Dear all,
I am running COMODO Firewall last version. It is making windows updates on two machines fail with error: 0x80070005! That never happened to me in the past, and has happened for March Windows cumulative update. It is due to the firewall module (HIPS are disabled on my machines).
After turning off the firewall, the update runs flawlessly
Do the firewall logs show anything useful?
To be honest no, on my laptop I only have svchost.exe blocked yesterday by the firewall, but the rest does not seem related at all to windows update. On one machine I had to simply disable the firewall component to install updates, while on the other I had to fully uninstall the product.
I am using the latest comodo firewall version downloaded from personalfirewall dot comodo dot com, the issue has shown on 2 machines so I think it is present anywhere now
Are both machines on the same version of Windows?
Yes both running windows 11 24H2. Anyone with the same issue?
I confirm the issue is present, and COMODO is blocking all windows updates. I am using the proactive security configuration with sligth modifications (HIPS off, removed the “do not check the following folders” check from containment settings, using “containment” to block by default instead of run virtually). Have been using COMODO for around 10 years with the same configuration and had no issue at all.
By the way, why this forum indicates “COMODO Firewall” as a discontinued product? Has the firewall suite been discontinued and only the full internet security suite is now supported?
The board was closed in 2008 and since CAV and CF both are included under the banner of CIS, it was move at some point to Discontinued Products but I haven’t heard anything about the Firewall element being discontinued.
Have you tried removing Windows Sockets Interface from the HIPS protected objects as described in my post in January? Not sure if it’d be related to the update issue or not as that was just for allowing internet connection with contained apps but worth a try.
I have read the related post. Why that element has an impact even if HIPS is disabled? What is it related to?
I will try that soon. Thank you
That’s great that comodo firewall was not discontinued
There was a containment bypass fix but it may have been overkill as described in this post.. It’s been a minute so I can’t recall why it’s still affected with HIPS disabled.
I’ve only just had my laptop back from being repaired (a display cable got pinched) so haven’t put CIS back on it yet as I did a fresh install of Win 11 and haven’t had the chance to see if I can reproduce at this end.
Was that bypass related to what cruelsister1 described in her video some months ago? Anyway it is now fixed?
Related to the update topic - I hope someone running Win 11 24H2 can provide us feedback.
I am on windows 11 pro anyway
Yes, that bypass which was just an elevated privileges issue and subsequently fixed.
Must be something to do with a recent windows update but I’ll have a look when I get a minute.
Doing a quite test with CF. I don’t have any issue with windows updates. I do have a Allow in Svchost rule which was created when prompted with pop-up as Proactive configuration is “Alert Incoming” for stealth ports by default.
There is the Sectigo Untrusted Certificate when I did a rating scan which I think has been an issue previously but I’ve just ignored it for now.
Anyway, not having the Update issue that others are having. Setup is @cruelsister configuration as I like a set and forget. Will see if there’s any issues in the coming days.
For info - I do have the small number now for websites database. Was 1 and with update 10 but web protection only ever worked with earlier Firefox versions and iexplorer for me so not that bothered and SmartScreen or Google’s safe browsing or an extension are more likely to block a bad site.
Windows Build and CF version:
I actually run comodo with Cruelsister settings, but I set the containment to “block and quarantine” instead of “run restricted”. I also have the old settings, so related to elevated privilegies, I set “Do not show pop-up alerts” to “block” instead.
Apart from that, the config is the same. I did not allow svchost as I set the firewall to block by default.
I will try to reinstall comodo from zero and make the configuration from scratch (I think I do not have the new setting from HIPS you showed me before, as I made this config a lot of time ago and keep importing that, so I want to have that too).
Sometimes COMODO just gets bugged, it used to quarantine new versions of Chrome/Firefox in my case in the past.
The update problem showed up on two machines, first for an optional february update and then for the cumulative march update. Windows update reported it was failing with some error and the installation could not complete
I have reinstalled & recreated from scratch COMODO and its config. I will update you whether the update problem persists. If you do not receive any update, consider the issue as solved
Updates keep failing. Tested on two machines. If helpful and if it does not contain personal data, I can share my COMODO configuration file here.
Update: I whitelisted:
svchost.exe
MpDefenderCoreService.exe (in Windows Defender/Platform folder)
LMS.exe (in driver store/file repository folder)
that were mistakely blocked by the firewall and the update went through. So it has something to do with the firewall.
But on the other machine only MpDefenderCoreService is reported as blocked by the firewall, not the other two, and updated don’t work. MpDefenderCoreService does not seem related to traditional windows updates, so that’s strange
Hi TheMalwareMaster,
Thank you for reporting.
We are checking on this.
Thanks
C.O.M.O.D.O RT
Thank you. An update: on the other machine I had to fully remove COMODO, otherwise the update would not run, even with firewall disabled. So it’s not so clear to me if it’s a firewall issue or the entire product makes some kind of conflict.
Please let me know if you need me to upload my COMODO configuration
