Recently I uninstalled CFW v5 and installed CIS v6, replacing my CFW v5 and MSE security config on 2 machines
All is well except now when I shutdown windows, on both machines it takes several minutes
Before this was seconds
I think that CIS is showing me an alert and awaits my input (which i cannot give because of the shutdown)
I checked the eventlog and checked the D+ events. Only wininit.exe trying to create logonui.exe did not have an related alert behind its entry
This is what I tried so far:
Added wininit.exe and logonui.exe to trusted files in file rating
Created ‘Allowed application’ rules in D+ for wininit.exe and loginui.exe
Shutting down and booted with trainingmode on for both FW and D+. this works, but setting back to paranoid mode D+ and safemode FW brought back the long shutdowntime
I am not sure what you mean by ‘It depends how far you go in Paranoid Mode’
Is there a degree in how far you implement paranoid mode?
I think/hope i did a clean install by ininstalling and installing the downloaded cis exe
I added wininit.exe to the rules letting it be an allowed application, but still no luck
Is there any way to see which alerts were unanswered?
I am still not sure why trainingmode did not add rules. This because in trainingmode the shutdown is within seconds.
Must I shortly enable ‘create rules for trusted files’ in D+ settings? I thought i had that enabled when i tried, but could try again though
I would never run it in Training Mode that’s what I meant how far you go in Paranoid Mode.
If you tick the box create rules it should work in Safe Mode, just check for rules add for Wininit.exe after you reboot then you can go back to Paranoid Mode if you wish.
You need to click on logs I think it was in the CIS taskbar the go to the top left corner in that screen where there is a drop down list chose Defense+
btw, was it wrong of me to set it to trainingmode and reboot? I had a clean system before the upgrade to cis v6 and i do scan regularly. Trainingmode is a mode better avoided?
It may not have saved any of them as you did not have the box checked.
If you really want to start again the easy way instead of uninstall/reinstall is to go to Advanced/ configurations/import then in the import screen go to C:\ProgramFiles\Comodo\Comodo Internet Security select the one you want there should be three Internet/Firewall/Proactive chose a different name Proactive Security 1
I imported Proactive again and gave it another name.
After import, i activated it.
CIS started asking me for permissions about programs, so i think the config swicth went well
I switched to D+ safe mode and checked the ‘create rules for trusted applications’
Shutdown went fine
Switched back to Paranoid mode (left the checkbox checked)
Shutdown took multiple minutes
D+ log shows only wininit.exe trying to create logonui.exe without a link ‘relevant alert’
But manually adding both files to the filerating and hips rule did not help
What else could be wrong?
And i am a bit concerned about my boot in training mode. How can i be certain that my pc is not comprimised? Scan showed 0 infected items. I have heuristics set to high on the full scan
Sorry I cannot help you with the exact paths I added at the moment.
I return back to 5.12 thinking problems I was having where due to CIS V6
I intend to upgrade back up to CIS V6 in the next few days and will post exact entries when I find what is causing my problem it may a bit longer I really need to find the cause of my problem first.
As you have gone to a new Configuration I would not worry about the boot in training boot highly unlikely that anything happen.
You can always open a new topic here and ask for suggested other programs to scan with or read Sticky Topics on that board.
These rules are only for Windows 7 x 32 bit any other OS might have different paths so do not copy/paste my entries.
First you need to add Wininit, click add in Defense+/HIPS Rules then Browse then Running Processes chose wininit.
C:\Windows\System32\wininit.exe this should the entry you have for your new rule.
Then you need to add in Run a excutable click Modify then add files then find LogonUI.exe or just add this entry C:\Windows\System32\LogonUI.exe
Then you need to add in Protected registry keys click Modify then Add Registry Entries then find HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownFlags
Then you need to add in Protected COM Interfaces click Modify add COM Components then Add LocalSecurityAuthority.Shutdown
You can do this yourself on boot after you have shutdown and check the Defense + logs for the blocked entries.