Comodo Defense+ behavior blocker.....

Hi, I have been using comodo firewall for years. Im having a small issue with it. Ill explain.

I have an Asus Xonar D2 sound card, the drivers run a program called asusaudiocenter.exe at startup. It seems that comodo is blocking it no matter what I try. It first detects it as unrecognized and places it as limited sandbox application, I even specified to treat it as good and unlimited. Yet everytime I reboot upon startup it loads, I see the tray icon and then about 4 seconds later it closes again, I have to manually click on desktop icon to get it running again. If I turn off “auto sandbox unrecognized applications” it works fine.

So far I have edited custom ruleset and even included the entires Asus folder that contains this exe and the other ones that load with it such as HSmgr exes. There must be another exe or dll that is being blocked, I suspect some sort of hook being made that comodo is not alerting me of.

Any ideas to help me out with this?

Thank you ahead of time.

There are three startup components to the ASUS soundcards, but only two of these are listed as being autorun (with the AsusAudioCenter.exe being started by the CPL). ASUS also creates a CPL startup entry, that whilst functional, is somewhat ugly and can have some strange folders under Windows (depending on the ASUS driver package used). Start-up entries are…

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run …

"C:\Windows\system\HsMgr.exe Envoke"
"RunDll32 cmicnfgp.cpl,CMICtrlWnd"

However it’s been awhile since I’ve run either ASUS’s standard audio driver package (I now use the community unified drivers, which are better and updated more frequently) or CIS 5.12 (CIS 6 doesn’t seem to have this issue). But, all of ASUS’s components need to be listed in the trusted files list (not all of these components might be apparent depending on the ASUS driver package being used)… check CIS’s Defense+ log to see which ASUS components are being detected by CIS and add each one to the trusted files list to avoid them being sandboxed.

Thanks that did the trick, took me a while to set it up right, it was the cmicnfgp.cpl file being sandboxed. Had to set it to windows system application in rules, I also added it too exceptions and trusted files. Didn’t realize the logs had all that info. I still have one more issue with ati catalyst control center. I tried the same thing with CLIstart.exe since I wasn’t seeing a tray icon at boot. Well I got it to boot with the ccc tray icon, thing is if I close it and repopen it, it wont appear again, ccc does open and I can change video card settings but no tray. Its probably no big deal since the changing settings still works but I want it working flawlessly hehe.
Any ideas? I tried adding both 64bit and 32 bit ati folders to trusted files but still no difference.

I have never seen anything in my tray for CCC when using any security suite, Norton, Avast, or Comodo. My understanding has always been that the startup item only makes CCC open faster when you right click on the desktop and choose it from the context menu.

Sorry, I don’t have CCC. I’ll need to check with someone that does.

Does the D+ log reveal anything about CCC?

Yeah it was showing mmloaddrv.exe and CLIstar.exe, I added both to rules, exceptions and trusted files, still no icon

Are the two of you on Windows 7 x64? That has a bug where it is not showing all systray icons.

Poci. Can you see if mom.exe (mother) and ccc.exe are running and not being sandboxed?

Yeah MOM.exe is allowed to run.

Running Win 8 x64

And ccc.exe is running under mom.exe and is not getting sandboxed?

Can you double check that Enable System tray menu option is enabled in CCC?

I have never seen the CCC icon in the system tray with any version of Windows running any security suite since the Catalyst drivers first started. I have always used ATI/AMD video cards since 1999.

I checked with a friend concerning ATI’s CCC systray icon, but apparently his works fine (with CIS) under Vista x32 and, not unsurprisingly I guess, he was not aware of such issues previously.

Of course, that was just one guy and Dch48 does seem to have the greater experience on this issue.

I have had it visible throughout the years over various versions of Windows. You need to enable to show the systray icon in Catalyst Control Center. It is does not show when set to show there is a bug.

I certainly have it enabled, its enabled by default, I always see it there. And it will indeed show up at boot.
Only when I close CCC.exe for example which is recommened during gaming to free up cpu cycles. Well when I reopen it manually I get no icon, its only showing up at startup like I said. I know it should appear everytime I run CCC.

When you start up CCC after you ran a game can you confirm it does not get sandboxed?

How do you close CCC? From the systray or by killing it with task manager or similar tool?