i need to revisit a problem that staill exits to the present release. i have shadow protect for desktop(spd). this is disk imageing software. spd places a service in system serviices. full blown cis stops this service from starting. ther only workaround(not a solution) is to permantently disable defence+. my thought is that a driver for defence+ stops the spd service from starting. spd has something call network view wher you define a connection to another computer, an online connection, a nas or whatever. for me that is a connection to a local drive. so my connection is to local host. an oddity to me is that before vista sp2 everything worked well together. after vista sp2 the problem began. i really need comodo to look into this. i have backed away drom cis several times coming back with each new release to see if the problem is resolved. i have read that many people gave up on cis because of this problem or one like it. i would like to see some guidance from comodo and/or people who have encountered this problem.
Is this hard disk a fixed disk as in it is not an external disk? In the situation of an external disk CIS will not learn the rules. It will only follow the rules until either your computer restarts or when you disconnect and reconnect the disk again. CIS behaves the same way with USB sticks for example
Did you have “Block all the unknown requests if the application is closed” enabled? That might interfere.
Edit by EricJH: I made the subject line more desriptive. Please feel free to change it; it is only a suggestion.
i dont know how you managed to post within my post and change the topic heading at the same time. the drive is a usb external disk drive. i did not have the item you mentioned checked. the problem happens at boot time resulting in a windows error report. the report stated the spd service failed to start or did not start in a reasonable time. i am not sure if cis was active or fullu active at the time., which brings me to the defence+ driver causing the problem.
There is a shellcode injection protection controller under Defense+/Advanced/Image Execution Control: untick “detect shellcode injections”, apply everywhere.
If it helps you solve your problem without disabling D+ then you may add spd related executables to exclusion list of shellcode injections’ protection.
No problems. Keep in mind that you can leave BO (buffer overflow) protection active, only add appropriate exceptions for Shadow protect executables.
We should bother Comodo dev department so they consider to fix logical flaw in Defense+ GUI: seeting D+ to “Disabled” mode (not disabling permanently) does not disable BO protection (which is the part of D+), though it should.