Comodo Firewall (guard64.dll): Event ID 11 Wininit. [NBZ]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

Event ID 11 Wininit
In event viewer I have “Event ID 11 Wininit” and the following:

“Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications”

The bug/issue

  1. What you did: Install Firewall on clean Win7 system, and check event viewer.
  2. What actually happened or you actually saw: Event ID 11 in the event viewer.
  3. What you expected to happen or see: Nothing.
  4. How you tried to fix it & what happened: Google, found what does seem to cause this issue.
  5. If its an application compatibility problem have you tried the application fixes here?: NA.
  6. Details & exact version of any application (execpt CIS) involved with download link: Windows 7 x64.
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: Re-Boot Windows and it happens again.
  8. Any other information (eg your guess regarding the cause, with reasons): Microsoft has given info on this issue ( http://download.microsoft.com/download/7/E/7/7E7662CF-CBEA-470B-A97E-CE7CE0D98DC2/AppInit_Win7.docx ), I can see that the file (guard64.dll) is actually signed, Win7 does not seem to think so.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: http://windows7forums.com/attachments/windows-7-support/5247d1265651586-event-id-11-wininit-capture-png
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: None (there is no error in CIS/FW).
  3. A CIS config report or file. NA.
  4. Crash or freeze dump file: NA.

Your set-up

  1. CIS version, AV database version & configuration used: Comodo Firewall Version: 5.3.174622.1216, AV = NA, default.
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: Na.
  3. a) Have you imported a config from a previous version of CIS: No.
    b) if so, have U tried a standard config (without losing settings - if not please do)?: Yes, that’s all I tried.
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): None.
  5. Defense+, Sandbox, Firewall & AV security levels: D+ = disabled, Sandbox = disabled, Firewall = Costum Policy, AV = NA.
  6. OS version, service pack, number of bits, UAC setting, & account type: Win7 Ultimate x64, UAC = no warning/disabled, admin account.
  7. Other security and utility software installed: Avast Home 5.1.889.
  8. Virtual machine used (Please do NOT use Virtual box): NA, live system.

Moded as requested.

Thanks in advance

Vincent

2

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Dennis

3

Thank you for your bug report in the required format.

Moved to verified.

Thank you

Dennis

4

Would be nice if this incidence would get resolved, since the event logger throws this as a warning upon every system reboot (regarding guard64.exe) for quite some time now.

5

I’ve tripped-across this one often enough now that I SHOULD be able to ignore it, but it remains an annoyance for sure.

Is there no easy way to get Windows to see guard64.dll as “trusted” or othewise make the log entries go away?

6

This Warning message is caused by LoadAppInit_DLLs being set to 1 in the Registry. Please see this thread->Redirecting for an explanation that is similar. The difference is that CIS is does have an entry for AppInit_DLLs. Testing on a VM (VMware Player) comfirms that turning off the LoadAppInit_DLLs does stop the warning message. The problem for me is that I do not know if this adversely effects CIS. After turning it off I still see plenty of Guard32 and Guard64 DLLs present on a Process Explorer DLL display. Is it OK to turn off this bit in the Registry? If so, then Comodo should not leave it set. Thanks and enjoy, john.

7

The underlying issue has been resolved by Egemen, as described in this thread.