Comodo Firewall makes Windows 7 take ages for Logging off

Fresh install of Windows 7 Ultimate 64 Service Pack 1 on an i7 with 8GB ram.

Drivers installed, NOT connected to the net ever.

System images created along the way with Macrium Reflect, system running all fine and smooth.

Now of course the first software to install after Macrium Reflect for the system images is Comodo Firewall.

On this mint system I noticed that BEFORE the installation of Comodo Firewall the “Logging off…” takes mere seconds or no time but once the Comodo Firewall is installed it takes between 2 and 10 minutes.

No other software, antivirus or anything else besides Macrium Reflect for the system images has been installed and the system has never been connected to the net.

Using the default configuration for CFW.

Is this a know bug?

Using the latest version of CFW 7.0.317799.4142.

If I go back with a restore to an image before CFW was installed “Logging off…” again takes no time.

Happy to make a video and show this running inside Virtual Box for proof.

Can this get fixed somehow?

Many thanks for any help or info about this.

EDIT: Did test this a few times now and can 100% confirm that on a fresh installation of a “nuked from orbit” system Comodo Firewall will definitely delay the Logging off… process by minutes (5-10). I find this a situation that should get fixed with the next update. Imagine the waiting time when getting a new system up and running and every time you install new sofware that requires a restart you have to wait so long. Unsupportable full stop.

How and where do I file an official bug report for this please?

I experience this shutdown issue also on xp systems since fresh installing version 7 CIS. This happens whether it is in CIS mode or Firewall only mode. First of all, if I go to Start, Turn Off Computer, it takes the shut down option screen a long time to appear. Then, after clicking shut down, it takes the system maybe a minute or so to shut down, and intermittently, it will show (explorer.exe) cannot close message, before finally closing.

Now, After the shut down option screen appears, if I choose to standby mode, the systems will go straight into standby mode, and no (explorer.exe) error message.

And on another note, since installing Comodo version 7, I am also experiencing extremely slow load times using Firefox. If I use dragon, the speeds are much more sufficient.

If I uninstall the Comodo version (as per the complete uninstall suggestions listed in the forums), and restore the registry prior to the Comodo installation using a Erdnt backup I created, the system runs as if fresh, as well as Firefox runs like butter.

If it is true that the machine has NEVER been connected to the net, then that is the problem. I have found that when there is no internet connection present when you go to shut down the computer, the exact same delay occurs. If you are connected, shutdown proceeds normally.

If you are not trolling me here I have to strongly but very politely disagree. Imagine all the people using Windows without connecting to the net. There is countless systems running Windows that never connect to the net for various reasons. That would mean they all have to wait minutes for the machine to shut down or restart. This simply cannot be the case.

Proof is following. The new system indeed was so far NEVER connected to the net, neither via cable or wifi full stop. As I mentioned in my first post, BEFORE installing CFW it restarts, shuts down just “like butter”, no waiting time, nothing and STILL not being connected to the net.

If you experience long waiting times on a freshly installed system when not being connected to the net I would suggest you run a deep scan or do a full wipe. Then do check the hashes of your Win install disc to make sure you have an original untouched installation. Window$ in itself will not need to be connected to the net to run properly you can count on that.

Once Comodo is installed and has its claws deep inside the system it simply won’t let got, meaning it will take minutes, 1 to 10 or more, to shut down or restart. The interesting thing is that with every restart or shut down the time it will take to let go of the system varies. Sometimes this can be 1 minute, sometimes 10.

Again I can only confirm this bug. As stated the system was wiped with DBAN, full 8 or more hours, fresh install of Win 7 Ultimate SP1 64, hashes of the installation checked and verified with M$ hashes, so no tampered install disc, 100% the real Window$ deal. Then drivers installed from the machines manufacturer, those also all checked for their hashes etc. All running fine until the point where CFW gets onto it. Again besides CFW only Macrium Reflest free version got installed and with that Window$ restarts and shuts down just fine, no waiting time.

I am sure there is a solution to this, either purely with CFW or with CIS.

I am hereby very kindly asking Comodo software engineers to look into this. The issue can be replicated in any virtual environment, go ahead try it yourself.

There is no doubt CFW is a great product and I do enjoy using it quite a bit, but I do ask the people responsible for putting the software into production to give this scenario a full test and see for themselves. The issue can be easily replicated.

