I’ve just installed Comodo’s Internet Security (Firewall) and have been trying to get it to work with a lowerping traffic re-direction service I use to play World of Warcraft. Being putty.exe > SOCKScap and Wow. I get as far as Run in SocksCap and then Wow.exe crashes everytime with “Faulting application wow.exe, version 3.0.3.9183, faulting module unknown, version 0.0.0.0, fault address 0x026f41f0.”
I’ve tried adding putty, sockscap and wow all to the Trusted Programs area of Comodo along with turning on training and hitting Allow everytime it prompted during the putty opening through to sockscap and still it crashes wow.exe when I hit run in SOCKScap.
The Lowerping people tell me
Your DEP “data execution prevention” Is causing the crash for freecap and Sockscap.
Seems like Comodo changes the defult Windows DEP settings or the hardare DEP when you install it.
Im not sure how to turn this off in Comodo.
You could try emailing comodo support and asking them if there is a setting you can change to put windows DEP back to defult while comodo is installed.
The Settings in Control Panel>System>Advanced>Performance>Data Eexecution Protection seem to stay the same after installing Comodo so i’m guessing it’s a built in feature that can’t be disabled?
Disabling the Firewall and D+ Security don’t seem to make a difference only after uninstalling Comodo was I able to use Putty > SOCKSCap and WoW.exe again.
As you have verified CIS does not change DEP settings.
CIS has its own buffer overflow prevention that may be the problem. Go to Defence+, Advanced and Image control settings. Near the bottom is an exclusions button. Add the problem application here and it may help.
I also believe there is a problem. On installing the latest version v3.8…477 windows XP SP3 asked me if I wanted to exclude it from DEP (which I have activated for all programs and services). DEP does this automatically when some apps are not compatible. And only apps that are really not compatible, have triggered this on my machine up till now.
I have only the firewall and D+ installed (I have chosen maximum protection at install). Not the AV.
mattosaur4 Try disable D+… That will disable CIS BO protection and also all its program restrictions…
Works now? If not then the problem has nothing to do with CIS and we have to find the error elsewhere… If it works, then I think this problem has to do with CIS in a way or another(could be a simple misconfiguration)…
The problem is somewhere in Comodo; i tryed to unistall it, and sockscap works again; i reainstalled, and the error comes back. Disabling D+ or image execution doesn’t work, only totally unistalling Comodo works (or maybe also disactivating D+ totally, with system restart, i didn’t tried this).
EDIT: Disabling D+ totally (with system restart) works!! this mean that’s the problem is somewhere in D+; at least it’s a starting point.
Again, today i needed to use Freecap with an hosting program for Wc3, and i got this problem, via Freecap the program won’t neither start.
I tryed to disable D+ totally and of course it’s working now…
This conflict it’s a really serious bug and should be fixed; anyone maybe got a fix for this (other that disabling D+).
This is probably your program crashing and the crash causing the Windows DEP to be triggered. Defence+ might be causing the initial crash. Is anything blocked in the defence+ log?
There is drwtsn32 Accessing Memory targeting cmdagent.exe
The program logged this the first time i tryed to run the program from Freecap, but not the other times.
With respect to any program logged as attempting to access CmdAgent.exe memory (assuming it is a valid program):
Memory sharing issue.
Select Defense+/Advanced/Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit/Protection Settings.
Interprocess memory Access (Active Yes) select Modify/Add/Running processes.
Scroll down to locate the application. Click it and click “Select”.
Then just “Apply” to each window as you exit.
drwtsn32 is likely to be the result of the crash. Perhaps cmdagent.exe is crashing and causing the problem. It might be worth trying the new beta version 3.9.
I tryed your fix adding Freecap.exe to the exception list, but when i try to open the file via Freecap i’m still getting nothing; disabling totally Interprocess memory Access doesn’t work too.
Thanks for you help, i’ll try the new version when it will be released.
Did you check the system properties (right click on “my computer” -->go to "proprerties -->–>advanced -->advanced -->Data Execution Prevention and add an exception to it
Add the program to trusted apps in the comodo firewall
Since D.E.P. and comodo memory firewall are similar to each other, maybe their is some type of clash going on
I am using Comodo Firewall 5.4.189822.1355 and Sockscap 2.40 and also had the problem that Sockscap did not work properly.
When I tried to run Firefox via Sockscap I could see in Windows Task Manager that firefox.exe started but then disappeared immediately. I looked at the Sockscap logfile and noticed that this was the culprit:
So it seems to be some sort of injection problem. After finding this thread, I looked at the Defense+ settings and added an exclusion for firefox.exe and plugin-container.exe here:
Defense+ Settings → Execution Control Settings → Exclusions (next to Detect shellcode injections)
This works for me. You will have to add exclusions for all other browser plugins like Java though.
Are you guys trying to play WoW on a private server via LAN ?! If so… hmm… *raises eyebrow…
On my pc, CIS doesn’t get shutdown by DEP, it works fine. I use win xp pro sp3 32 bit.
P.S It is not recommended to use any software that asks you to turn off DEP or gets shutdown by DEP.