After updating Comodo Free Firewall from v6 to v184.108.40.20692 I noticed in Windows Event Viewer that System Event 11 was being warned for: “Custom dynamic link libraries are being loaded for every application”.
I could see that this started to occur immediately after the Comodo update.
This issue occurs in the Registry at HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows where LoadAppInit_DLLs is being set to 1. The strange thing is that AppInit_DLLs is blank (and so there aren’t any AppInit_DLLs to load). Setting LoadAppInit_DLLs to 0 overcomes the issue - but it should not be happening in the first place.
I’d noticed the same problem a couple of years ago (which was a short while after initially installing Comodo Free Firewall). At the time I did not make the connection, but I now suspect that Comodo was the cause back then.
Are you sure CIS sets this key? I have never seen this being set to 1 since CIS v3 which is the last version to use AppInt_DLLs for guard32.dll/guard64.dll. I guess you can uninstall CIS and set the value to 0, then install CIS again and see if the value gets changed to 1 again.
I had created an image immediately before updating Comodo Free Firewall. I restored the image and did the update again. After the mandatory restart as part of the update the “Custom dynamic link libraries are being loaded for every application” appeared. Wasn’t there before the update (hadn’t seen it for two years as I explained before). Can only conclude that it is Comodo causing this.
Recently updated Comodo Free FW from 220.127.116.1182 to 18.104.22.16862 (interestingly this did the updates in two phases – the second phase ran and restarted PC automatically after a requested user controlled restart of PC from first phase).
Looking at Event Logs (System Log) I noticed that, since the aforementioned update, at every boot I get: Warning, Wininit, EVENT ID 11, Custom dynamic link libraries are being loaded for every application.
But it is clearly still occurring and I get round it at HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows by setting LoadAppInit_DLLs back to 0 - checking first that AppInit_DLLs is actually blank (i.e. there really are no custom dynamic link libraries to be loaded, otherwise their names should be listed in AppInit_DLLs).
It’s not a big issue, but maybe it should (at long last) get sorted?
Just to be clear, in my case we are talking about what was a clean install of Win10x64 1909 with Comodo Free FW 22.214.171.12482 then installed (so no prior history of Comodo updates on the machine until the update to 126.96.36.19962). The Wininit event warning only cropped up from the point of the update of Comodo.