Where and how do I file a proper bug report for this in the forums please?

@wwwtap, thank you for confirming this. I guess you meant to type ERUNT backup? If I find some time in the coming days/weeks and this is still going on I will try and make a screencast so that people can actually see that this is really happening on a fresh install of Win 7 on a machine WITHOUT having connected to the net ever.

I’d like to state that I’m also experiencing this kind of long waiting times for Windows to shut down, running CIS v7.
Yet, I somehow feel that it may eventually have something to do with Defense+?

Kind regards, REBOL.

This is what I am currently testing using different settings for Defense Plus, I think at some point when Defense Plus was disabled the system would log off and shut down just fine.

I will post my findings shortly, just waiting for the system to, well… restart.

All fun aside, Defense Plus might have to do with it and if I find any setting that makes Win 7 (perhaps Win 8 as well??) log off and shut down faster I will be sure to post it here.

Isn’t it great to have your product tested and possibly find solutions by users instead of paying people to thoroughly check code before production? Yes, I still do like CFW very much, guess this is the price one pays for using free software.

Are there any people here that use the paid version and have the same issue?

Maybe setting HIPS to training mode before shutting down the next three times or so might cure this.

Let’s try that? :slight_smile:

Kind regards, REBOL.

No trolling, you just misunderstood. What I was saying was that when CIS is installed, if you attempt to shut down while not connected to the net, the delay issue occurs. If you are connected and CIS is installed, the system shuts down normally.

Of course, there is no issue with shutting down without a connection if CIS is not present and I never meant to say that there was. I can only guess that the issue is caused by the Comodo firewall drivers but that’s just a guess.

EDIT: It seems that the issue no longer exists. I just tried it by unplugging my Ethernet cable and then shutting down. There were no issues. When I had that problem it was a few years ago when I was first using the CIS 5.xxxx versions. It seems to not be a problem with v6 and 7. At least not with Win 8.1. I’ll try it now on my Windows 7 system and see if there’s an issue.

FURTHER UPDATE: No problems on the Win 7 machine either so you can disregard what previously caused an issue but no longer does.

The only other things I can think of are a system specific problem or just maybe CIS has to be installed with an internet connection active. The second one seems very likely to me.

Thank you for clearing that up concerning an offline Windows machine.

Try on a system that has never been connected to the net. There the issue persists with CIS. Once I have my virtual machines up and running I will test this thoroughly and possibly submit a few screencasts.

In your case it might work since you have already been connected to the net beforehand. So this might have triggered something that makes CIS allow Windows to shut down correctly.

However this should not be the case.

On a fresh mint system that is kept offline from start CIS will indeed delay the restart or shut down.

I will try and go the route with Defense Plus either turned off or in training mode, let’s see if that reaps any results.

I would try installing CIS while connected to the internet. I now strongly suspect that if there is no connection, the install process does not complete properly.

It is all due to Defense+.

-never online
-nuked drive
-mint OS
-mint drivers
-no other software installed
-CFW or CIS installed with Defense+ set to paranoid

When restarting or shutting down the system will hang itself or take ages to restart or shut down stopping at “Logging off…”

Setting Defense+ to any other setting except paranoid will let the system restart or shut down normally with no delay

I think Defense+ is waiting for the user to reply to alerts from services or processes that are used to restart or shut down Window$. Since the system UI is already gone at that point but the CFW or CIS service/processes are possibly running till every other M$ service/process is terminated the system will either hang itself or take ages to restart or shut down.

Permanent Fix:
Currently looking into what processes and services are needed and triggered when the system restarts or shuts down and will then try to add those to Defense+ making rules so that CIS/CFW actually allows Window$ to shut down or restart.

This is all still with never having connected to the net. I am absolutely not sure if connecting to the net and still having Defense+ set to paranoid would change this situation. IF connecting to the net can “fix” this issue with Defense+ not allowing the system to restart or shut down then indeed something has not been coded correctly with CFW/CIS. Why do I say this? Imagine the people that use CFW or CIS on a machine that is permanently offline. This would render CFW/CIS useless for such a use case.

You can help:
If you have a good clue about what services and processes are needed to run to either shut down or restart Windows please do let me know so that I can test a few rules for those services and processes with Defense+.

