Hi,
I would like to ask you. I use latest w10 64b, latest Comodo FW. But when I look to Security center there is a problem. PLease have look at the attachment.
Thank you for your help.
It’s common for all third party firewalls, they take control over Windows default firewall and set it off.
Now you’re protected by Comodo firewall. If you do not turn it off namually 
(A nebo se něco nepodělá, mě to štvalo tak, že jsem to odinstaloval a používám už jen TinyWall)
It is not common for third party FW. I use Kaspersky on another PC and there is no problem.
I have updated to win 10 creators version and now have this problem on both my pc and laptop, did not have this before upgrade, is a fix in progress? >:(
Hi,
I have still the same problem. I add here new question today, it was somewhere I cannot find it. The problem is still the same in nwewest CF version.
And there is somethinf wrong in event viewer.
- - 1000 2 100 0x80000000000000 9432 Application DESKTOP-1R118O8 - cmdagent.exe 10.0.1.6294 59a48eea recognizerCryptolocker.dll 1.7.0.42 594bc537 c0000409 0000000000019693 38a4 01d3230b79206d26 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizerCryptolocker.dll 396fb98c-bbda-427a-9348-1610deb860e3
I keep getting this error every about 250 minutes. Something with recognizercryptolocekr.dll from Comodo.
The CF turns OFF and goes ON in a while.
CFW does not get registered with windows defender security center like it does with windows security center (security and maintenance in control panel). But it is fine that windows firewall is turned off if you are have CFW enabled.
For your events with recognizercryptoplocker.dll check for memory dumps in C:\ProgramData\Comodo\CisDumps folder.
Should I put the dump here?
CF is surely off for a while or Windows switch is off. I do not know. But I know it allows programmes that I have blocked on the internet.
You may need to upload the dump to a file sharing site as it will be too big to attach. So just provide link to dump.
I think there is some big problem. Please have look at the screen. Which one should I send you? Please have look at the dates of files…
Can you try a clean re-install following this guide here? I don’t know what is causing the issue but it might clear up on a clean install. Also do you know what you’re doing when it happens such as running applications? In VirusScope settings do you have monitor only the applications running in containment enabled or disabled?
Thank you for your reply. I am sorry but I do not understand you very well. So please can you explain it to me?
-
What clean installation do you mean? Comodo or Windows? If Comodo, please provide me the link. I did factory reset of Windows 10.
-
I do nothing special. I use Chrome, Skype, Photoshop, Outlook. I do not know when it appears, it just appears suddenly.
-
I do not know if it has anything in common with virusscope. I noticed the problem with virusscope in problem can be with when I looked to event viewer. For the settings please have look at the attachment.
Clean uninstall of comodo. Uninstall Comodo normally then after the required reboot, run this removal tool by run as an administrator. Reboot and install CIS using the installer available from the release topic here. Then after the required reboot after installing, run a program update using the update task under general tasks in CIS to get the newest recognizer. Then make sure you have the same viruscope setting as you have shown in your screenshot. Then use your computer for awhile to see if you get anymore errors in event viewer or memory dumps in the CisDumps folder.
OK, thank you for your help. I will do it and then let you know.
I tried it and there is still the same errors. Recognizer is still the same as earlier. CISDUMP is empty after about 30 minutes from CF installing.
For example:
- - 16 2 0 0x80000000000000 9837 Application - SECURITY_PRODUCT_STATE_ON 02000000
or
- - 16 2 0 0x80000000000000 9834 Application - SECURITY_PRODUCT_STATE_SNOOZED 02000000
These are not errors but more of an information event about the state of CIS being on or off as tracked by windows security center. Look out for error that point to cmdagent.exe and recognizercryptolocker.dll that you have shown before.
OK, I will wait and then let you know.
The problem is back and file in folder CISDUMP too:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-09-03T05:15:28.061825600Z" />
<EventRecordID>9879</EventRecordID>
<Channel>Application</Channel>
<Computer></Computer>
<Security />
</System>
- <EventData>
<Data>cmdagent.exe</Data>
<Data>10.0.1.6294</Data>
<Data>59a48eea</Data>
<Data>recognizerCryptolocker.dll</Data>
<Data>1.7.0.42</Data>
<Data>594bc537</Data>
<Data>c0000409</Data>
<Data>0000000000019693</Data>
<Data>bf8</Data>
<Data>01d32419882a3e00</Data>
<Data>C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe</Data>
<Data>C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizerCryptolocker.dll</Data>
<Data>819a5ebe-1f7f-4478-917e-7626204601ef</Data>
<Data />
<Data />
</EventData>
</Event>
Ok first disable virusscope, then open the cisdump folder and delete all but the most recent dump, then run and save a diagnostic report which will contain the memory dump so you need to upload the saved diagnostic to a file sharing site and share the link again. I have already mentioned your issue to umesh but I will also submit a new bug report with your diagnostic report to comodo so they can figure out what is wrong and fix the issue.
Keep virusscope disabled so that you wont experience the errors and cmdagent wont crash anymore until a proper fix can be made.
OK. I got this error only 1 times since morning. It does not matter so much when I get error. But I mind the Comodo turns OFF itself. I have no CISDUMP file since morning.
Here is a link for report. MEGA