Hi delscom_5511,
Thank you for reporting.
guard64.dll is used to check other injections. It is expected behavior, such error can appear in this process and is not an issue.
@EricCryptid Thank you for supporting.
Thanks
C.O.M.O.D.O RT
Hi delscom_5511,
Thank you for reporting.
guard64.dll is used to check other injections. It is expected behavior, such error can appear in this process and is not an issue.
@EricCryptid Thank you for supporting.
Thanks
C.O.M.O.D.O RT
I have also error in Event Manager/ And I see Microsoft Recomendation to use view application and service log/Microsoft/Windows/CodeIntegrity/Operational where I see
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
with code 3004
Me version Comodo is 12, 3, 3, 8140 with Updates.
I also have Ahn3Lab Antivirus ver. 3 Lite/ It also give Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AhnLab\V3Lite40\AMSI\AMSI0001\v3amsi64.dll that did not meet the Windows signing level requirements. with code 3033.
Windows 11 23H2 22631.3810/ Samsung NVME SSD 970 Evo (best chek) for HarddiskVolume3. My PC is new (january 2024) Gigabyte Aorus Elite AX ver. 2 with AM5 7500f and 32 Gb (2x16) Samsung chip memory with freq. 6000MHz.
Hi,
Thanks to those who replied to my previous posts.This will be my last post on the subject of CIS aborted scans and crash reports. Yesterday I ran a full scan and individual scans on each of my 4 drives with no problems. I had made no changes at all to CIS settings and no changes at all to the system. (I have been doing this just to test). Later in the day I thought I would make one final full scan. The operating system crashed. There was no info about it in the CIS logs. Windows created a crash dump file. I will not send it as Iâm sure itâs too large for Comodo to spend the time going through it.
I know that many of the errors and warnings in the windows event logs are of no great importance but came across one which I thought I would post (see below).
Finally I have seen on one of the Comodo CIS download pages that it is compatable with Windows 7,8 and 10 - Why no Windows 11?
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: DESKTOP-8EFDEA9$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 9
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC0000022
Sub Status: 0x0
Process Information:
Caller Process ID: 0x1288
Caller Process Name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
is mrtrout even from comodo staff/devos/coder/moderator? seems like to be just a user, what is going on here was comodo forum again âhxdâ by mad IvanZ?
mrtrout is not a staff, dev or mod (See that I have a shield icon next to my name). Iâm not around as much as Iâd like at the moment and havenât had time to test out your League /TF2 issue. Some games have had issue with shell code injection protection with games so try adding those games as exceptions in the settings under Advanced protection/Miscellaneous
Hi jogladik,
We do not recommend customers to use several security software simultaneously as it causes many issues.
Kindly disable the other security software and check.
FYI: guard64.dll is used to check other injections. It is expected behavior, such error can appear in this process and is not an issue.
Thanks
C.O.M.O.D.O RT
another bug, I uploaded even all files and also the 513 unknown filles show in the widged, but no list of submittaed data/flies are shownâŚ
Hi Frustrated_User1,
Thank you for reporting.
Are you using any other security software other than CIS ?
Thanks
C.O.M.O.D.O RT
Hi C.O.M.O.D.O_RT,
yeah I do, but listen even in the 2nd beta it still worked with my other Secsoft, even previouses cis versions worked with my other Secsos, are you trying to say that the cis 2025 now makes problems because of the other âsesosâ, well that would be for me a downgrade instead of an upgrade.
all good I managed it to solve it, but dont ask me what exactly Idid, I tried so much that now I canât tell what it solved itâŚ
Due to the delay, I believe it is a problem with the COMODO cloud. the valkyrie must be slow to respond.
Valkyrie works fast again
The maximum size that Valkyrie supports is 150MB.
You have to go to the topic here on the forum and ask them to put it on the white list. link below:
The files will be analyzed by the team and they will give a verdict.
well the files are under 150mb, other files get uploaded but those(in picture)doesnt. tbh I ddnt looked the error code till yet up. maybe one of the mods/devos xould make a statement/reply in regard of it
I think itâs something to do with an error connecting to the server uploading the files but Iâm not 100% sure, the devs @ilgaz or @C.O.M.O.D.O_RT may provide the answer. Sometimes no issues with uploading, other times there is an error but I generally just let CIS/CF do it in the background and just check the list every few days.
Thatâs all well and good, but as long as Microsoft Defender, McAffee and Norton continue being the most commonly used AVs I donât think very many others are going to change into whitelisting apps, despite how much safer it would make everything.
By the way, Comodo/Xcitium is still extremely vulnerable to malicious users.
A malicious user doesnât always have malicious intentions, sometimes a malicious user is just one of those idiots that will blindly click allow on everything until it shuts up.
Comodo and probably Xicitium as well will give the user yes/no/sandbox alerts sometimes even if you have all of the stuff you can change set to auto-block.
If you disable cloud lookup, it wonât auto-block and terminate things that are found malicious. It will instead pop up with a perfect opportunity for a malicious user to allow malware to run.
I really think Xicitium/comodo needs to un-grey that setting when the cloud lookup is turned off.
Why do I keep the cloud lookup turned off? Because you guys have a long history of whitelisting PUPs and other bloatware and youâre also very slow to remove compromised vendors from the whitelist.
for me its turned on and all unknown files are subbmited to Valkyrie and the verdict comes really fast