Compatibility Issues with Lenovo (IBM) ThinkPad

CFP will not permit my ThinkPad laptop to start up properly.

I use ThinkPad’s built-in security chip and Client Security Software (CSS) along with their Fingerprint Reader. During the boot-up, the laptop freezes while checking the status of the embedded security chip, and will not open WinXP. When I uninstalled CFP3, the boot process executes normally.

I suspect this is a bug, but if any other ThinkPad users have found a way around this, I’d appreciate knowing how you did it.


Use v.273.

I have exactly the same issue on my T43. Thus far, I have not been able to trace the source of the problem. Perhaps the next bug-fix release of CFP will resolve this conflict.

Posted by: USSS

I have exactly the same issue on my T43.

Thanks USSS - nice to know I am not alone. My system is an R60 - with CSS8 and the FingerPrint software is ver. 5.6.2.

I forgot to mention in my earlier post that an older CFP3 build was working OK on my ThinkPad - (I think it was .268). Some time later, I applied an upgrade patch, and it booted also. Last night I decided to remove everything and install .276 because the older builds were very sluggish when submitting and looking up Pending Files.

I think I’ll stay on the sidelines, and keep CFP3 off my ThinkPad until this bug is fixed in a future upgrade.

I’m also running CSS8 and Fingerprint Software 5.6.2.

As for submitting files, I generally don’t unless I have downloaded something or installed some new applications. I view the Pending Files list about once a week, and usually purge most, if not all, of them. New files are moved to My Safe Files repository.

Unless you are behind a hardware firewall/router, I would urge you to reinstall the most recent version of CFP that worked without issues on your system. The Windows Firewall is not worth the code it’s based upon.

Likewise, I’m glad to learn there’s another ThinkPadder out there with the same issue related to v.276.


I submitted a bug ticket to the Comodo Support team approx. 1 week ago. I received a reply asking for basic info (OS, AV, Other security software) - but I haven’t heard anything else since. I am reluctant to install the latest release or any other update until I see a changelog that acknowledges the ThinkPad Security Chip bug has been resolved.

If any other ThinkPad user has had success with ver …15.277 and an activated Security chip, please post. Thanks

I would stick with v.273, as there is nothing in the changelog – at least for me – that warrants upgrading to v.277.

On my IBM T43 laptop, I could never log onto Windows when v.276 was installed. On my desktop, on which v.276 is installed, the Windows MSI Installer bug still persists, and there is no mention of a fix for that in the latest release.

I’m sitting tight for now.

I have a T60 and I’m using the latest firewall version .277 without any startup problems but again I didn’t have that problem with the earlier versions either. Below I listed some info of my computer that may help.

Computer: Thinkpad T60
OS: Vista Home Premium
Client Security Solution 8.00.0113.00 (activated)
Fingerprint software

I never installed the latest CSS v8.10.0006.00 and the fingerprint software v5.6.2.3650. I have a different OS so that may be why I’m not having the startup problem.

edit: added activated to CSS

Yeah, I’m beginning to think it may be a problem somewhat related to Windows XP Pro SP2 on my T43. Ironically, v.276 runs just fine (with the exception of the Windows MSI Installer bug) on my old Micron desktop PIII with the same OS.


I have successfully updated my T43 to CFP v3.0.15.277 from v3.0.14.276. I also was able to successfully export my saved configuration settings under v.273 to the new version.

Unfortunately, the update required following my own set of comprehensive instructions (gasp, (:TNG)) for removing v.273. Only glitch I encountered after rebooting is I was unable to re-enable my DSL Internet connection. So I powered down my DSL modem, Linksys router, and then performed a repair of TCP/IP protocol stack and WinSock layer. Then I rebooted and – before CFP loaded (appeared in the system tray) – I manually re-enabled my Internet connection.

Keeping my fingers crossed…and my system boot time has noticeably decreased with the new version of CFP.

Posted by: USSS


I have successfully updated my T43 to CFP v3.0.15.277 from v3.0.14.276. I also was able to successfully export my saved configuration settings under v.273 to the new version.


Do you think is worth a shot for me - or is it possible that it only works because you imported your .14.273 settings?

I have no old config files, so I would be doing a fresh install of …15.277. I would prefer avoiding the agony of uninstallation and a registry clean-up if .15.277 is a low probability installation on my ThinkPad. Any thoughts?


ThinkPad R60
Client Security System 8 - Embedded Chip “enabled”
Fingerprint Reader 5.6.2

For a ThinkPad user, I don’t think that upgrading to v.277 is absolutely necessary. My success with installing it on my T43 probably has more to do with my diligence in removing all remnants of the previous version – v.273 – than with the application of my custom configuration file to the updated installation.

You can probably convince yourself to stick with v.273 by reviewing the latest changelog – there simply does not appear to be a compelling reason to update your installation at this time. However, with the prospect of a new version coming out soon – rumored to contain some new features and significant enhancement of existing ones – you can argue that keep your installation current might uncover some issues that are not occurring with v.273.

My vote is to stick with “who brung ya to tha dance” for now. Then let the early adopters of the next update confront and resolve any bugs that may be present.

I have unsuccessfully tried everything I know to get 3.0 to work on my T43 - any advice?

Hi, Bill, and welcome to the forum.

Funny that your first post addresses a problem I’m now having on my own T43 with the latest version of CFP, v3.0.16.295. The previous version, v3.0.15.277, worked fine.

Anyway, let’s tackle your problem first.

Which version of CFP are you trying to use? Also, do you have the Security Chip enabled? Additionally, are you using any or all of the following: Client Security Solution (CSS, which version?); Password Manager, and Fingerprint Software? (I am using the latest versions of all of the above.)

Post back and let’s see if we can fix both of our problems.


I have successfully updated to CFP from v3.0.15.277 using the program’s internal updater on my IBM ThinkPad T43.

This is the first time that I have not had to perform a complete uninstall of CFP in order to upgrade to the latest version.

This indicates – at least on my systems – that the updater in CFP is getting better.

Just to join into the discussion. I have the same problem with my Thinkpad T60.

After installation of Comodo (latest version, first program installed on machine, Win XP, SP2), I get the message “Checking the security chip” (in german, that is) forever after booting. And that’s it. Everything was fine after I uninstalled CFP.

I don’t know the CFP software, but do you think I might help to install the CFP with more relaxed security settings?

Akbar, welcome to the forum, and bonus points to a fellow ThinkPadder.

Installing CFP with reduced or “basic” security will likely not resolve your issue.

My recommendation is to install v.277 first, then update to v.295 using CFP’s internal updater. This is the ONLY way I was able to get v.295 running smoothly, after performing – three – clean installations of the latest release. Up to now, I had avoided using the CFP updater because of reported issues. It apparently is much improved now.

Be aware that I encountered the same looping problem at the security chip status window when I first installed v.277. It required about an hour to completely remove .277, then perform a fresh reinstallation of it. It worked fine after that.

You should still be able to find v.277 on some of the software download sites.

Before reinstalling v.277, check the following post to make sure you remove all remnants of CFP from your system. Try using the batch file first (at the bottom of the post), then install CFP:

Post back and let us know how you fare.

I, too, have the same problems with IBM/Lenovo ThinkPads and the embedded security chip. All the affected computers are running Windows XP SP2. These problems occur on an older IBM ThinkPad T41 as well as newer Lenovo branded T60 and T61 models.

Version of Comodo Firewall worked without a hitch on these machines. Either version 277 or 295 broke the boot process. The only way to proceed was to boot in XP Safe Mode, disable the firewall, reboot, then enable the firewall. It made no difference whether Defense+ was enabled or not.

With version 309, booting was again possible unless the laptops were docked in a docking station. Running on battery worked, as did booting with the external power supply attached. The laptops needed to be hot-docked while running if a docking station were to be used. It made no difference if the docking station had Ethernet or USB attached or whether the laptops were using wireless ethernet. Boot with the laptop docked, and the process hung at the “Checking embedded security chip” screen.

Today’s Comodo update broke even the workaround mode for booting ThinkPad laptops. The only way to boot when the embedded security chip is enabled is to have both the firewall and Defense+ disabled. Booting on battery power, with attached power brick, or in the docking station all result in a hang while checking for the embedded chip.

Any thoughts about how to bring this to Comodo’s attention? Their firewall is an otherwise outstanding product. We have 3-year licenses for 20 machines with another vendor (Agnitum), but are not using Outpost Firewall anymore as Comodo’s free product outperforms it in all ways except allowing ThinkPad laptops to boot. I do not know if this problem persists on Vista. We only use XP and Server versions of Windows.

Hi, Ethan, and welcome to the CFP forum.

I am running a T43 (2687) with a Mini-Dock. I’ll work with you to see if we can get your
issue(s) resolved.

I checked back through my System Maintenance Log on my T43, and it shows v.304 of CFP as the last version that caused problems on my T43. However, that issue was related more to the updater as opposed to the security chip causing my machine to lock into an endless loop “Checking the status of the security chip.” Both v.295 and v.277 caused considerable grief related to the security chip, as mentioned in your post. BTW, I am also a former user of Agnitum Outpost Firewall Pro; however, CFP is the first standalone firewall I’ve used on my T43.

I updated this morning to v.349 and have encountered no issues for the first six hours.

Let me lob some preliminary troubleshooting queries at you first, then we can take it from there.

  1. Which dock(s) are you using? Port Replicator, Mini-Dock or Dock II? (I know the Port Replicator is not a true docking station, but let me know if you are using it.)

  2. Are you using Access Connections?

  3. Are you using any or all of the following (latest versions): Client Security Solution 8, Fingerprint Software, Password Manager and Rescue & Recovery?

At this point, I would hold off submitting a bug report to Comodo until we’ve delved into this a little further. Eventually, you may need to furnish a crash dump log to them.

I’ll be around most of the afternoon/evening (Saturday), so I’ll check in from time to time for your answers to the above.

USSS: Thanks for your response.

Docking stations:

  • The T41 (same problems seen on a T41p) computers both use the old IBM full docking station designed for the A, R, T, and X 30, 40, and 50 series laptops.
  • TheT60 is connected to a Thinkpad Advanced Dock.
  • The T61 hooks to an Advanced mini-dock.

All the computers use Access Connections (latest version). The computers all fail to find the embedded security chip regardless of whether the wireless modem is powered on or Access Connections is or is not set to connect at logon.

Additional software:

  • Rescue & Recovery is not present on any of the machines.
  • Client security Solution is used on all (otherwise there would not be any check for the embedded security chip prior to login). All machines are configured to use CSS rather than the standard Windows XP logon.
  • One each of the 40 and 60-series laptops use Password Manager. The others do not.
  • The T61 is the only laptop with the fingerprint reader.
  • Selectively disabling all HKLM and HKCU Run programs, non-essential services, and Startup group programs does not allow any of the machines to boot if Comodo’s firewall is not set to Disabled mode.

As for crash dump logs, that does not appear to apply. There is no crash - just a failure to boot. With Comodo versions prior to v.349, I tried hot-docking the system after the embedded security chip was found, but before logging in. Login failed, with various CSS errors. The only method that worked was to wait until login completed and then hot dock.

Version 349 simply refuses to allow communication with the embedded security chip on all the ThinkPads we have it installed on. Windows must either be started in Safe Mode (which disables both Comodo and CSS) or Comodo needs to be set to Disabled mode prior to shutting the computer down. Neither v.349 not prior ones allowed resuming from hibernation or standby if the firewall was enabled.

As for the installation history: One of the T41 systems started its Comodo life with version 2.something. I went through various iterations of the full Comodo uninstall process detailed in this topic and others to no avail. The T61 system first found Comodo with the version prior to v.349. It was fresh from Lenovo at that point. The other computers had intermediate versions of Comodo Firewall installed, and have had both the integrated upgrade and a full uninstall/re-install performed.

Ethan, thanks for replying with additional details on your configurations.

The two items that stand out to me – for troubleshooting purposes – are the fact that (1) you cannot resume from Hibernation or Standby when the firewall is enabled and (2) the numerous CSS errors that are reported.

Have you tried disabling the security chip temporarily on any or all of the machines to see if Comodo functions normally otherwise?

At times, certain iterations of CSS have been somewhat, shall we say, “temperamental.” A complete uninstallation and reinstallation of CSS might resolve your issue. Occasionally, some of the updates offered by System Update 3 can cause havoc with some of the other ThinkVantage applications, including CSS.

But I would first try disabling the security chip on all of your machines, then run them as you normally would – assuming you can boot and log in via standard Windows XP login – then re-enable the chip to see if the problems reoccur.

Is it a problem with the BIOS? Maybe. Do you have the latest BIOS version installed on all machines? Have you changed any of their settings lately? More important, have you checked to make sure the BIOS settings have not been changed for some unknown reason?

I also wonder if one or more of your security policies might be interacting with Comodo in such a way that the security chip is blocked from communicating with CSS. CFP’s “tentacles” can stretch pretty close to the OS kernel, and weird things can happen when DLL hooks are established with or near the core of the OS.

This is going to be a tough one to ■■■■■ because of the number of different machine configurations involved. The common denominator, though, appears to be CSS’s inability to communicate with the security chip.

I don’t think Password Manager is a factor. But Access Connections…I don’t know. I don’t use it, yet I have heard horror stories about it on the ThinkPads forums. It otherwise appears to be working OK on your machines, so let’s leave it intact and enabled for the time being.

It might be easier to troubleshoot the problem if we work on just one of the machines – perhaps the T61 since it most closely resembles what I have (T43 with fingerprint reader and Mini-Dock). If we can get one system fixed and running, we might use that as a “template” for troubleshooting the others. I would recommend, if possible, troubleshooting the target system without it connected to the Mini-Dock.

I started this thread 4 months ago, and I was amazed to discover that it’s still alive!

I experienced this boot problem with build I was unable to overcome it, and decided to uninstall CFP 3 and wait. Several days ago, I decided to install build, and it booted without any problem!

I have made several changes to my ThinkPad system since my original post; and I don’t know if the solution comes from updated CPF, or from software additions / deletions made at my end. For those who are interested, here are the changes:

(1) CSS8 is removed, although the security chip is still enabled in BIOS. I now use KeePass to manage passwords, and TrueCrypt to handle encryption. I still use the Fingerprint reader 5.6, but only for system, XP or BIOS login.

(2) ThinkVantage Access Connections is removed, and replaced by NetSetMan (freeware).