14, like it better than CIS 4.1. The few times that I could run my machine with CIS 5.0, I like what I saw and tried, but if it does not boot right, the first time of the day, I would not use it.
Also some screen shots of the event viewer when the machine hung and when it did not.
One thing though. How come Webroot is not in the trusted software vendor list? I know others and myself have had problems with SS and CIS in the past. Something with system shield in SS and its scan, but I would say that SS is a well known antimalware so that Comodo would try it out to avoid any conflict with it
Do you mean the SS program folder ? or for that matter the Spy Sweeper.exe file that is already installed. because the “installation folder” is just the SS installer that I place on the desktop when I am going to install SS. Yes I can try.
Thank you.
OK I reinstalled CIS 5 and I added the whole SS folder from Program Files to Shellcode Injection exclusions. I will turn off the machine and in a while I will boot it up to see what happens. I added Webroot to the Trusted Software Vendor List and Spy Sweeper.exe to the trusted files like before anyways.
OK so far so good. I have rebooted several times without any problems and I have turned off the machine and booted again a couple of time without any hangs up. It seems that was the problem. SS likes to constantly write up some temp files in Windows and that might have been the overflow of the buffer. Any way I will keep you posted if anything changes.
No, It did not work to exclude SS from the Shellcode injection. It hung when I booted the machine this afternoon >:( It just freezes when SS is loading, and it does not give any logs or errors to explain why this is happening.
I am going to run the PC without SS for tonight and tomorrow and see if it hangs, just to rule out any other program.
I hope some one in Comodo is able to recreate and to fix this issue because I still have like 5 months in my SS license, and I would not like to go back to CIS 3 or 4. I had just reinstalled OS when CIS 5 came out, well I waited a week to try it out, and now I have uninstalled and reinstalled CIS and SS so many times and my machine has also frozen so many times that I feel that my OS clean install was a waste of time. Don´t get me wrong. I am not blaming any one. I just feel frustrated that my whole weekend just went down the drain.
Not that this helps you out any, but I was a Spy Sweeper user for quite some time. Then they had a major update (Can’t remember the version number) and it started causing problems with many other applications. (Threatfire and Mamutu are a couple that spring to mind) At first I suspected the other applications because I had been using them for less time than SS, but through troubleshooting I found out the culprit was SS. I uninstalled it and haven’t looked back.
Thank you for your words. I believe that was when they went from V. 4.8 to V. 5. I know Webroot is not the easiest software developer to deal with, they do not even have a Forum to start with, but it has kept my PCs clean for many years and had saved me more than a couple of times. CIS and SS had had also a couple of issues with CIS 3., but they were fixed pretty quickly. What I do not see is other SS users reporting this snag like they did before on other occasions. I have almost 6 months left on my SS subscription that I would like to use until it runs out. I like CIS (fw and D+) very much and its development has been going from good to very good to almost excellent, and I would like to keep using it. Since I am one of those computer users that do not believe in security suits, sorry Comodo, I try to look for the best of the best in the bunch, and run them in my PCs, and Comodo´s FW and HIPS are the best, for malwares SS is one of the best although I might say that MBAM and SAS are given the fight so I might change to one of them when my 6 months are over or if this bug can not be fixed.
Please work though the solutions in this here, and report back. You will have tried some of them already - just miss those out.
If these don’t solve it then I will forward as a verified issue, though please note that interworking of security software can never be guaranteed. And you are using a lot of security software.
You might also try the same techniques on the other security software you are using. These things are complex, and it may be one of the others that is causing the problem you are perceiving through the SpyShelter Issue.
Yesterday morning my machine hung. SS was not installed, so it must be other software and CIS 5. I do not see any program conflicting with CIS in the event viewer.
Thank you for your link. I have done everything but #8. I have checked for my programs to be trusted and not sandbox (partially limited). I have checked Process list to see if any prog is set as unknown. I have set the few programs in Security policy as trusted, and as I said in my first post I set CIS in training mode and turned it off and on a few times. Never have this problem with 3 or 4.
I have my PC with SS and windows FW now, no problems. I am going to install CIS 4.1, and let it run for today and tomorrow and then do and automatic update through Comodo and see what happens.
Sometimes security programs leave behind drivers after uninstalling. See if the following tutorial brings anything to light or not.
We are gonna take a look to see if there are some old drivers of your previously uninstalled security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> reboot your computer.
When the problem persists make sure there are no auto starts from your previous security programs. Download Autoruns and run it.
This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting push Escape and go to Options and choose to hide Windows and Microsoft entries, to include empty locations and then push F5 to refresh.
Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.
I have ran CIS 4.1 all afternoon with all my Security Softwares ON, Avast 5, Spy Sweeper 6, and Win Patrol, and I do not think they are too many, and I have rebooted and turned off and on the PC a few times without any hang ups, but then I did it the whole week after last one when I reinstalled XP Pro Spk 3. It was last Saturday that I tried CIS 5 and the PC started to hang at boot time. I thought it was Spy Sweeper because it never finished loading and the event viewer showed SS with problems to start. However, like I said it. I was running CIS 5 without SS installed and my PC hung yesterday afternoon when I came home from work and turned it on. So I guess it is not SS and CIS 5, I even might change the post title.
I ran Autoruns. Nothing jumped out of place. All my progs were there nothing extra. I also went to Device Manager and everything looked like it should be. :-\
I am taking a list of progs out of CIS 4.1 to match with CIS 5 when I try it again this weekend to see what is missing. Truly. I do not see why CIS 5 is not working because my PC works with CIS 3 and 4 without any problems.
Mouse1 I followed your guide (btw you edited it). I even added Shell32.dll (#4. Daemon tools) to BO exclusions. CIS 5 seemed to boot better, but it eventually hung when I booted the machine next day.
I delayed HP Digital Imaging Monitor, Logitech QuickCam, and Creative Voice Center from starting up at boot time using Win Patrol and even though the machine booted up without hangings then when those progs started they did not work right.
I had to reimage my machine again (Dell PC Restore by Symantec). I had to shut it off hard so many times in order to try to boot it up right that I was worried something was wrong with the registry.
I know that some of my progs are old, like my drivers and software ( V. 9 ) for my HP Photosmart, or my Creative MediaSource 5, which are not recognized by Comodo as safe files. They are either sandboxed or popped up alerts for D+ but then again I even had pop ups for XP original files like net.exe, and userinit.exe. I know someone is going to say that the Trusted Software Vendor List must be corrupted, but I have downloaded Comodo ( Cfw and Premium ) like four different times and those are the times I have installed CIS 5 in my machine to tried it out.
What I do not get is why CIS 5 is so much trouble If CIS 3 and CIS 4 worked flawlessly in my PC. I still will not give up. I will try other things this weekend. Mean while I will attach these images and a Comodo log that I found I believe is the Installment log for CIS 5 and Serg Derevyanko can make out something out of it. BTW all unknown or untrusted files were added to Trusted Files.
I changed the title post since it is not Spy Sweeper fault.
Thank you for your kind ears, well really eyes. Any suggestions anyone :-La Please.
