CIS Interferes with Virtual PC 2007 Clipboard Transfers (Guest OS => Host OS) [Issue Report]


  1. What you did:

Setup a functional and fully updated copy of Windows XP Professional SP3 (WXPP-32bit) on an Intel P4-E6500/4GB platform; used that computer for approximately two years without difficulty.

Installed Microsoft “Virtual PC 2007” (VPC07) onto the tested/stable WXPP platform (“Host”).

Installed multiple different sources (OEM, Retail, VLK) of WXPP-32bit (again SP3 w All MS Security Updates) as “Guests” under VPC07 (emulating P4-521/1GB-RAM + 6G-HD) onto original WXPP Host.

Tested all WXPP Guests for full functionality and stability: PASS!

Tested all WXPP Guests for full interchange of data with Host through “Clipboard-Linkage” provide by VPC07 and supplemented by “Virtual Machine Additions” (VMA) for VPC07. (Standard install of VPC07 provides simple ‘text-based’ linkage of Host and Guest clipboards; VMA adds ‘graphic-based’ linkages between those two clipboards): PASS!

Clean Installed latest version of Comodo Internet Security (CIS) as combined Firewall and Proactive Defense onto several different installations of Guest WXPP, so that CIS was also running under VPC07.

2. What actually happened or you actually saw:

MAJOR BUG Observed: (A) Data on Host clipboard (text and Grphics) was still transferred to Guest clipboard; (B) Data placed onto Guest clipboard (in any format, and verified as being there with Guest’s “Clipboard Viewer” (CV)) was no longer being transfered onto Host clipboard (again verified, but with Host’s CV)! This was observed with all source-versions of installed Guest WXPP.

3. What you expected to happen or see:

We expected to see VPC07 clipboard linkages between Guest and Host to continue functioning in both directions after CIS was installed.

4. How you tried to fix it & what happened:

(A) Deinstallation and fresh reinstallation of CIS has no effect on final behavior. (CIS removed / system rebooted => clipboards fully functional; CIS reinstalled and running => clipboards only work in one direction (Host data => Guest system).)

(B) Verified that cause was not previous “clipboard bug” reported on Microsof forums for VPC07 (see verfication in 4(A), above).

(C) Tried deinstallation of VMA for VPC07 => behavior in 4(A) continued; reinstalled VMA for VPC07 => behavior in 4(A) continued.

5. If its an application compatibility problem have you tried the application fixes here?:

Yes; either did not appear applicable or had no effect.

6. Details & exact version of any application (execpt CIS) involved with download link:

(A) Windows XP Professional SP3 with full security updates as of June 20,2011

(B) Microsoft Virtual PC 2007 with Service Pack 1 (MS has not released any patches after SP1 in 2008).

(C) Comodo CIS V.5.4.189822.1355: 10 May, 2011

(D) No other Security Software installed on either Host or Guest machines.

(E) No other Application Software installed on Guest machines.

7. Whether you can make the problem happen again, and if so exact steps to make it happen:

YES: Detailed above in 1 and 4(A); 100% function, or 100% non-function, EVERY TIME, depending upon CIS status.

8. Any other information (e.g., your guess regarding the cause, with reasons):

We performed additional testing to try to isolated the cause.

(A) We turned off ALL functions in CIS (all proactive and monitoring activities) => simple presence of running CIS appeared to continue interfering with clipboards functions.

(B) We removed the “run at startup” Registry Entry for CIS, so that CIS would be present (installed) on the Guest WXPP, but would not begin running when that virtual machine was booted/restarted:

(i)  Restarted Guest with installed CIS (but NOT started at bootup) functioned perfectly => clipboards functioned in BOTH directions;

(ii) Taking fully functional Guest machine in state "i", and then manually starting CIS, clipboards returns to error state of 4(A) => data NOT moving out of Guest/Virtual machine.

