CIS crashes Win10 UI; ShellExperienceHost.exe

Yok · November 6, 2017, 4:24pm

My system: Windows 10 64, latest version /all updates

Using cmd_fw_installer, fresh install, no updates available

After installing the firewall and doing a restart the Win 10 UI bugs out and/or becomes unresponsive.
Left click on start menu no longer works. Right click on start menu still works, however some of the options there also don’t work anymore.
Like going to setting or the apps tab. Even uninstalling the firewall again wasn’t easy because the UI was barely reacting.

In the windows events logger it says that ShellExperienceHost.exe APP is hanging / no longer working.

As soon as I uninstall the firewall and do a restart the Windows UI works perfectly again and the ShellExperienceHost.exe error is also gone.

DecimaTech · November 6, 2017, 7:18pm

Can you give the full details of the windows event log of the application?

Yok · November 6, 2017, 8:31pm

I should probably add that this issue just appeared recently, like in the last week or so, I’ve been using the firewall without problems for months before that.
Issue also persisted after a Win10 reset / reinstall , with pretty much nothing else installed.
So I’m guessing that this has something to do with some recent Windows update or a change in the firewall software.

DecimaTech · November 7, 2017, 2:26pm

Interesting, I don’t notice such issue. Which version of CFW was installed when issue began?

Yok · November 7, 2017, 5:10pm

Should be latest version, downloaded from here http://download.comodo.com/cis/download/installs/5060/standalone/cmd_fw_installer.exe
no updates available after install

I just tried a fresh install again with file from the link above, as soon as I restart the PC the Win 10 start button stops working again.

I also noticed some additional errors, I think right after installing the firewall. All of them WMI errors with ID 24, about 16 of them.

Here is one of them.

Protokollname: Application
Quelle: Microsoft-Windows-WMI
Datum: 07.11.2017 17:53:51
Ereignis-ID: 24
Aufgabenkategorie:Keine
Ebene: Fehler
Schlüsselwörter:
Benutzer: SYSTEM
Computer:
Beschreibung:
Vom Ereignisanbieter “” wurde versucht, die Abfrage “SELECT * FROM CisEvent” zu registrieren, deren Zielklasse “CisEvent” im Namespace “//./root/cis” nicht vorhanden ist. Die Abfrage wird ignoriert.
Ereignis-XML:

24
2
2
0
0
0x8000000000000000

2002

Application

<data_0x8000003F xmlns=“http://manifests.microsoft.com/win/2006/windows/WMI”>

SELECT * FROM CisEvent
CisEvent
//./root/cis
</data_0x8000003F>

DecimaTech · November 8, 2017, 4:21pm

Try adding ShellExperienceHost.exe to don’t detect shellcode injections in these applications and reboot to see if issue persists.

Yok · November 8, 2017, 7:56pm

Just tried it, didn’t seem to change anything though. UI still randomly crashing and error message is still there as well.

DecimaTech · November 9, 2017, 2:42pm

OK lets uninstall CFW, reboot, run this removal tool with run as administrator when you right click on the .bat file, choose to remove CIS and reboot when it finishes. Then install using the offline installer for the 6406 lasted build here.

Yok · November 9, 2017, 3:22pm

done, still same issues as soon as i restart the PC after the installation.

DecimaTech · November 9, 2017, 3:55pm

Provide the CIS diagnostic report and if you can run a system information report with msinfo32.exe go to file and choose export and attach. I will contact a staff member to have a look so they can investigate further.

Yok · November 9, 2017, 4:28pm

see attachments

DecimaTech · November 9, 2017, 4:55pm

Looks like it is caused by incompatibility with avast

-

Yok · November 9, 2017, 5:13pm

Just uninstalled Avast, restart, fresh Comodo install, restart, same issue again. So I don’t think that’s it.

sergey.grechko · November 10, 2017, 11:03am

Hello, Yok.

Your issue is under investigation. Please check your PM and provide needed logs and files.

Kind Regards,
Sergey.

Yok · November 10, 2017, 2:09pm

Thanks, replied to your PM with the requested logs.

DrGluck · December 18, 2017, 2:12pm

Same problem.
Quick solution: add “Windows system apps” group to “Detect shellcode injections exclusion”. But I do not think that this is the final solution to the problem. I hope Comodo will fix the problem.

sergey.grechko · December 19, 2017, 9:00am

Hi, DrGluck.

Thank you for reporting. I have added this info to the internal ticket for dev team. They will try to fix it as soon as possible.

Kind Regards,
Sergey.

umesh · December 27, 2017, 4:46pm

Hi Yok / DrGluck,
May you please try latest Beta v6464 and see if you can still produce the problem?

Thanks
-umesh

DrGluck · December 28, 2017, 5:03pm

I installed beta from offline installer. After reboot CIS switched to a clean profile. After the next reboot, the problem is still there. CIS log is clean. The problem disappears if I disable Comodo service and reboot OS.
I can do anything else if you tell me what I need to do.

umesh · December 29, 2017, 2:43am

Hi DrGluck,
Can you please uninstall CIS and install CCAV and see if you have same problem with that as well?

Thanks
-umesh