Just to check do you happen to have memory integrity core isolation enabled?
Never touched it. It’s off.
It is only for CIS as those are separate products, I wonder did your issues start when you installed these additional components? Have you tried just running CIS without secure shopping and ISE? Long shot but they could be somehow causing issues.
Well, I don’t have problems with CIS 11 and all components enabled, but who knows…
Haven’t tried v.12 without security essentials and secure shopping.
I have also had some issues where things lockup. MS Office won’t open, task manager won’t open, windows shutdown doesn’t work. Basically I have to do a reboot using the physical power button on the PC.
That problem also surfaced during the beta testing period.
Cool. Hopefully there are already working on it then. That and the really high peak memory for the one process are the only two issues I have found so far.
Without them telling me I know Comodo is interested in these of problems.
But they do need information from you and others hence why I am asking to produce a full memory dump when the problem occurs again. When setting your computer to be able to produce a full memory dump you need to make sure you have the pagefile enabled and set to automatic to make sure Windows is able to create the full dump.
A couple of others and I have submitted an issue during beta that happens on our system but may not show up in Comodo’s test environment:
In short, please produce a full memory dump to help Comodo improve CIS. Especially with a big version number jump with many improvements underneath the hood.
It looks like a specific of CCleaner work. Seems like it performs 3 requests per second. Please pay attention to the Destination IP field. In all cases destination IP addresses are different for a single second.
I just checked another application (Windows), the same result occurs
Source IP> Source Port> Destination IP> Destination Port
Repeated x times
On version 11 this does not happen
The logs show that dashost.exe is broadcasting to the local network. It probably tries several times when it gets blocked before it gives up.
Dashost.exe belongs to the PnP-X which extends Plug and Play in Windows starting from Vista. It looks for Universal Plug and Play devices on the network.
I would say, unless staff tells me otherwise, that you’re witnessing dashost.exe at work and not CIS logging one request multiple times. The fact that there is time in between the broadcasts also suggests that.
I can confirm extra logged events for blocked connects, it does seem to do 2 or 3 times the actual amount connection attempts. When changing the rule to allow and log, the correct number of allowed connects is logged. To check use nping from nmap.org/download which is available as a zip. Create a block and log rule for nping of destination port 80 and run the following command from a command prompt:
nping --tcp-connect -p 80 -c 3 google.comthe -c argument specifics the exact amount of connection attempts you want to make, it will honor that amount no matter what. You can use wiresharek to confirm, but only when you allow the connections.
It seems the blocking mechanism used in v12 is different than before in which it will silently drop packets, instead of forging TCP reset packets coming from the destination host. So you won’t see the packets show up in wireshark when you block outgoing connection requests. This change may be affecting the way CIS logs blocked connection attempts.
Edit: Added firewall logs of performing above mentioned check.
Thank EricJH,
The question I ask myself is why the same values repeated without modifications between the calls of connections?
Are not there redundancy?
Thank futuretech,
If this is new under v.12 Ok
But I will try to check the PID
I point out two problems that if resolved in my opinion would become the top of protection. Certainly missing a solid web protection and to protect yourself from fraudulent sites (phishing) you have to rely on third-party browser extensions. I also noticed that malware files present in USB sticks even if they are detected by the antivirus, are blocked but are not deleted and quarantined. They stay in the USB key and only if you do a scan they are deleted, so fix this bug. If you solve these two simple problems then it becomes the top of safety and prevention.
Thanks!
Nunzio.
Error “cmdhtml.dll wasn’t properly signed. Installation aborted” on Windows 7 32bit fresh install on VM Vmware
looking for download of 11.0.0.6802 offline as this version slows down my pc and spikes service interrupts that slows down everything. With it uninstalled the pc is fast and stable.
Can anyone help with download location
I am running this latest version with Firewall installed only on Windows 10 64, build version 1803. It is a clean install of Comodo Firewall.
Today, I checked Windows Task Scheduler.
There are 6 entries in Comodo folder, I suppose this is fine.
When I click on Task Scheduler Library, it shows 1 Comodo entry that is not in Comodo folder. The entry’s name is in random numbers, Author is Comodo, Staus is Ready and Last Scan Result has “The system cannot find the file specified.”
When I select the entry and check “Actions” below, it mention cistray.exe
Any info?
Hi, thanks for report.
6 entries in Comodo folder are OK.
As for other Comodo entry - it is task from previous CIS version, which was not removed during upgrade (I assume you’ve performed overinstall)
We will fix it in next version, it doesn’t affect protection and system stability.
Thanks a lot @23 , now I’m running perfectly again.