Comodo CIS + Cisco Jabber = Crash [M2255]

I opened a bug report with Cisco, there is clearly a mismatch between these two products. I did some testing on a VM as well. If you install Jabber and then CIS the system will not initialize (no explorer). If you install CIS and then Jabber, then Jabber crashes and will not run. Please correct the issue. Thanks.

Try adding application to shellcode injections exclusions.

You nailed it, I added the directory where Jabber was installed to the exclusion list and it worked. Thanks!

Its still a bug and it would be helpful if you can supply Cisco bug ticket number or reference as I have reported the issue in Comodo bug tracker. It would help with Comodo to collaborate with Cisco. Thanks.

Bug 2255

I spoke to an engineer (I am a recent acquisition of Cisco) and he said they are doing a pretty common patching method used to override OS crash handling:

// Patch for SetUnhandledExceptionFilter
static const BYTE PatchBytes[5] = { 0x33, 0xC0, 0xC2, 0x04, 0x00 }; // XOR EAX,EAX; RET 4;

Jabber try to write the before bytes to the address of SetUnhandledExceptionFilter in kernel32.dll to make sure nobody else registers handlers for structured exceptions

According to the engineer this has been in the codebase since 2011. If you search for this code snippet on google, it seems quite common.

Interesting, but CIS doesn’t hook that function in either 32-bit or 64-bit applications so if an application wants to patch that function it should be able to without issue. But I’ve added this information in the tracker.

Comodo has asked for the Cisco Jabber installer for testing. You can send a link via PM to me or Umesh

Please check issue with

Please check with thanks.

Please check with Comodo Internet Security v10.0.1.6294 thank you.

Should be fixed with latest CIS version. Moving to resolved.