Comodo blocking registry reads and deletes without any notices or logs

I am a programmer, and one part of my application is a program called update. It removes any previously installed version of my application, and installs the new version. It also can manually remove the prior version in case the windows installer gets messed up, which sometimes happens and the customers get an error message from the installer.

Therefore, my updater program is important and MUST run properly. However, Comodo 4 (latest update available) is blocking certain parts of it’s tasks without any popup alerts and without any logging of blocking it.

My program is written in VB.net 2003 (so that is uses .NET framework 1.1 which almost all PCs have) and it does registry reads using standard methods:

Dim regKey As RegistryKey
regKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(strKeyPath)
and I do this for the LocalMachine, ClassesRoot, and CurrentUser because the installer paths may be at any of these locations.

And my keys I’m checking are:
Installer\Products
Software\Microsoft\Installer\Products
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Again, I check for these keys in LocalMachine, ClassesRoot, and CurrentUser because they could be at any location.

My program then should shell MsiExec.exe to start the program’s normal uninstaller, but since it can’t find the registry keys due to Comodo, that never happens.

My program also calls cmd.exe to execute a batch file, and comodo’s sandbox always takes control of that, despite telling it that update is my own safe file. If I turn off the Sandbox, it still fails because Comodo is silently preventing the deletion of the keys it needs to delete.

Comodo prevents the registry reads from my program.

Comodo prevents the reg delete commands in the batch file spawned by my program.

If Comodo is not installed, or is not this new version 4, then I have no problem. However, with Version 4 of Comodo, my program fails, I get no Comodo popups, and I get nothing in any Comodo Logs.

Comodo persists in these problems even if I DISABLE the Sandbox and DISABLE the Defense Plus Module and make update.exe My Own Trusted File.

Please correct this! Comodo needs to recognize that if my file is My Own Safe File, it should be allowed to make registry changes, and if it spawns a cmd.exe, then my own safe file’s permissions should apply to the spawned process!

I really like Comodo, but these recent problems really suck for developers like me!

Edited to Clarify a few things.

First of all, I am not a programmer so I am just bringing common sense questions and remarks.

In what configuration are you running CIS? Internet or Proactive Security?

At first sight I would say I miss the Elevated Privileges alert from CIS when starting the updater (I am assuming here the updater is a separate program). The installer would need a manifest which says “require administrator privilege”.

Starting up other executables is only allowed for the following policies (putting them in My Own Safe Files will not work for this):
Windows System Application
The elevated privileges alert for installers
Installer/Updater

How did you disable D+? By moving the slider to disabled or did you enable “Deactivate Defense+ permanently (Requires a system restart)” and did the required restart?

I’m running CIS in Internet Security Mode.

Yes, Update is a separate program. I can remove the need for it to spawn cmd (it was just far easier to run a batch file than create all of those reg deletes in code). But I still must be able to read and delete those registry entries. I haven’t created a manifest yet, but I still get the vista elevation somehow (don’t remember how I made that work, been a while since that was written), and the file icon shows up with the elevation shield… In any event, everything works in Vista without Comodo 4. However now that I have Comodo 4 it simply fails and I get no logs and no popups from Comodo.

I disabled D+ by moving the slider to Deactivate D+. I don’t want to have to permanently deactivate D+, it would NOT WORK to make my customers do that. I don’t know anyone who would install a program that required them to disable their AV and reboot just to install a program…

Edit: I remembered why I didn’t have to create a manifest… Certain key program names are automatically forced to prompt for admin access. Those are: setup update and install.

I asked about how you disabled D+ to see if the problem would persist or not with D+ permanently disabled. If it persists it points to a compatibility problem between the two programs. Could you try and see?

About the registry keys. I saw somethings sosrta similar I think earlier today where it was suggested that Geswall could be interfering with D+ alerts of CIS. Do you have other security programs running in the background?