Comodo XPSP2_x32 - Comodo locking files when Defense+ active

Hello, I am the developer of Windows Media Player 11 Slipstreamer. This program is written in C# and seems to have uncovered a bug in Comodo.

My program uses .NET interop to make calls to cabinet.dll to decompress cab files, and according to MS SDK, when FDICopy calls the notification function I pass via .NET interop with fdintCLOSE_FILE_INFO, I try to set file attributes and creation times.

When Defense+ is active (on any level) I get exceptions in my event handler function (in random files but all are “executable” (*.exe *.sys *.dll *.ocx)) that the file is locked by another process.

I suspect a race condition because it occurs less frequently when PC is under load. Of course I am opening the file for write access (to set creation time).

I have tried:

  1. Adding app to safe list
  2. Turning off Image File Execution (was on Medium)
  3. Decreasing Defense+ level by level
  4. Permanent disable of Defense+ ← Fixes it.

There are no interactions in Defense+ Events with my program (and no alerts).
It was previously set on “Train with Safe Mode”.

My investigation:

  1. AMON + Defense+ + Firewall (Fails)
  2. AMON + Defense+ (Fails)
  3. Defense+ (Fails)
  4. Defense+ + Firewall (Fails)
  5. Firewall + AMON (works)

I am running NOD32 2.7.39 at the same time. Disabling AMON didn’t make any difference. I am investigating the issue more and will edit this post when I get more results…

If you want any more info I will be glad to assist where I can.

Attached testcase (C# program compiled in Debug mode, uses my interface and libs)

This testcase tries to extract an embedded cab file containing WMP11 setup files to a temporary folder and then delete it.

Some files are signed some are not. It fails consistently in a different file when Defense+ is loaded while it is extracting with “The file is in use by another process” in the function that attempts to set last write time.

Hope it helps.

[attachment deleted by admin]