CIS v6 Paranoid mode and windows shutdown time


Recently I uninstalled CFW v5 and installed CIS v6, replacing my CFW v5 and MSE security config on 2 machines
All is well except now when I shutdown windows, on both machines it takes several minutes
Before this was seconds

I think that CIS is showing me an alert and awaits my input (which i cannot give because of the shutdown)
I checked the eventlog and checked the D+ events. Only wininit.exe trying to create logonui.exe did not have an related alert behind its entry

This is what I tried so far:

  • Added wininit.exe and logonui.exe to trusted files in file rating
  • Created ‘Allowed application’ rules in D+ for wininit.exe and loginui.exe
  • Shutting down and booted with trainingmode on for both FW and D+. this works, but setting back to paranoid mode D+ and safemode FW brought back the long shutdowntime

What could be wrong? Am i missing something?

It depends how far you go in Paranoid Mode though I admit mine was a upgrade not a clean install.

I had to add certain rules manually for log of/shutdown + switch user.

The best and only way is to check Defense+ logs after next reboot then add any missing rules.

I think the ones I added where for Wininit.exe.


I am not sure what you mean by ‘It depends how far you go in Paranoid Mode’
Is there a degree in how far you implement paranoid mode?

I think/hope i did a clean install by ininstalling and installing the downloaded cis exe

I added wininit.exe to the rules letting it be an allowed application, but still no luck

Is there any way to see which alerts were unanswered?
I am still not sure why trainingmode did not add rules. This because in trainingmode the shutdown is within seconds.
Must I shortly enable ‘create rules for trusted files’ in D+ settings? I thought i had that enabled when i tried, but could try again though

I would never run it in Training Mode that’s what I meant how far you go in Paranoid Mode.

If you tick the box create rules it should work in Safe Mode, just check for rules add for Wininit.exe after you reboot then you can go back to Paranoid Mode if you wish.

You need to click on logs I think it was in the CIS taskbar the go to the top left corner in that screen where there is a drop down list chose Defense+

Alright, that sounds good.

  • set to safemode,
  • enable create rules for trusted apps
  • reboot
  • check created rules

btw, was it wrong of me to set it to trainingmode and reboot? I had a clean system before the upgrade to cis v6 and i do scan regularly. Trainingmode is a mode better avoided?

Yes really it should be avoid if you can, as it allows everything good or bad.

Usually you only need it for some games not all though, Training Mode start game the shutdown game then go back to whichever Mode you where using.

It is best for me to reset all rules and start over with setting them up

Is there a rest to factory button in CIS? I cannot find it just yet

It may not have saved any of them as you did not have the box checked.

If you really want to start again the easy way instead of uninstall/reinstall is to go to Advanced/ configurations/import then in the import screen go to C:\ProgramFiles\Comodo\Comodo Internet Security select the one you want there should be three Internet/Firewall/Proactive chose a different name Proactive Security 1

After import you need to activate it.

Hi, I tried to fix it but it did not help

I imported Proactive again and gave it another name.
After import, i activated it.
CIS started asking me for permissions about programs, so i think the config swicth went well

I switched to D+ safe mode and checked the ‘create rules for trusted applications’
Shutdown went fine
Switched back to Paranoid mode (left the checkbox checked)
Shutdown took multiple minutes

D+ log shows only wininit.exe trying to create logonui.exe without a link ‘relevant alert’
But manually adding both files to the filerating and hips rule did not help

What else could be wrong?

And i am a bit concerned about my boot in training mode. How can i be certain that my pc is not comprimised? Scan showed 0 infected items. I have heuristics set to high on the full scan

Sorry I cannot help you with the exact paths I added at the moment.

I return back to 5.12 thinking problems I was having where due to CIS V6

I intend to upgrade back up to CIS V6 in the next few days and will post exact entries when I find what is causing my problem it may a bit longer I really need to find the cause of my problem first.

As you have gone to a new Configuration I would not worry about the boot in training boot highly unlikely that anything happen.

You can always open a new topic here and ask for suggested other programs to scan with or read Sticky Topics on that board.


same issue despite all proper permissions are given to the respectable processes for initiating logon/logoff

These rules are only for Windows 7 x 32 bit any other OS might have different paths so do not copy/paste my entries.

First you need to add Wininit, click add in Defense+/HIPS Rules then Browse then Running Processes chose wininit.

C:\Windows\System32\wininit.exe this should the entry you have for your new rule.

Then you need to add in Run a excutable click Modify then add files then find LogonUI.exe or just add this entry C:\Windows\System32\LogonUI.exe

Then you need to add in Protected registry keys click Modify then Add Registry Entries then find HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownFlags

Then you need to add in Protected COM Interfaces click Modify add COM Components then Add LocalSecurityAuthority.Shutdown

You can do this yourself on boot after you have shutdown and check the Defense + logs for the blocked entries.

as i said previously i have already made various attempts at what permissions were to be required for a proper shutdown/logon.

Please check Defense+ logs to see if there are items still being blocked.

If not could you please post a bug report in this section of the forum. Be sure to strictly follow the format provided in this topic.