Hi,
after formatting and reinstalling o.s., I installed a week ago Comodo free firewall (version 8.2.0.4591) and after turning off the pc last night without problems, this morning I see that comodo’s icon do not appears in the tray and soon the whole system hangs, not allowing me to make any operation and having to brutally turn off.
I can access windows only in safe mode.
What I need to check to find out what happened and solve? (Apart uninstall comodo I guess :D). There are logs that I can see? The event viewer windows do not says anything and I would like to understand what happened to prevent it from happening again
some info:
Windows 7 Ultimate x64 SP1
on the PC is also installed avg antivirus 2015 free (I installed it a week ago AFTER comodo firewall but all has worked fine for a week
The firewall was set to “custom ruleset” and HIPS on “safe mode”
Quickly opening the task manager before system hangs, I can see cistray in the processes (but i can’t terminate it)
thanks
update********
In windows safe mode I started comodo firewall from start menu and it started in tray with a red icon with a “X”. When I open the interface it says that defense + is not working correctly and when I click on “fix” It says “installation failed” and “diagnostics has detected several errors and can not fix them automatically”
I don’ t know if those errors is because I’m on “safe mode”
Same error - Win 7 hangs, then Defense+ won’t start.
Ran self-test & update, doesn’t work, reboot got Desktop back re-ran test & D+ still won’t start.
Won’t fix itself.
Assume this is becos I updated yesterday. CIS says is is updated OK. But error report gives
Thanks for the reply EricJH.
After a lot of messing about I find
1 - a reinstall solves the issue
2 - after 3 reboots the issue returns
3 - my mobo software (Asus AI Suite) will no longer run, even if reinstalled clean - lots of very fast appear/disappear msgs that I can only manage to see the words COM interface on amongst about 5 lines of txt.
4 - diagnostics always fail [at]65-75% when the dos box flashes up.
The same error msg is always shown in the xml.
I did try clean installs but didn’t use the removal tool 0.3b as it says only up to v5.x
This has only occurred since the update for CIS which makes CIS W10 compatible.
I have found that when I uninstalled & reinstalled AI suite from a new package the number of reboots took me back to D+ locking the PC - so back to safe mode etc etc.
Really really annoying >:(
…maybe I should have started a new thread in D+ section?
When those messages are from CIS the D+ logs will show you what the alerts are about. They should however stay on the screen and not disappear quickly.
- 4 - diagnostics always fail [at]65-75% when the dos box flashes up.
The same error msg is always shown in the xml.
I did try clean installs but didn’t use the removal tool 0.3b as it says only up to v5.x
This has only occurred since the update for CIS which makes CIS W10 compatible.
I have found that when I uninstalled & reinstalled AI suite from a new package the number of reboots took me back to D+ locking the PC - so back to safe mode etc etc.
Really really annoying >:(
…maybe I should have started a new thread in D+ section?
It seems the AI suite is part of the problem. Can you see what happens when you add the installation folder of AI suite to the Exclusions of Detect shellcode injections?
Thanks EricJH
That is the way I am looking at it now too.
I have also emailed Asus & will see what they say.
I have found that one of the error codes given by AI Suite led me to a .Net file which may have become corrupt. I have reinstalled .Net 4.5.1 & am hoping that I can make some progress.
This latest CIS build is not being particularly friendly to many files. Files that I have whitelisted are being flagged as threats & I then have to add them to exclusions again.
Legitimate files from publishers I trust e.g. shell.exe from Graviteam, have also been isolated despite being on my whitelist & being widely sold on places like Steam.
Really do not understand why if I have gone thru the hassle of finding & whitelisting files CIS then blocks them & demands they be whitelisted again. – Unless it is possible for an attacker to alter the whitelist with a script or similar this seems rather unfair on the end users time.
CIS 5.x was far less of a problem in this regard - I could trust it to do what it was told & not cripple something at a critical moment costing me time & money. 88)
Please try my recommendation and see if it makes a difference or not. It’s an important step in trying to see what is going on.
I have found that one of the error codes given by AI Suite led me to a .Net file which [i]may[/i] have become corrupt. I have reinstalled .Net 4.5.1 & am hoping that I can make some progress.
On a side note and not pertinent for the corrupted fil, .Net 4.6.1 got recently released: http://filehippo.com/download_dotnet_framework_4/ .
This latest CIS build is not being particularly friendly to many files. Files that I have whitelisted are being flagged as threats & I then have to add them to exclusions [i]again[/i].
Legitimate files from publishers I trust e.g. shell.exe from Graviteam, have also been isolated despite being on my whitelist & being widely sold on places like Steam.
Really do not understand why if I have gone thru the hassle of finding & whitelisting files CIS then blocks them & demands they be whitelisted again. – Unless it is possible for an attacker to alter the whitelist with a script or similar this seems rather unfair on the end users time.
CIS 5.x was far less of a problem in this regard - I could trust it to do what it was told & not cripple something at a critical moment costing me time & money. 88)
When the publisher is not on the Trusted Software Vendor’s list and an individual executable is whitelisted then each time the executable gets updated it will get sandboxed until it gets white listed again. I think that the applications you are mentioning are updated with high frequency. Iirc Steam updates daily. In that case it is better to make HIPS rules for these executables rather than depend on the whitelist.