I doubt CIS or CFW rely on a connection to the net to install 100%. The install file one can download from the Comodo site is sufficient to install CIS/CFW correctly. If this is not the case then Comodo is deceiving us all what I doubt. Defense+ set to paranoid and not having rules for the shut down/restart procedure is the culprit. Perhaps these can be added to the default installation settings/configuration, or someone can help me find those.

The program might need to detect a connection in order to properly set up the firewall. That makes sense to me. It also might need it to set up the updating and cloud detection elements. It’s not that the installer is not complete and needs to download other elements, it’s that it has to configure itself during the installation.

I have a question here now. If the computer will be used strictly off line then why do you even need a firewall or an Internet Security suite which is what CIS is? I can understand the AV and Defense + if outside software is going to be introduced but why a firewall? Another thing is how the detection mechanisms will get updates.

Good question. Thing is at this stage in setting the system up no connection is needed, though later on this will be the case.

Wanted to harden it and get all the things I need running smooth, then when all that is done including clean OS images along the way I can finally connect to the net and not have to worry. At this stage the CFW will be needed.

Interesting food fo thought, saying CIS might need to a connection in oder to set itself up and configure itself.

I somehow doubt this since the firewall is running fine out of the box, network protocols have not changed and won’t change in the near future as I see it, so the fw part is fine I think.

Concerning updates and the cloud, those can be turned of in the configuration, not 100% sure but 99%.

Leaves us with Defense+.

Tell you what, since I already have a few clean images I will connect to the net with that machine and leave Defense+ set to paranoid and see if that changes anything concerning the restart/shut down situation.

From a logical point of view I am still kind of persuaded that Defense+ is somehow locking the system, so to speak giving alerts, waiting for the user but since the OS UI is already gone those replies never reach Defense+ and hence the long waiting time or freeze.

Keeping you posted…

That’s exactly what I’m thinking, TechnoSoul.
Still, it ain’t just “somehow” locking the system, but by intention, as you seem to acknowledge by describing your thoughts on what might happen when Windows is shutting down whilst Defense+ being set to “paranoid”. And that’s exactly how Defense+ should behave if set this way. At least in my opinion. :slight_smile:

Kind regards, REBOL.

Hence I need to find out how to set Defense+ rules to allow Windows to shut down or restart… Doing research here about this and will share new findings.

Setting HIPS to Safe Mode and enabling “creates rules for safe applications” does add rules for the log on process, however it does not add any for the log off process.

Basically C:\Windows\System32\nvwmi64.exe, C:\Windows\System32\lsm.exe, C:\Windows\System32\LogonUI.exe and C:\Windows\System32\nvvsvc.exe are added during the log off/shut down restart. When using Safe Mode the system shuts down and restarts just fine, even when being offline still!

However when going back to Paranoid Mode it does look like it needs more rules to properly restart and/or shut down.

Thought I could trick HIPS into making the proper rules for the log off process but it does not want to.

Any one have an idea what Windows processes are used to restart or shut down besides the above mentioned ones?

For W7 x 32 I posted rules needed here just need to check logs after each reboot.;msg687880#msg687880

Ok, thank you, I found the post but there seems some typo, no?

So to clear up, for shut down the following is needed:

Wininit.exe with access to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownFlags ?

Then LocalSecurityAuthority.Shutdown ? What comes here, this is the part that confuses me in your post?

Then LogonUI.exe with access to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked ?

To sum this up, I think with your help this will be sorted soon, many thanks!!! Please clarify the rules or perhaps how to make them, I think this would be a huge benefit to others using Paranoid Mode straight from the beginning.

Also I think it does not matter if a system as been online or not, Paranoid Mode just checks for those processes and those come with Windows be default, be it the system was on- or offline.

wininit.exe needs access to this registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownFlags

wininit.exe also needs access to COM interface LocalSecurityAuthority.Shutdown

wininit.exe needs to be able to start this process C:\Windows\System32\LogonUI.exe

LogonUI.exe needs access to this registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked

Please note you may not find the keys, you have to manually type the actual keys in.

You can do it online or offline whichever.

If you want to run CIS in Paranoid Mode you have to keep checking the logs until you find everything.

The real fun is trying to switch user in Paranoid mode, then in becomes a question of waiting and checking logs until you manage to access the other user account.

Please note the wait can be some time at first Hard shutdown is not advisable.