[Solved] Clean Endpoint / COMODO Cleaning Essential (CCE) is discontinued?

Works for me on Windows 11 25352.1 Canary

Greetings,

What type of HDD are you using? (Spinning, SSD or nvme)?

Also, are you using an UEFI Windows install?

Thanks in advance,

B

Greetings,

SSD, UEFI not using.

Thanks megaherz33.

I’m using nvme HDD and UEFI Windows install. I think the issue could be simply of using an UEFI Windows install.

Otherwise, I hypothetize that maybe CCE could not run on nvme HDD.

On the other hand, CIS 10.0.0.6111 runs fine on UEFI win11 install 22H2 OS Build 22621.1702 (downloaded from https://download.comodo.com/cce/download/setups/cce_public_x64.zip). Could something has change between CCE v10 and v12 that would prevent v12 from running? Considering that v10 runs on nvme HDD and UEFI windows install, that would cancel the 2 hypothesis I just stated.

Thank you,

B

Greetings,

I’m using an UEFI win11 installation (version 22H2 OS Build 22621.1702) on a nvme HDD. I downloaded a win11 .iso and checked its hash file with the one shown on Microsoft website and it matched. I mounted the .iso from within Windows OS on D: and ran dism /online /cleanup-image /restorehealth /source:D:\Sources\install.wim /limitaccess from within powershell without any issue.

I then immediately tried downloading CCE v12.2.3.8026 via CIS v12.2.4.8032 and after chosing to run a full CCE scan, it asked for a reboot.

After rebooting, Windows started automatic repair and couldnt repair itself. I tried via: Troubleshoot > Advanced Repair > Command prompt to run the following commands, but without any success.

dism /online /cleanup-image /restorehealth started running then gave error code 87. (Please see the following picture).

bootrec /scanos found 0 Windows installation
bootrec /fixmbr succeeded successfully
bootrec /rebuildbcd says: Access denied. It also found 0 Windows installation
(Please see the following picture).

chkdsk c: /f /r found 0 bad sectors. (Please see the following picture).

I tried via: Troubleshoot > Advanced Options > Startup Settings > Restart and then tried to launch Windows in safe mode with networking, but Windows wouldnt launch (into that mode) still.

I tried via: Troubleshoot > Advanced Options > Startup Repair to fix Windows, but it wouldnt work.

Only via Troubleshoot > Advanced Options > System restore was I able to load a previous restore point to actually repair Windows, but upon reaching Windows desktop, CCE wouldnt resume and did not start scanning.

Looking at SrtTrail log under C:\Windows\System32\LogFiles\Srt\SrtTrail.txt lists that Startup repair couldnt succeed due to C:\Windows\System32\Drivers\ofvpmj.sys being corrupted. (Please see following picture).

I did run sfc /scannow and dism /online /cleanup-image /restorehealth without any issues after restoring from a restore point then tried to download CCE again from CIS, rebooted for a full scan to take place and Windows would start auto-repair again. I restore from a restore point and this time SrtTrail log pointed to icquni.sys driver being corrupted. (Please see following picture).

By looking under: device manager (view device by driver and show hidden device), via Autorun.exe, DriverView.exe, cmd driverquery /v and manually under C:\Windows\System32\Drivers, I cannot find any traces of ofvpmj.sys or icquni.sys.

I think that a corrupted driver would be more likely to be the reason why Windows OS breaks when CCE downloaded via CIS asks for a reboot in order to run.

Any ideas why CCE wont run on this machine and how this issue can be fixed?

Thanks in advance,
Best regards,

B

Try this program to disable the driver that looks suspicious to you when starting the PC
Note the change
Restart PC

ServiWin utility

Edit: If the cause is a driver loading Windows, you should change its state to disabled on boot to be sure.

Hello.

Try my version CCE.

Everything works, no problem.

Thanks for the Reply ZorKas. I will definately have a look at that software!

Just posting two pics of other drivers that got corrupted preventing Windows from auto-repairing when trying to launch CCE that asks for a reboot.

dcmwwg.sys

mjvhhu.sys

Thanks again,
Best regards,

B

Submit at > VirusTotal
dcmwg.sys
mjvhhu.sys
The others too
For control

Greetings ZorKas,

Thanks for the reply.

As mentionned, the 4 drivers cannot be found via File Explorer. I tried the ServiWin app and it wouldn’t find the 4 drivers neither.

Last night, I enabled Terminal as startup app and updated powershell for the first time on this Windows install to powershell 7.3.4.

