Edit by moderator:
Please report bugs for Comodo Memory Guardian Beta v1.0.1.6 in this thread. Also tell which operating system you are using!
I ran “megui.exe”, but the program didn’t work and a process “cvtres.exe” made my CPU usage to 100%. When I used CMG 1.0.1.5, there was no problem with this software. :THNK
Here is a link of MeGUI :SMLR
http://mirror01.x264.nl/x264/megui-0.2.6.1012.exe
Hi
Possible bug/clash with DropMyRights.exe
Installed Comodo Memory Guardian ver 1.0.1.6 on WinXP SP2 +all updates and immediately had issues of around 50% CPU usage with “DropMyRights”, which I use for both Firefox and IE web browsing. Adding DropMyRights.exe to CMG allow list made no difference. Neither, did a reboot.
CMG Ver 1.0.1.5 had no problems with this program.
Other than this, all seems to be running well at this moment, especially with BOClean.
Please move this topic into a “Comodo Memory Guardian Beta v1.0.1.6 Bug Reports topic” when one becomes available.
Thanks
Hi, I’ve downloaded DropMyRights, tested, no bugs noticed… testin’ more…
I’ve installed the official version of MeGUI, no bugs found… Updated it - the same, I’ll test it more mate…
I agree with Tyler…I use DropMyRights for Firefox and have NOT had any issues with either version of CMG. Also I have NOT had any clashes with CBOclean using CMG v 1.0.1.6 beta… Time will tell…
Hi
Thanks for the feedback.
Will check out my system further to see what’s occurring.
When cmgs32.exe service is running, I get a crash each time I try to launch Joost 1.0 Beta. Everything goes fine if I kill the process.
A game which has a gameguard can’t work if I use Comodo Memory Guardian Beta v1.0.1.6 , but it can work well with Comodo Memory Guardian Beta v1.0.1.5 .
http://kart.nexon.net/ , that is the address of the game in English . I don’t know whether the english and chinese version have the same gameguard , if they have same one , the english version will not work too .
Problem with .NET Framework 2.0 on Vista 32-bit. Upon installing MG a process C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe does not close and uses 100% CPU. Additionally, the ATI display driver tray icon(ATI drivers are created on .NET Framework 2.0) does not start. Cvtres.exe may be renamed or deleted to prevent this problem, and the ATI icon will then start properly. However, the custom display gamma/brightness/contrast that applies at startup no longer takes place. The only solution is to uninstall MG.
seems to have a conflict issue with joost tv program. joost reported errors when cmg installed. tried reinstalling and updating joost to no avail. uninstalled cmg and reinstalled joost-no issues.
kitt. :-\
Hey Tyler 
I have no real bug to report ( CMG works fine ) but just something that “happened” a few days ago.
[08-11-2007 02:02:14 PM] process: C:\WINDOWS\explorer.exe attack type: buffer overflow address: 0x0007F600 memory type: stack action: allow
I think it is a little bit strange ( or maybe I am wrong 
), so I report it to you
Greetz, Red.
Heh, yep, it’s not seems like a false alert as soon as it’s buffer overflow (not ret2libc) and memory is really looks like stack… Don’t know if “allow” was a good idea. Where’ve you been with this explorer ? It look like .ani cursor exploit activity (though I saw the only one modification of such exploit with shellcode within the cursor’s file itself and it was made by me for internal use). The release version of CMG will inlcude loggin’ stack pages so such alerts will be more clear to me.
Hi,
At the end of install, i could run all test, however, after these (i closed that window and maybe less than 1 min) explorer.exe caused a 100% cpu usage and i couldn’t kill it. I’ve tried to run taskmanager with the Ctrl-Shift-Esc buttons but it seems i just wasn’t able to terminate it.
I pressed reset cause i found no other way to get back to my system. After the log on i tried to run the guard asap and i got this error message:
Title: Error starting Comodo Memory Guardian
Error: Can not create LPC port, CMG is allready running ?
Description: Object name already in use (translated text)
Code: 0xC0000035
It’s right, i found the little chief icon on the tray, but i dont know if this is normal or it should just open the program anyway (what would be a much wiser idea). Now the seems to run fine, is that a tester or 1st timne issue?
Applications on this system:
Windows blinds 5(5.51 (build97 x86) - shareware)
CPF 2.4
UpdateStar (checking program updates)
C-media 3d application (for sound card)
LogMeIn (remote admin)
Live MSN messenger
OpenOffice 2.3
Time Zone 2.1.21.0 (Microsoft utility), TweakUI, Bootvis
The Dude (network mapping utility)
Total Commander
ClamWin AV
XPSP2 hun+latest patches, .net 3.0, c++ 2005, msxml 4.0sp2, msxml parser 6.0
User with admin rights.
I downloaded DepTest.exe from:
https://www.sys-manage.com/PRODUCTS/BufferShield/DEPcomparison/tabid/186/Default.aspx
When I run it (with all other security apps turned off), CMG fails all tests and nothing appears in the attacks log.
Why does CMG fail these tests?
I didn’t do anything “strange” 
I was surfing some familiar websites/forums, and was working with familiar software. I was sure that there was no security risk, that’s why I allowed it ( just once ). If it happens again I won’t allow it, and give you a more detailed report
Greetz, Red.
Why does CMG fail these tests?CMG is not a DEP emulator and not makes your stack unexecutable, it protects you from the real shellcodes, not the simple tests.
I’m quite confident that the answesr will both be yes but I’ll ask anyway
Does this mean that the application stack test is not a ret2libc but actual executable code?
Does this mean that this Proof of concept is actually not using any Buffer Overflow?
Thanks gibran,
exactly the questions I would like to be answered.
From what I’ve understood sys-manage BufferShield provide an alternate support to Hardware based DEP because MS provided a way to disable this protection from within a program.
This decision was made in order to improve compatibility. Windows can still use a untouchable HW DEP protection but enabling that option will decrease compatibility. As there is a way to bypass MS compatible DEP mode, sys-manage provided a way to use a compatible mode that could not be bypassed.
This should mean that their POC is focusing on execution of code from zones were it shouldn’t be allowed. In order to do this they successfully disable MS DEP if the OS is using the compatible mode.
In order to prove this concept I guess they don’t really need a Buffer overflow.
So actually Comodo and sys-manage used two different approaches. CMG focus on BO prevention. A BO can be exploited in order to execute code from unauthorized zones. So blocking A BO prevents exploit code too EDIT:READ about CMG protection in the next post ;D
Judging from sys-manage POC instead, it seems that they sure protect from code execution in unauthorized zones. But DEP protection doesn’t handle all types of BO.
So if you would like to test that software against Comodo BO tester please post the results in https://forums.comodo.com/general_security_questions_and_comments_not_product_related-b85.0/
and link them from here.
I would like to know if BufferGuardian handle ret2libc correctly. ???
Another thing to mention is that only latest P4 and upper CPUs have HW DEP support. So BO protection should protect more users.
No, the answers are “no” actually Their test just execute few instructions from stack, this is not a real shellcode, you can’t do anything without callin APIs, but CMG detects only API calls in shellcodes, not instructions.
P.S. Btw, do their BO-protection works ? It’s not workin’ on my PC somehow.