After updating Comodo Free Firewall from v6 to v8.2.0.4792 I noticed in Windows Event Viewer that System Event 11 was being warned for: “Custom dynamic link libraries are being loaded for every application”.
I could see that this started to occur immediately after the Comodo update.
This issue occurs in the Registry at HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows where LoadAppInit_DLLs is being set to 1. The strange thing is that AppInit_DLLs is blank (and so there aren’t any AppInit_DLLs to load). Setting LoadAppInit_DLLs to 0 overcomes the issue - but it should not be happening in the first place.
I’d noticed the same problem a couple of years ago (which was a short while after initially installing Comodo Free Firewall). At the time I did not make the connection, but I now suspect that Comodo was the cause back then.
Are you sure CIS sets this key? I have never seen this being set to 1 since CIS v3 which is the last version to use AppInt_DLLs for guard32.dll/guard64.dll. I guess you can uninstall CIS and set the value to 0, then install CIS again and see if the value gets changed to 1 again.
I had created an image immediately before updating Comodo Free Firewall. I restored the image and did the update again. After the mandatory restart as part of the update the “Custom dynamic link libraries are being loaded for every application” appeared. Wasn’t there before the update (hadn’t seen it for two years as I explained before). Can only conclude that it is Comodo causing this.
Recently updated Comodo Free FW from 12.0.0.6882 to 12.2.2.7062 (interestingly this did the updates in two phases – the second phase ran and restarted PC automatically after a requested user controlled restart of PC from first phase).
Looking at Event Logs (System Log) I noticed that, since the aforementioned update, at every boot I get: Warning, Wininit, EVENT ID 11, Custom dynamic link libraries are being loaded for every application.
But it is clearly still occurring and I get round it at HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Windows by setting LoadAppInit_DLLs back to 0 - checking first that AppInit_DLLs is actually blank (i.e. there really are no custom dynamic link libraries to be loaded, otherwise their names should be listed in AppInit_DLLs).
It’s not a big issue, but maybe it should (at long last) get sorted?
I’m using Windows 7 Ultimate 64-bit (clean install with all MS-updates) and currently running CIS V5.12 on it.
I’ve checked the keys on my system and they are set as follows:
AppInit_DLLs = <blank/empty>
LoadAppInit_DLLs = 0
So at least for CIS V5.12 those keys are not in use anymore as futuretech already mentioned.
Just to be clear, in my case we are talking about what was a clean install of Win10x64 1909 with Comodo Free FW 12.0.0.6882 then installed (so no prior history of Comodo updates on the machine until the update to 12.2.2.7062). The Wininit event warning only cropped up from the point of the update of Comodo.