Via Asus Armoury Crate, I downloaded for the first time HTML v4.0 and updated ASUS HAL central. During that update which occured on the Windows desktop itself (in a Windows session), about 15 cmd windows opened one after another for a fraction of seconds each within about 10-15 seconds total. Then ASUS Armoury Crate offered to restart and after rebooting, Windows would start automatic repair and couldn’t repair itself. SrtTrail log points to uezndl.sys which is corrupted. As you might of guessed that driver isn’t listed neither under C:\Windows\System32\Drivers. (Please see the following picture).

I had to do a system restore to get back to Windows desktop. After it finished, I had to click all options (about 7 options) that are offered when installing Windows OS (such as accepting to try Office or upgrade OneDrive cloud) in order to boot to the desktop for the first time; this is not how system restore proceeded so far. Then, I downloaded the same two updates via ASUS Armoury Crate, which also poped about 15 cmd windows one after each other (as on previous attemp) and rebooting worked fine this time.

I ran CIS full scan and it found 2 threats, then I shut down the PC.

Today, when I booted the PC (ASUS b560 plus motherboard), it did 1 long beep and 4 short beep. It seems to be faulty hardware. I shut down the PC and turned it back on and there was no beep this time and the PC booted fine twice (on two full shutdown as tests).

Today, I looked under ASUS Armoury Crate and I cannot find the two updates downloaded last night. ASUS HAL Central can be found under Armoury Crate, but its installation date doesnt match with the update I’ve done last night (as can be seen on the following picture, in addition to no HTML 4.0 being listed).

On the other hand, under Settings > Apps > Installed apps, Asus Motherboard 4.00.06 can be found with the date matching the HTML 4.00 update from ASUS Armoury Crate from last night.

I wish I could upload the drivers listed in SrtTrail log.

I have some update about CCE not working. Either downloaded via CIS or launched via COMODO Killswitch, CCE can be partially ran. It can run a “Smart Scan” and a “Custom Scan” the latter covering all four entries (1. Memory; 2. Critical areas and boot sector; 3. Hidden registry objects and services; 4. Hidden files and folders), but after running either of the two scans, the “no” option has to be clicked to not reboot to scan for hidden services, otherwise Windows OS will break with a new random driver being corrupted each time. (At this point, this is how I would resume the issue described in this thread). I hope this info will help to fix the root cause of CCE not running on this PC.

I am tempted to speculate that a possible threat could break drivers to prevent CCE from running to scan for hidden services or a threat that would create logs in Srt for driver(s) which does not exist on the PC (as the drivers listed in SrtTrail log cannot be found and its always a different driver that breaks).

How reliable is ServiWin to find hidden services that CCE find when asking for a reboot?

Thanks in advance,
Best regards,

B

One beep and four short beeps:
Answer: Abnormality is detected when CPU fan error or CPU over temperature error or CPU over voltage error
Please make sure your CPU and CPU fan are installed correctly, if still fail, please enter BIOS to load default BIOS or clear CMOS to try again

ServiWin

My opinion ?

  • There seems to be a hardware problem on your PC (Beep) (see above)
  • System Operator (Windows) seems corrupted from your in-depth remarks on some drivers
    My conclusion :
  • Back up your data
  • Find and deal with the problem of the processor with its cooling
  • Perform a clear cmos of the motherboard then load the default configuration
  • Check for Bios updates and install the latest version
  • Proceed with a “clean” reinstallation of Windows
  • Perform Windows updates
  • Install your programs
  • Restore your data
  • Perform a Windows integrity test by going to the CMD in administrator mode and copy the following command:
    sfc/scannow
  • Proceed with the installation of Comodo CEE
    Of course, it was you who ultimately decided whether to take my advice or not.

ZorKas

Will definitely give it a try.

Thanks ZorKas

B

Greetings ZorKas,

I had my motherboard do a SSD Secure Erase from the BIOS on the nvme HDD and set the nvme LBA to 512 kb. (Previously, I used to partition the Windows install HDD (nvme) with Ubuntu and partion it as gpt).

I installed win10 UEFI with legacy win10 usb created from windows media creation tool (instead of verifying win.iso and using rufus to create the booting usb key), updated the drivers via Armoury crate, installed CIS and ran a full scan, updated Windows, updated GPU, headphones and mouse drivers, ran CIS Smart scan


and CIS custom scan including all four areas: “Memory, Commonly infected areas, Full Computer and Trusted Root Certification Authorities” and the custom scan found 2 threats:

  • C:\Windows\Installer\6dcf4.msi
  • C:\Windows\Installer\6dcf4.msi|_8180A39A3A093ADA084BC5F281D5CD3F|_D483948F94F5413281D5DD698ADDFE0A

(As can be seen in the linked picture to this reply named “2 threats found.jpg”).

I then ran CCE custom scan with all four areas (without reboot for hidden services) and it found no threats. I then ran sfc /scannow which fixed Windows, as it used to do in the last 3 win11 install within the last 2 weeks (ie: fresh install and sfc /scannow would always fix Windows via sfc /scannow after Windows finished updating). I tried running CCE full scan, which starts with a reboots, but Windows 10 OS broke still. SrtTrail points to c:\windows\system32\drivers\tljkva.sys that is corrupted, but indeed the file cannot be found in the directory mentioned.

I’m joining to this reply the CBS log from sfc /scannow:

https://1drv.ms/u/s!AvA6nzJns9U9rQPtWG573hb31wEO?e=EuYqRi

I really wonder what’s going on with this PC. I wish I could provide more logs or info to help resolve CCE breaking Windows OS when rebooting to scan for hidden services and figuring out why Windows OS always gets repaired by sfc /scannow after finishing updating Windows OS.

Any help or suggestion will be much appreciated,
Best regards,

B

Hi burialfaith,

This is not the right way to go
Your CBS log mentions a high error rate following the command > SFC /scannow

: Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]

: InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~amd64~~6.4.1.0 [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]

Etc…

The so-called “clean” installation of Windows 10 in your case states:

  • Bios motherboard battery removal (CR2032)
  • Clear cmos (jumper)
  • Replace the 3v battery (CR2032)
  • Default BIOS loading
  • Search on the manufacturer’s website for the latest version of the BIOS then proceed with the installation (see procedure of the motherboard manufacturer)
  • USB key preparation with Windows 10 22H2 latest version

Install Windows 10

  • Boot on the USB key
  • At installation when choosing the disk, delete all partitions
  • Choose the installation on the main partition
  • Wait for the end of the installation and the updates

Do not use driver update software
Once the PC restarts, search for Windows system updates to verify the absence
Run under CMD in administrator mode the following command to confirm the integrity of the Windows system
sfc /scannow
For the drivers, go to the motherboard manufacturer’s website and download those related to the version of the OS installed

If you do anything other than the procedure above, there’s no need to continue…

ZorKas

1 Like

Greetings ZorKas,

Thanks a lot for the help!

May I ask how clearing the CMOS by shorting the 2 pins on this mb model (ASUS PRIME B560 Plus) may work if there is not battery (and that the power cord is unplugged from the PSU)? (Refering to the picture below).

Also, I’m very interested as how replacing the motherboard battery would have anything to do with sfc /scannow fixing every fresh Windows install or resulting in apparently new and random drivers being corrupted when attempting to run CCE?

BIOS was already updated to the latest version: 2001. Do you suggest to actually overwrite it? Or restore to its previous version (via BIOS Image Rollback Support option) then upgrade it again?

In anser to the step you mentionned: “At installation when choosing the disk, delete all partitions”

I’d like to mention that, I use the cmd sudo dd if=/dev/urandom of=/dev/sda status=progress (in order to wipe HDD before reinstalling windows) via an USB key with Ubuntu mounted on. Then I use to create a gpt partition on the wiped HDD (from within Ubuntu) and after I boot with an USB key containing Windows.iso. Via the Windows installation software, I use to “format” the gpt HDD, then I click “next” and it creates three partitions: 1. the 100 mb partition; 2. another small (about 16 mb) hidden partition and 3. a full size partition, which on the latter I install Windows on. I dont think I’m wrong on that step; should I keep going that way?

I did reset the motherboard to optimized settings a few days ago just before installing this latest win10 OS install. For references, I did afterward change the following BIOS settings:

  • Aura (onboard lights) > Aura Off
  • Onboard Devices Configuration: Intel LAN Controller > Disabled
  • Connectivity Mode (Wi-Fi & Bluetooth) > Disabled (as I use a PCIE wifi card, dont have LAN with ethernet cable unfortunately).
  • M.2_2 Configuration > PCIE (WD Black SN750 SE)
  • USB Configuration: Legacy USB Support > Enabled
  • PCH Storage Configuration: SATA6G_3 (port) > Disabled
  • SATA6G_4 (port) > Disabled
  • SATA6G_5 (port) > Disabled
  • SATA6G_6 (port) > Disabled
  • Boot Configuration: Fast Boot > Disabled
  • Setup mode > Advanced Mode
  • Boot Sector (MBR/GPT) Recovery Policy > Auto Recovery (Follow UEFI rules. instead of “Local User Control”: where You can enter setup page and select Boot Sector (MBR/GPT) Recovery Policy to recovery MBR/GPT on the next boot time).

I will definately give it a try to not download drivers from ASUS Armoury Crate (thus not installing it neither) and also not try to not download them from Microsoft updates this time.

May I ask what you mean by: “Once the PC restarts, search for Windows system updates to verify the absence”?

Also, if I get you correctly, you suggest: 1. to check for no windows updates being installed when reaching Windows’ desktop for the first time; 2. running sfc /scannow; 3. installing drivers from manufacturers; 4. updating Windows OS?

Lastly, at which moment do you suggest to install CIS?

Un GROS Merci!
Salutations,

B

1 Like

Regarding the reset of the cmos, you must remove the CR2032 battery then short-circuit the jumper like the image below:

(For info: When the CMOS battery is removed, the contents of memory are erased. Depending on the type, this process can take a few seconds or even days. Therefore, the battery should only be removed if the memory needs to be erased. Such an operation may be necessary if the computer has booting problems or if a different BIOS chip has been inserted. For some motherboards, this procedure is also recommended after a BIOS update. On many PCs, you can also reset the BIOS password through CMOS. On most laptops, however, the built-in anti-theft protection prevents achieving the expected success with this method.)

This will reset the cmos ram, replace the CR2032 battery
If the latest version of the Bios is installed it’s Ok no need to replace it
Take my advice for partitions without linux commands or other scripts, don’t grub
Leave the motherboard settings as default
The Windows update control allows you to know the latest updated version using the winver command under CMD
Once everything is installed, check the Windows event log to control errors and if the log establishes errors that are too critical it confirms that Comodo is not the cause
If the log is Ok, make a disk image backup then download Comodo CIS to finish installing

Regarding the update of the drivers I recommend Easy-Driver free for the control of the availability of the latter

ZorKas

Greetings Zorkas,

I tried you suggestion:

  • Unplug power cord
  • Unplugged keyboard, mouse and USB adapter for Headset
  • Removed cmos battery
  • Shortcut the cmos pins for 1 min with stainless steel
  • Waited 10 min…
  • Re-insert cmos battery
  • Pluged in the mouse and keyboard, but not USB headset
  • Booted into BIOS, restore default settings (has 3 settings had to be reset)*** password was reset, but since settings were restored to default, I cant asume thr CMOS was correcty cleared for this motherboard model (ASUS Prime B560 Plus)
  • Booted from win10 usb key
  • Only deleted partitions for the drive
  • Installed Windows without internet connection (thus I did not login to a Microsoft account (and never in all the next step neither)
  • Typed winver in cmd and got: version 22H2 OS Build 19045.2965
  • Checked installed updates and found 5 (please see following picture):
  • Ran sfc /scannow and it still fixed windows files (please see following picture):
  • Shutdown the PC, plugged in the wifi antenna via 2 kinda coaxial slot (PCIE card was already installed)
  • Updated Windows (and it would automatically install drivers before I manually did) (please see the following pictures for all updates installed to get win10 fully up-to-date)

  • Ran a sfc /scannow without any issue found
  • Installed all drivers from Manufacturer’s website (please see the following picture for a list of the drivers installed):
  • Checked for new Windows updates, none found
  • Installed CIS from a new download link and a different version also (please see following picture for details about the CIS file downloaded):
  • Registered CIS serial
  • Fully updated CIS (12.2.2.8012)
  • Activated CIS warranty and no threats were detected! (It feels like ASUS armoury crate could of downloaded false drivers/threats/false positives…)
  • Downloaded Geek Buddy (please see following picture for file downloaded):
  • Installed Geek Buddy (v4.32.426408.247), but it has unstable connection although it can connect to the server this time. (Thus the Geek Buddy issue from the other thread seems to be fixed. Just using a VPN used to stabilize the connection).
  • Created a restore point
  • Uninstalled COMODO Internet Security Essential (which came along Geek Buddy)
  • Downloaded CCE 12.2.2.8012 from within Geek Buddy
  • Chosen to run a full scan
  • PC reboot
  • NO WINDOWS OS AUTOMATIC REPAIR !?!?!?!?!?
  • CCE ran properly!!!
  • Plugged in USB headset
  • Installed USB headset software (including its drivers)

/emote Burialfaith starts to have a little faith.

+1000 rep for ZorKas!!!

302 days after its opening, this thread can now be closed!

Thanks A LOT ZorKas for the help!!!
Merci!!!

Meilleures salutations,

Burialfaith

1 Like

Thank you for the feedback
ZorKas

1 Like