I DOWNLOADED from this web site CIS 8.0.0.4344 and tried to install it. An error popped up and I dialed the Comodo number shown. They were unable to fix Comodo and they gave me a non functioning email address as the only way to fix Comodo.
guard64.dll fails security check hash marks have been altered
Defender fails security checks and Windows will not load it.
MsMpEng.exe fails security check
MS17025.tmp was installed with your package from your web site and Comodo says it is malware CloudScanner.Trojan.Gen[at]2[at]1
How do we fix Comodo and how do we restore the computer back?
Thanks for the information on the page that outlines all the steps to unload and load CIS in the hope that you will get a clean install of CIS. This is a new computer and this is the first setup for connection to the internet, so would it be more practical, just to go to the recovery partition and reload from there and then reload CIS? Would this get a clean install point easier? Are there any other things I should do before I go back to the factory partition and re-install the computer?
OK, since I have not received any objection nor contrary advice I am going with the re install of factory settings as the simplest solution. Now to CIS. Should I re install the downloaded from your site CIS or is there a better/safer alternative?
You can download it from here. When you want to go the extra mile you can always check the digital signature and make it is intact.
By what was this reported? The installer? Is it a message from Event Viewer
2) Defender fails security checks and Windows will not load it.
CIS will disable Defender.
3) MsMpEng.exe fails security check
A non related problem. There is another topic about this.
MS17025.tmp was installed with your package from your web site and Comodo says it is malware CloudScanner.Trojan.Gen[at]2[at]1
How do we fix Comodo and how do we restore the computer back?
This would be a false positive from the cloud assuming the digital signature of the installer is intact. Since you have downloaded it from here I have full faith it is intact.
Eric, thanks. With Comodo removed, both Defender and MsMpEng,exe continue to remain failures of security check. MsMpEng.exe started to run all by itself and altered all of Win security settings and I had to reset them with Tweaking. Guard64.dll continued to fail security check after re install of Comodo. MS17025.tmp was date time stamped installed with Comodo and Malwarebytes was prevented from scanning it (Malwarebytes could not even see it along with multiple other installers.). The original Comodo message was generated by the Defense component of Comodo, because the viral database had not even been loaded at that time and there was no connection to the internet. Yes, all the security checks are done by Win and logged in the security reporting view of Win and are the only three failures. All the failures disappeared with factory re install of Win. I find the guard64.dll “hash marks have been altered” is a common error with Comodo installations. I assumed that since this is universal across multiple computers that it is merely a characteristic of Comodo.
The message about guard64.dll in Event Viewer happens to everybody. CIS uses a now by Microsoft deprecated technique of loading the dll file.
When running MBAM Pro and CIS at the same time please add the installation folders of the programs to each others exclusions. That way the on access scanning from MBAM Pro and the av of CIS don’t go hay wire.
Thanks again Eric. I downloaded a new copy directly from the Comodo site and the hash marks on the dll file were altered again and the same malware appeared on the computer that is time date stamped with Comodo load. Looking at a couple of other computers, I see no change in any hash marks including the identical dll file version, so it can not be how Comodo loads the file that causes the hash marks to be altered. The computer scans clean with Malwarebytes in safe mode. What do you suggest I do?
Can you post a screenshot of the error report that report the hash marks on the dll file were altered again. I want to see the source of your information so I can better think along with you.
Eric, the report is from Win audit report and is similar to posted attached, since I did not save the original. All I did was load CIS and then after the malware Cis report, I looked in the Win audit report and found the log of the altered hash marks. This was before any connect to the internet.
What malware are you referring to? Please upload the file to Virus Total and post the url to the page with the report.
Looking at a couple of other computers, I see no change in any hash marks including the identical dll file version, so it can not be how Comodo loads the file that causes the hash marks to be altered. The computer scans clean with Malwarebytes in safe mode. What do you suggest I do?
The error that you are getting has been around for a while now. I see it on my system as well. It does not mean your system is compromised.
You downloaded the file from the Comodo site which will provide a clean download. In case you don’t want to trust that trust a valid digital signature. If the signature checks out then the installer is untouched.