Comodo VSM Service Crash upon Exec of Kiosk

----ISSUES----

[ol]- “COMODO Virtual Service Manager” (VSM) service crashes upon execution of kiosk (Virtual Desktop). It would appear that HIPS is treating the virtual environments processes as threats… As it does show it is blocking 2 intrusions per execution of the kiosk.

  • Shortly after, shell crashes and explorer.exe is executed which opens up my file manager “Windows Explorer”.
  • I’ve had issues with CIS freezing and locking my system up requiring a hard power off on multiple systems after leaving any part of the CIS GUI open (the CP and notifications I don’t respond to) after a set amount of time. I assume this is due to a child process of CIS 7 either suspending/idling after a set amount of time.[/ol]

----SPECS----

  • Windows 7 Enterprise/i7 3rd Gen/16GB Ram/nVidia GeForce GT 650M/2x256 Duel Raid-0 SanDisk Extreme SSDs
  • Silverlight: 5.1.30214.0 /(KB2934150) Everything else is up-to-date
  • No software or policies installed/configured that could possibly interfere with CIS
  • Fresh DBAN wipe (Yeah, I know it degrades SSDs and you can’t TRIM raid arrays but only used 1 wipe (more than one wipe is only theoretically harder to recover) w/ Mersenne twister engine “PRNG”) and fresh install of Win7 from yesterday.

----COMMENTS----

Other than these issues that I am currently experiencing, my past few days of CIS 7 usage have been satisfactory, although I would like to see future support for TCP Re-sequencing, and OS Fingerprint Masquerading protection, HIPS integration directly into my web-browser, lower memory consumption, there are a few others I can’t name off the top of my head that are used in common tools such as hping to thwart firewalls, which are features included in the Endpoint Suite that I was previously using, the only problem was they had a lack of “control” with their HIPS integration on unmanaged clients.

For more details, the logs are available in plaintext and exported event viewer (you’ll need to change the file extension on the two event viewer exports from .evtx.log → .evtx for the sake of uploading) format below, as well as an exported log from Defense+ from CIS 7 (you’ll need to change the file extension on the CIS 7 export from .htm.log → .htm), along with all of the checksums. No debug information was available.


  File: ExplrExecOnVSMCrash.txt
CRC-32: 98a167c8
   MD4: e32b1005989b4c9a783698f278767d82
   MD5: f434214d9b1e0a7dd9e495f39580bf14
 SHA-1: 86adac1d5b1a65ca414f6d9affdc3fa6e5f2425a

  File: ExplrExecOnVSMCrash.evtx
CRC-32: 43f29e50
   MD4: 0c4972befa260e675d5e4359e8818f12
   MD5: 37dc5a93cfddb6621372494de1e5ab06
 SHA-1: c27e3e1564b3bd08f0b5ce27ef3a225aeaa063c6

  File: VSMCrash.txt
CRC-32: 6f19a881
   MD4: eef8f42b15c07fb34a613d6e6691a249
   MD5: 8fb599249b1d48208f68b0b1e0daafa9
 SHA-1: af5b950e310859a78a2ed0790dd66562d6674733

  File: VSMCrash.evtx
CRC-32: 2a3fddeb
   MD4: 4a569d4ec0bef63885920d5156d8653e
   MD5: 380aed3107f6f0b3dfc84b6b308cde62
 SHA-1: fb2ff61e5dcd8a4f7a9a674fe10718961a813269

  File: VDCrashCOMODO.htm
CRC-32: 9cf28322
   MD4: 3a838963f8d124669ee090bc60a985cd
   MD5: 4492cfd5e4dc740343d98fe9b23a23f9
 SHA-1: ab50731211e0bc32e21a26b760dc53a1c7076f65

[attachment deleted by admin]

For now I will be uninstalling CIS 7 Pro and switching my endpoints back to my previous endpoint security software, due to Comodos lack of customer support, technicians disregard for it’s customers (given a Comcast run around via GeekBuddy and on the phone), resource intensive clients, and instability issues.

Best of luck, R1776.