comodo keeps putting file in untrusted

Comdo has stopped a program opening. it puts it in untrusted files and i put in trusted. when i try again it goes back to untrusted. Even when i disable comodo with msconfig the program will not run

Before i get rid of comodo can someone tell me how to release the program

Does the file contain any non english characters

no. It is in unrecognised files and trusted files at the same time. If i remove from untrusted it goes back

Sounds like the program modifies itself during executing so the hash no longer matches the file hash in the trusted list. Are you using the Auto-Sandbox/Defense+? If the program has a digital signature and your sure it save, you could add the digital signature to the Trusted Vendor list.

Alternatively you can always submit the program to be white listed here:

why would it do that? i am using the sandbox but even if i disable it the program won’t run. Even i i set comodo to not start by msconfig the program will not run. Does comodo disable program in registry or somewhere else so it can stop the program even when itself is stopped?

Defense + logs says applications c:\windows\explorer.exe flags create process,block file

Does this mean explorer is being blocked from calling the file? If so where in comodo would i free it. i do not see explorer in untrusted files or anywhere else relevant

Sorry disabling in msconfig does not disable CIS, if there is a rule stopping a program it still will not run as the CIS drivers are still active.

Disabling the COMODO entry in msconfig only disabled the gui autolaunch, which is for creating, editing rules, popups and the widget. The actual protection and rule enforcement is carried out by the COMODO Internet Security Helper Service or ‘cmdagent.exe’. And the Sandbox is COMODO Virtual Service Manager or ‘cmdvirth.exe’ and is run on demand.

I don’t know why your making it harder then you have to to disable components to see what the problem is. If you left the gui operational you can turn of the Sandbox & Defense+ on the fly.

As to why the changing hash? It maybe the creator made it save settings internally instead of the registry/file system, which is common for portable apps.

even if the firewall does not run?. Is there any way to disable cis and drivers

I tried that and it would not run.I thought -wrongly - that stopping cis would free it. It is not a portable program

Delete them, and sorry you have to reboot aswell.

I usually use msconfig to stop the service and gui remove drivers and reboot before taking a image.

Before taking a image I replacing them back and reset msconfig.

Where do i delete them? Do you mean delete 'cmdagent.exe’and ‘cmdvirth.exe’?
And do they restore on reboot?

Before you delete driver let’s consider the problem may be in HIPS rules; that is assuming you have the HIPS enabled. Can you check the HIPS rule for explorer.exe if there is block for the program you’re trying to start.

They are three in the Windows/System32/Drivers folder just delete them, then restore them from the Recycle bin after reboot.

cmderd.sys cmdguard.sys cmdhlp.sys

Edit On my Vista x 32 system it has a Acer image system without removing these drivers (because I run Defense+ in Paranoid Mode) the image fails at 46% everytime.

I do not see any. is that %windir%\explorer.exe? Under actions it is all asks so it should ask rather than block?
HIPS is in training mode and there is no mention of the program.

Is deleteing and restoring drivers going to cause any problems?

[attachment deleted by admin]

Not the specific three I mentioned in my last post CIS may complain if you try running it without them, I did lose one cleared the Recycle bin by mistake.

Copied it from my Windows 7 did not like it offer program update and replaced it with the original one :slight_smile:

You may want to save them elsewhere up to you.

Edit Added the three drivers from last post cmderd.sys cmdguard.sys cmdhlp.sys

Did not work anyway. comodo has messed up a program again. since they refuse to fix it i am getting rid of comodo

What dies unrecognized mean exactly? Are all unrecognized files untrusted too?

Instead of deleting the drivers it’s better to rename them to prevent an accident like Dennis described. Be careful when renaming to .old or.bak when you use a clean up program that deletes those type of files…