CIS BSOD - Windows 10 Pro 1607 [M2221]

zerophx · April 21, 2017, 1:12pm

I love COMODO’s products and I honestly don’t want to stray from them, but this might be a breaking point for me.

Summary - Upon leaving COMODO CIS on my and another very similar setup, Windows will randomly BSOD. After a lot of debunking with other items, removing COMODO CIS leaves both machines crash free.
I’ve reinstalled it on one, and within 4-5 hours I have another BSOD identical to the previous. This occurs on both computers with almost 100% identical dumps.

Error: IRQL_NOT_LESS_OR_EQUAL
Error: MEMORY_MANAGEMENT

I’m not 100% sure COMODO CIS is the underlying cause of this, but removing COMODO CIS proves the problem goes away.

Can you reproduce the problem & if so how reliably?: Reliably? within 24-48 hours I usually get 3-4 depending on the use of the computer

A. THE BUG/ISSUE
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Leaving it sit overnight
2: During heavy loads (games/heavy use of applications)
3: Right after heavy loads (letting it idle after being used)

If a software compatibility problem have you tried the conflict FAQ?:
I could reinstall the computer(s) if need be but I have not removed anything else as I don’t see any real connection with any software, possibly drivers though.

Any software except CIS/OS involved? If so - name, & exact version:
Not that I’m aware of

Any other information, eg your guess at the cause, how U tried to fix it etc:
None, I’ve never dealt with memory/irq bsod’s being a software issue, and it seems to be the case here.

B. Your Setup
Exact CIS version & configuration:
Product version: 10.0.1.6209, Database version: 26948 - standard configuration from install

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS, Autosandbox, Firewall, AV (whatever is enabled by default, but any questions let me know)

Have U made any other changes to the default config? (egs here.): No

Have U updated (without uninstall) from CIS 5 or CIS6?: No

if so, have U tried a a clean reinstall - if not please do?: I’ve done a clean reinstall of COMODO regardless on 4/20 with the issue still there

Have U imported a config from a previous version of CIS: No

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 10 Pro 1607, 64bit, UAC disabled, Admin, no virtual

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
I tried two others on this system to see what they offered before installing the normal CIS, the other computer only got CIS installed
b= Comodo Internet Security Essentials
b= Comodo Cloud Antivirus

C. ATTACH REQUIRED FILES

Attached is my minidumps from one of the computers I have access to at the moment, which is the one I reinstalled CIS on and it started BSOD’ing again. I removed CIS on 4/18 (after 8pm) and reinstalled it on 4/20 at 3pm. The other computer has been running for 4-5 days now without a BSOD after uninstalling CIS.

DecimaTech · April 21, 2017, 1:49pm

Can you switch to collecting kernel memory dump by going to System in control panel and then advanced system settings. Then under startup and recovery select settings the under write debugging information choose kernel memory dump. Then reproduce the BSOD and attach the new dumps here thanks.

Also attach the CIS diagnostic report even if it doesn’t find any problems.

zerophx · April 21, 2017, 3:32pm

I’ve bumped the dumps to kernel memory dump and I’ll get it up here once I get the dump/report + uploaded.

Thanks for the prompt response.

zerophx · April 23, 2017, 6:03pm

I had a crash today at 12:12 EST I believe according to the timestamps. I’ve pushed the CIS report and memory dump to onedrive (1.2gb/1.6gb). They’re still uploading at the moment, but once they’re done they will appear. It was at 1.5gb/2.7gb at the time of the post, should be done in a couple minutes.

https://1drv.ms/f/s!AqQK0JYKMulBxS5WKfUqII2TB_yS

Thanks.

DecimaTech · April 23, 2017, 6:32pm

Thanks for the info I have submitted your link into the tracker and previous submitted dumps are under investigation.

tazruby2000 · April 23, 2017, 6:51pm

If it happens again, try BlueScreenView Blue screen of death (STOP error) information in dump files. I used it and found a windows update caused my problem. The download links are toward the bottom of the page.

zerophx · April 24, 2017, 1:28am

I’m well aware of Bluescreenview and whocrashedit; however both pointed in no particular direction between 2 computers with similar physical/software setups. Upon removing comodo CIS the bluescreens stopped, as mentioned in the original post. It kinda points to comodo having an issue with a new amd ryzen/chipset driver, but that’s pure speculation.

I’ve uploaded another memory dump from noon today to my google drive (ran out of space on onedrive). (The computer was inactive from the previous night → 2pm today, it crashed inbetween)

DecimaTech · April 24, 2017, 4:35pm

Ok I let them know of the crash and dump from a computer that was inactive. They have previously said to re-name c:\windows\system32\drivers\cmdguard.sys reboot and check issue again. Do note that CIS will warn indicating that HIPS is not functioning properly, this is normal. I’m guessing they want to narrow down the driver that might be the cause of the BSOD.

zerophx · April 24, 2017, 5:02pm

I’ve done as asked, also renamed the latest dump at 11:36. Do you want me to bother uploading that one? That would be before this change.

DecimaTech · April 24, 2017, 5:05pm

No only upload a dump if you get another crash after renaming cmdguard.sys

zerophx · April 24, 2017, 7:05pm

I see 10.0.1.6223 just came out (today…). Do you want me to upgrade or hold on the version I’m on? No BSOD yet.

DecimaTech · April 24, 2017, 7:08pm

It always best to try with a newer version just in case it might be fixed without realizing. So I guess you can update normally and check, if it happens again rename cmdguard.sys and check again, then if after rename you still get crashes provide dump.

zerophx · April 24, 2017, 7:10pm

Sounds like a plan, fingers crossed.

zerophx · April 24, 2017, 10:54pm

Crashed at 5:56 EST. The memory dump and cis report is uploaded to my google drive (cis was still going while posting this) right now and interestingly enough the upgrade did not replace the missing cmdguard.sys, its still renamed and “missing” to comodo.

DecimaTech · April 24, 2017, 11:11pm

So cmdguard.sys was never active before or after upgrade and still crashed? That is interesting to say the least and it was never replaced.

zerophx · April 24, 2017, 11:18pm

Correct and it did not get replaced. Comodo did say it needed me to reboot again as well but I’m not sure why.

zerophx · April 26, 2017, 12:09pm

I wanted to hold off to confirm it was still crashing with cmdguard.sys missing, which it is.

I renamed the file, reboot, and after a reboot the cmdguard.sys gets replaced now after a few minutes of being logged in and comodo asks for me to restart. I’ve confirmed HIPS is displaying the “is not functioning properly” still upon booting after the crash. So, cmdguard.sys missing still crashes. Both files are uploading, memory dump from 4/26 6:16am est and the cis diag report from 8am.

zerophx · April 27, 2017, 4:38pm

I uninstalled CIS as of 5pm yesterday and I have yet to see any crash. Is there anything you guys want me to try to do? I’d rather not let my PC sit there crash constantly.

zerophx · May 2, 2017, 8:34pm

Going on almost 6 days now steady uptime without CIS.

DecimaTech · May 24, 2017, 2:28pm

They said dumps were investigated and it seems BSOD is not caused by CIS. They asked if it still occurs without CIS in which I explained that once CIS was removed you could keep system running for 6 days straight without a crash.