Hey guys, I’m at my wits end with this and I’m hoping someone might be able to help.
I’m running Win7 64 bit and using CIS Firewall (64bit version). I was using ESET Nod32 as my antivirus, but I uninstalled it while trying to troubleshoot the issue. After uninstalling either Comodo or Nod32, I make sure to run a registry cleaner. I"m using both the Comodo cleaner as well as CCleaner.
What is occurring is that my firewall is loading in the background, but the GUI will not show up, and no icon appears in the tray. When I try to open a new instance of the GUI, a new entry for cfp.exe will show up in task manager, but will never actually open.
In addition, any entries in startup in msconfig that follow Comodo’s entry will not start. On my computer, this includes Skype, Steam, and a mouse program I have. Also, when I uninstall Comodo, at a certain point in the removal, all of the programs will immediately start up. No entries are appearing in Window’s logs to indicate that there is an issue.
What I’ve tried:
- Uninstalling and reinstalling Comodo.
- Making all Exe files in the Comodo directory run in administrator mode.
- Uninstalling AV and CIS and then re-installing Comodo only.
- I found a post from a user who said they were able to get into safe mode, stop the service and the startup and then update Comodo once they rebooted. Once I rebooted and tried to run the update executable, nothing happened.
- Attempted to make the exe’s run in compatibility mode for Vista SP2. I run Win7, but it was worth a try.
I’ve read all of the posts with similar issues, but none seemed to fit my issue exactly. Any help at this point would be greatly appreciated.
Try the NOD removal tool and then see what happens. Here is a list of removal tools for common av programs: ESET Knowledgebase .
Nope. Started in safe mode, ran the uninstaller and rebooted. Installed Comodo, rebooted, same issue exists.
In case it helps, here’s a copy of a HijackThis report.
[attachment deleted by admin]
Update. Interestingly enough, I was able to get it to work so long as I installed it with the Firewall only option, and no the Proactive Malware Defense Option. Guess that’s good enough.
Thanks for th HJT log. It looks like there are various Windows system files missing.
Open the command prompt and run
sfc /scannow
and see if it reports there are system files missing and whether it can fix it. When it can’t fix it run do the same thing in Windows Safe Mode.
On a side note. Are you sing an stripped down version of Windows 7 (stripped with vLite or rather the Win7 counter part of that)?
Sorry, forgot to mention that the “(file missing)” error is a false positive generated by HJT. All those files were there when I manually checked. It’s a normal install of Win7. The only thing different is that right now it is awaiting activation due to my license key being packed up.
what AV do you have at the moment?
Regards,
Valentin N
Sigh.
I booted the computer this morning and we are back to square 1.
I am running ESET Nod32 AV.
add ESET complete folder in Exclusions of Execution Control Settings (CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…)
Tell me if that helps.
Regards,
Valentin N
Unfortunately I can’t open the GUI to be able to do that. Can that be done in safe mode?
It should work but I can’t guarantee you and don’t care if it says: D+ isn’t working properly; it’s normal since you’re in safe mode.
Regards,
Valentin N
You can open the GUI in Windows Safe Mode and change settings as you like.
Following are questions to try to figure out if other programs are of influence on your problem.
Did you have other security program installed in the past? Try using the removal tools for those programs to be sure there are not left overs interfering here.
I see you are using a Juniper client. Is that a VPN or remote desktop program of some sort? Can you temporarily disable or uninstall it to see if it plays a role here?
Added it to the Defense+ exclusions, no luck.
The Juniper VPN object is for a web-based VPN only activated when I go to my company’s website. Also, it was installed after the issues with the firewall began. The only other security related program I run is Spybot and the included Windows Defender.
The only thing I can think of at this point is that there is a conflict with ESET. Comodo installed fine as firewall only with ESET uninstalled. After reboot, it started up properly.
It looks like there may be a compatibility issue between CIS with D+ enabled en Nod 32 and that would be worth a bug report.
I have one last question in the process of analysis. Can you enable D+ try to open the GUI, then access the logs (View Defense + Events) in Safe Mode and then take a screenshot of them?