Hi EricJH
I am still in the loop of 3 reboots - def+ or FW locks the system; reboot to safe mode; disable either def+ or the FW; reboot uninstall/reinstall.
I have noticed since using the separate CIS cleaner/uninstall prog that now when Win locks during loading, the reboot to safemode shows FW not functioning; then when entering Win on next start, Def+ has failed to load.
I contacted Asus with the error msgs & just got a stock answer - reinstall - which I had told them I couldn’t do as it gave error msg when I tried…
So the mobo software is not installed at all now, so I can confirm it isn’t the problem.
Steam client may update daily, the .exe I mentioned doesn’t, it hasn’t been altered for months. I amm not auto-loading Steam on boot either.
Neverthelesss I am using the exclusions settings on the files which keep being flagged. This is why it is so annoying. I can see the files in the lists of settings, I have added some with wildcards & still they may be flagged. I have assumed that exporting my settings means ALL settings are saved but it doesn’t seem to be the case either.
I have tried installing CIS to a different dir to see if it is pathway / hd related but still 3 reboots & ■■■■.
The SSD is shown as A-OK by the diagnostics software I ran on it. 3% wear & 7+ years life at current usage rates.
Updated the .Net from your link. Then ran Win updates.
Did not uninstall CIS which had failed again.
Restarted to finish update & CIS is working again. Normally a reboot will not ‘reset’ it. This makes me wonder if it is/was entirely .Net?
Don’t especially want to wipe the boot drive & do totally clean OS install, but the 3 reboots thing is a nightmare & may be the only way to see what is causing this.
It takes days to reconfigure a system to the way it has been running after 12 months use…
I do not have any older disc images than the one I’m using so I can’t roll back 1-2 months to a time before this started.
I don’t know what to do now. What can I run to check things, CIS says the system is clean, I temporarily installed some other AV trails & they all said clean before I went back to CIS.
In Safe Mode the CIS drivers will not load. So when running diagnostics it will tell that the Status is failed. It is not that smart that it sees that Windows is in Safe Mode.
I contacted Asus with the error msgs & just got a stock answer - reinstall - which I had told them I couldn't do as it gave error msg when I tried....
So the mobo software is not installed at all now, so I can confirm it isn't the problem.
That's good to know.
Steam client may update daily, the .exe I mentioned doesn't, it hasn't been altered for months. I amm not auto-loading Steam on boot either.
Neverthelesss I [u]am[/u] using the exclusions settings on the files which keep being flagged. This is why it is so annoying. I can see the files in the lists of settings, I have added some with wildcards & still they [i]may[/i] be flagged. I have assumed that exporting my settings means ALL settings are saved but it doesn't seem to be the case either.
In what component of CIS are you excluding them?
I have tried installing CIS to a different dir to see if it is pathway / hd related but still 3 reboots & ■■■■.
The SSD is shown as A-OK by the diagnostics software I ran on it. 3% wear & 7+ years life at current usage rates.
Updated the .Net from your link. Then ran Win updates.
Did not uninstall CIS which had failed again.
Restarted to finish update & CIS is working again. Normally a reboot will not ‘reset’ it. This makes me wonder if it is/was entirely .Net?
CIS does not depend on .NET so I would not immediately troubleshoot that direction
Don't especially want to wipe the boot drive & do totally clean OS install, but the 3 reboots thing is a nightmare & may be the only way to see what is causing this.
It takes days to reconfigure a system to the way it has been running after 12 months use....
I do not have any older disc images than the one I'm using so I can't roll back 1-2 months to a time before this started.
I don’t know what to do now. What can I run to check things, CIS says the system is clean, I temporarily installed some other AV trails & they all said clean before I went back to CIS.
What is making CIS fail after three reboots is still a mystery. Can you check the Windows logs in Event Viewer and the CIS logs to see what happens when the going gets tough?
Hi EricJH
I have tried to run diag in normal mode - no change
I have nothing in Win Event logs other than the expected ‘system shut down unexpectedly’ msgs from the hard resets.
Exclusions in FW Def+ & AV (where fields allow.)
So Long story short
Things got worse & with time over Xmas I decided I’d wipe the drive & see what happened.
Memtest86 - no problems
Win7 install - no problems
Incident #1
Whilst setting up drivers & power management I decided to check BIOS APM settings.
Whilst there I decided to alter my RAM timings from 1866 to 1600.
Reboot & ■■■■ CIS hangs the PC.
Further tests revealed that despite using the correct XMP & voltages (that allow memtest86 to run error free) = CIS problems after rebooting @1866mhz.
I found that I am now safest at 1600 with CIS installed - no hangs after 10+ restarts. NB This RAM that has been manufactured to run at 1866 with no issues under test. Tested again with Memtest86 since OS rebuild & all OK.
It has been running @1866 for 12+ months & only since the CIS W10 update 8.2.0.4792 has this issue appeared.
Incident #2
Installed LG Dual Setup 2.7 CIS failed to load at all on reboot. Only disabling the LG software load allowed CIS to work.
Again I had had no problems with this software until the above mentioned CIS release.
Messed around a lot in the last 2-3 weeks & those were the only CIS / boot issues I could recreate. I can live without the LG prog at the moment, so that is off.
PC now behaves ‘‘normally’’ as far as I can see at the moment.
Guess I will have to buy different RAM & see how that goes.
Hopefully this info will help others avoid weeks of aggravation. :-\