(iii) Taking crippled Guest machine in state "ii", and then manually stopping CIS, and verifying all associated processes were also stopped (through Task Manager), clipboards remained in error state of 4(A) => data NOT moving out of Guest/Virtual machine.

(C) We repeated all tested outlined in “B” above, but using CIS V.4.1.150349.920 from a download in September 2010; all results from 4(A) and 8(B)(i - iii) were identical to first round of testing.

(C) Guess: Since WXPP does not normally “export” its clipboard data, VPC07 must have to install some sort of internal interecept/injection “hook” or secret “network connection” inside the Guest copy of WXPP. The basic hook is independent of VMA, so it must be monitoring the data flow into the Guest’s clipboard as part of a direct modification of one of the Guest OS’s core files. Apparently, the process of starting CIS breaks part of this (intercept) hook, and closing down CIS does not completely restore the Guest machine’s original state. (Data flow from Host to guest might not be affected, as it is a different hook. It should not be too suprising that CIS would interfere with “secret” communications attempting to move in or out of the Guest WXPP platform upon which it is running. The exact details of why CIS might itself intercept, but not correctly “chain” clipboard data-flow is beyond my experience.)


(Most of the rest of the reporting template did not appear to be applicable,please contact me directly if I can provide any additional information, OR if you would like to try specific tests/workarounds/fixes on my established test-beds.)



  1. Screenshots illustrating the bug:

There are no “screen-shots” as the bug results in nothing appearing (should I attach a blank screen shot?).

2. Screenshots of related CIS event logs or the Defense+ Active Processes List:

No events (Other than CIS “Starts” / “Stops”) appeared in the logs; no error messages, NOTHING.

3. A CIS config. report or file:

(Sorry, I needed to use the computer; I uninstalled CIS. If this “CIS config” report iis really THAT important, let me know and I will reinstall and print a copy).

Otherwise, CIS was installed directly from the download, without any additional configuration, EXCEPT TURNING OFF ALL SERVICES!


4. Crash or freeze dump file:

Not applicable

5. Screenshot of More~About page:

(Sorry, I needed to use the computer; I uninstalled CIS. If this “About Page” is really THAT important, let me know and I will reinstall and dump and image).


  1. CIS version, AV database version & configuration used:

Comodo CIS V.5.4.189822.1355: 10 May, 2011

No AV Database

Proactive configuration

2. a) Have you updated (without uninstall) from CIS 3 or 4:


3. a) Have you imported a config from a previous version of CIS:


4. Ave you made any other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here.):


5. Defense+, Sandbox, Firewall & AV security level:

D+ = None

Sandbox = Not Enabled

Firewall= Disabled

AV = Not Installed

6. OS version, service pack, number of bits, UAC setting, & account type:

Windows XP, SP3, 32 bit

None in XP

CIS run as “Admin”

7. Other security and utility software installed:


8. Virtual machine used:

Microsoft Virtual PC-2007 with Service Pack 1


Thanks for all your help; great product; just wish it would work better under virtual environments.

– H.Parker (AucLinks)

Thank you for your part finished Issue report we really need a full report before it can be moved to verified could you please supply the rest of the report.

Example here of a full report.

The only possible reason for not supplying a full report is you have been contacted by a Staff member please supply details, otherwise this topic will be moved to Orphaned/Resolved/Outdated Issues - CIS.

Thank you


Please note as soon as your bug is posted a Member of Staff will have looked at your Issue report on there next visit to the Forum even ones that are moved to Orphaned/Resolved/Outdated Issues - CIS are seen as all reports are left on this board for a sufficient period of time to allow this.

The Format was decide in discussions between a Moderator and Staff members as the best way for them to be able to replicate the Issue so they could fix it.

Please also note I and most Moderators are not Staff members but moderate the Forum in their spare time, you can recognize Staff members by their Staff avatar.

Thank you for your updated report will moved to Verfied shortly.

Thank you


Thank you for your Issue report.

Moved to verified.

Thank you