CIS 8.2.0.4674 on Windows 10 + IE11

CIS 8.2.0.4674 on Windows 10.

Can someone confirm that IE11 crashes randomly with “Enhanced Protected Mode” enabled? Along with “Enable 64-bit Processes for Enhanced Protected Mode”.
After removing latest version of CIS… IE11 stops crashing.
Please confirm?

I haven’t experienced any crashes with IE 11 with CIS installed.

I just have Edge, and that is not crashing.
I see no “Enhanced Protected Mode” nor “Enable 64-bit Processes for Enhanced Protected Mode” in any of the Settings.
(Windows 10 Pro x64 version 10525)

Hi John,
You have ‘Enhanced Protection Mode’ in CIS HIPs settings.

In IE 11 the mentioned options are available.

Kind regards.

Mine is enabled.

Okay, well… that you all kindly for the replies. :slight_smile:
I’m going to try reinstalling CIS and see if IE11 will start crashing again with “Enhanced Protected Mode” enabled.

So I believe I’ve figured it out. :slight_smile:
Strange this option wasn’t recommended to me what with all the crashing issues people are reporting with Chrome 45. :-
https://forums.comodo.com/defense-sandbox-help-cis/comodo-firewall-crashes-chrome-45-merged-t112806.0.html

Looks like with IE11 I too had to add C:\Program Files\Internet Explorer\iexplore.exe to the Exclusions of Detect Shellcode Injections in CIS.
So far, IE11 has stopped crashing altogether with Enhanced Protected Mode and Enable 64-bit Processes for Enhanced Protected Mode.

Is this a bug that Comodo should be looking into? Or is this normal behavior when tweaking IE to run in full 64-bit mode?

I will post back an update within the next few days to see if this has indeed fixed the issue. :azn:

Looks like the method I’ve chosen has fixed IE11 from crashing. Not one crash since. :wink:

Can you check if Enabling 64 bits enhanced protected mode let’s IE 11 crash again? I want to see if it is one or two settings that make it crash.

That option is currently enabled and does not cause IE11 to crash anymore.
As mentioned with IE11 I too had to add C:\Program Files\Internet Explorer\iexplore.exe to the Exclusions of Detect Shellcode Injections in CIS.
So far, IE11 has stopped crashing altogether with Enhanced Protected Mode and Enable 64-bit Processes for Enhanced Protected Mode.

Just to be sure are you asking to only enable Enable 64-bit Processes for Enhanced Protected Mode or Enhanced Protected Mode? There are two options at play here.

UPDATE: I ended up changing the file I wanted to exclude: C:\Program Files\Internet Explorer\iexplore.exe and changed the exclusion to the ENTIRE folder: [b]C:\Program Files\Internet Explorer[/b] as I noticed other utilities within that folder relating to IE were crashing also. Utilities such as: C:\Program Files\Internet Explorer\IELowutil.exe. But sure enough, once I made that new above mentioned exclusion change, that background application no longer crashes! The only way I discovered that it was silently crashing was by checking the Windows Event log which shared a correlating crash with Internet Explorer 11. Now I am crash free. I hope Comodo can fix this? :o Otherwise I will continue to exclude the entire folder.

I meant to say can you check if disabling “Enabling enhanced protected mode let’s IE 11 crash again?” makes a difference (forgot I had added the 64 bits part; that was a brain fart :wink: )?

[b]UPDATE:[/b] I ended up changing the file I wanted to exclude: [b]C:\Program Files\Internet Explorer\iexplore.exe[/b] and changed the exclusion to the ENTIRE folder: [b]C:\Program Files\Internet Explorer\[/b] as I noticed other utilities within that folder relating to IE were crashing also. Utilities such as: [b]C:\Program Files\Internet Explorer\IELowutil.exe[/b]. But sure enough, once I made that new above mentioned exclusion change, that background application no longer crashes! The only way I discovered that it was silently crashing was by checking the Windows Event log which shared a correlating crash with Internet Explorer 11. Now I am crash free. I hope Comodo can fix this? :o Otherwise I will continue to exclude the entire folder.
What background application was crashing?

You have interesting findings that are indicating a bug. I am right now trying to establish what exactly happens before I will ask you to consider filing a bug report.

Apologies for leaving this thread unanswered for so long as I have been sidetracked with other projects.
I also was not notified of replies when I did log in here… ??? :frowning:

I’m sorry, but I need more clarification on what you would like me to do before proceeding.

To summarize…
I have had to add the ENTIRE folder: [b]C:\Program Files\Internet Explorer[/b] to the Exclusions of Detect Shellcode Injections in CIS.
So far, IE11 has stopped crashing altogether with Enhanced Protected Mode and Enable 64-bit Processes for Enhanced Protected Mode.
Including the ENTIRE path to this folder prevents one other utility from crashing, namely C:\Program Files\Internet Explorer\IELowutil.exe.

To clarify what you are asking me to do, you would like me to DISABLE Enhanced Protected Mode while leaving ENABLED Enable 64-bit Processes for Enhanced Protected Mode?
And when I do this, do you require me to leave the exclusions for IE I have put in place in the Exclusions of Detect Shellcode Injections?

Lastly, the background program that was crashing was relating to IE as posted.
There was no further information to post on that other than what I had already posted.
The utility in question was IELowutil.exe. This is why I opted to add the ENTIRE Internet Explorer folder as adding iexplore.exe wasn’t enough.

Please confirm the above and I will post back my results! :-TU
Your help here is greatly appreciated! ;D

Yes disable the IE setting Enhanced Protected Mode but keep enabled Enable 64-bit Processes for Enhanced Protected Mode, and remove the exclusions you have added in CIS detect shellcode injections. Then try with having the IE setting Enhanced Protected Mode enabled but have Enable 64-bit Processes for Enhanced Protected Mode disabled again with out having the IE folder excluded from detect shellcode injections.

Okay, so I have some interesting findings here.
Plus I captured an error that has never been logged by Windows Event Viewer before. And it actually POINTS this time to a Comodo file as a possible culprit.

First I removed the ENTIRE folder: [b]C:\Program Files\Internet Explorer[/b] from the Exclusions of Detect Shellcode Injections in CIS.
Then I unchecked Enhanced Protected Mode from within IE11 settings page and left Enable 64-bit Processes for Enhanced Protected Mode enabled and restarted the computer to apply changed settings. After loading the desktop I launched IE11 browsed around for around 30 minutes without a single crash. The crashes would normally occur within minutes or after closing a tab within a browsing session… or closing IE11 altogether. No crashes.

So then I went back into IE11 settings and enabled Enhanced Protected Mode and disabled Enable 64-bit Processes for Enhanced Protected Mode, applied the settings and restarted the computer. After loading the desktop I launched IE11 and browsed around and within the first few minutes a crash occurred.

So I reverted back to my CRASH FREE settings with IE11.

I hope I have now provided as much information as possible until the next reply.
As you can see C:\Windows\SYSTEM32\guard32.dll has been logged by Windows Event Viewer. This is a component of Comodo.
It also lists the faulting guard32.dll version number as: 8.2.0.4703… I thought this looked familiar. It matches the latest version number of Comodo Internet Security installed on this system.
Thank you kindly! :slight_smile:

[attachment deleted by admin]

Is this a CIS bug by chance? :o

It would be worth reporting this as a bug and to have Comodo look into it. If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in Required Format For Reporting Bugs.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will certainly be seen by Comodo staff.

Okay.
When I have some spare time I will look into filling out a bug report.
Thank you! :azn: