I have this snapshot software: FirstdefenseISR. When creating a snapshot I get error in Firstdefense: cmdmon.sys and inspect.sys = access denied, meaning that they are not copied to the snapshot. When booting into that snapshot I notice that Comodo gets all messed up because those two files doesnt exist there.
Wont this create a problem with other backup software too?
But I´ve just learned that there is a way to walk around that problem: I disabled “Protect own registry keys and files from unauthorized modifications” in Comodo FW and then the two files got copied to the snapshot.
I can always disable the above mentioned rule before doing a snapshot. The only downside is that I can not use scheduled creating of snapshots.
I guess there are no way to tell Comodo to allow Firstdefense modify those files with this rule enabled?
Thanks for testing.
I have Windows XP PRO SP2 and all hotfixes too. Interesting result ???
I wonder why I have to disable the protection in Comodo in order to get those files into my snapshot…
I do not have any other software that could interfere with Firstdefense copying those files.
I use VSS since I have not changed it after the install of FDISR. And I see in the processes that Volume Shadow Copy Service is started when I create/update a snapshot.
For the time being I have disabled the Firstdefense schedule and I will do manual snapshots with the CPF rule disabled only then.
I presume the protection of these two files is a new feature in this beta since I have not had this problem* with earlier versions of Comodo Firewall.
not a problem really, it is good that Comodo protects itself if that is a way for the bad guys to compromise Comodo Firewall. I can live with it
hmm… if I leave “Protect own registry keys and files from unauthorized modifications” checked and uncheck “Show the application window on system startup” instead, I can do a backup without problems ??? but not if I leave everything checked in “Miscellaneus”
One of those has to be unchecked in Comodo gui if I want those two files (cmdmon.sys and inspect.sys) to be copied to the snapshot.
very strange indeed.
Yes this is weird. System startup should not have any effects on this. Some backup programs may try to modify the files, like trying to move them etc. But when self defense is active, CPF should not allow so. Because the same thing can be achieved by a malware if we allow so.
Setting security to “Allow All” would also solve the problem.