A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?:
Every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings
to 1 and select the System level ASLR as ‘Always on’ (see the emet 4.1 user guide PDF and the EMET GUI main screen) 2:Reboot the computer and log in 3:Wait for explore to load 4:Once it loads open a folder, a browser, or open task manager. Note that they either freeze straight away or eventually will freeze.
If not obvious, what U expected to happen:
There should be no freeze.
If a software compatibility problem have U tried the conflict FAQ?:
This may be an incompatibility with EMET 4.1.
Any software except CIS/OS involved? If so - name, & exact version:
EMET 4.1 update 1
Any other information, eg your guess at the cause, how U tried to fix it etc:
I’ve tried disabling HIPS but it didn’t seem to make a difference.
I have seen this on 2 separate laptops.
Disabling the specific EMET setting relating to system level aslr, provided in step 1, fixes this freeze.
[/ol]
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
7.0.317799.4142
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All of the above. On access AV, Safe mode FW, Autosanbox on to partially limited.
Have U made any other changes to the default config? (egs here.):
Enchanced defense plus protection is on.
Have U updated (without uninstall) from CIS 5 or CIS6?:
no
[li]if so, have U tried a a clean reinstall - if not please do?:
no, this is a clean install - clean laptop and first time comodo 7 install and happens on two laptops.
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
win7 x64, latest SP and Win updates. Default Uac settings (on, prompts for admin control panel actions and setup type apps). Admin and guest account - same problem
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=None b=None
[/ol]
Thank you for reporting this issue. However, please edit your first post so that it is in the format provided here. I’m sorry, I should have mentioned the format when we discussed this previously.
To use this format just copy and paste the code. Then replace the question marks with your responses.
well, let’s try this. As a matter of feedback - playing with 2 pages of BB tags is a ■■■■ experience .
A. THE BUG/ISSUE
Potential ASLR system level set to ‘always on’ EMET setting incompatibility
Can U reproduce the problem & if so how reliably?:
yes, very
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
[b]1:To enabled it you need to set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\EnableUnsafeSettings
to 1 and select the System level ASLR as ‘Always on’ (see the emet 4.1 user guide PDF and the EMET GUI main screen)
page 33 and 34 of the user guide for 4.1 u1.
[/b] 2:reboot? 3:login? 4:wait for explorer to load 5:open a folder, open a browser, open task manager - they either freeze straight away or eventually
If a software compatibility problem have U tried the conflict FAQ?:
Maybe with EMET System Level ALSR settings and comodo HIPS. I’ve tried disabling HIPS but it didn’t seem to make a difference.
Any software except CIS/OS involved? If so - name, & exact version:
EMET 4.1 update 1
B. YOUR SETUP
[li]Exact CIS version & configuration:
7.0.317799.4142
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All of the above. On access AV, Safe mode FW, Autosanbox on to partially limited.
Have U made any other changes to the default config? (egs here.):
Enchanced defense plus protection is on.
Have U updated (without uninstall) from CIS 5 or CIS6?:
no
[list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?:
no, this is a clean install - clean laptop and first time comodo 7 install and happens on two laptops.
Have U imported a config from a previous version of CIS:
no
[/list][/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
win7 x64, latest SP and Win updates. Default Uac settings (on, prompts for admin control panel actions and setup type apps). Admin and guest account - same problem
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
Thank you for the formatted bug report. I have edited the first post so that it is in the required format. I also made some small changes to the wording. Please look it over and make sure that everything is correct.
I think it would be very useful to know whether disabling EMET is able to make this freeze go away. If disabling does not make it go away, does temporarily uninstalling it get rid of the freeze? If so then we can localize an EMET conflict as definitely causing the issue.
Also, please create and attach a diagnostics report to your first post. If you have any questions about how to do that please feel free to ask.
only the specific EMET setting relating to system level aslr causes the freezing. setting that setting to application optin instead of system on fixes it.
re diag report - it says diagnostics found no errors.
I can upload it - but please first confirm that only comodo will have access to it in case it contains sensitive information (e.g. in dump files)
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
I have had problems with system becoming less and less responsive. Read, starting executables did not seem to happen; after 15 or so minutes I would get an error message from Windows stating it cannot open the file and suggests right limitations may be at hand.
It seemed to start happening after I had shortly installed EMET. The odd thing was that the problem also happened when I installed previous versions of CIS 7 (I did not have the problem on those versions before); my system was jinxed… :-X Reinstalling and uninstalling EMET did not change the system. The problem went when I uninstalled CIS.
I decided to reset Windows 8.1 and start from scratch again. My Windows 7 SP1 installation is still jinxed. I may try installing EMET again after making a system restore point to see if the problem resurfaces again.
just in case - Emet system level aslr set to always on ONLY. (not general emet max or recommended settings without the unsafe settings turned on)
happens almost immediately after windows 7sp1 + updates boots up.
I open up a folder in program files via explorer and after that try to run chrome and taskmgr and everything doesn’t load properly or work per se
Normal emet settings (incl max security without unsafe) worked fine on win8 and now on win8.1. I haven’t tried turning on System level aslr for it on win 8.1 u1 yet.
i think we get similar symptoms - but mine appear quicker and I don’t seem to get any error messages after they surface- i.e. exes don’t start etc, but i can move the mouse and there aren’t any errors just nothing opens :D.
funnily enough if i open certain things instead of explorer window first, the symptoms seem to take longer to surface. but eventually every existing process becomes unresponsive as well
The devs have asked that I request some additional information. Could you please open KillSwitch through CIS. Then right-click on the EMET process and select to create a Full Dump. Then see if any of the CIS processes will also let you make a Full Dump (I know that some will not allow this).
Once you have these dumps please put them in a zip file and upload them to a File Sharing site, such as this one and paste the download link(s) in your reply.
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.
Executing op: RegSelfReg(File=cmdstat.dll,FileID=cmdstat.dll)
CustomAction +cmdstat.dll returned actual error code -2147024894 (note this may not be 100% accurate if translation happened inside sandbox)
Product: COMODO Internet Security Premium – Error 1904. Module C:\Program Files\COMODO\COMODO Internet Security\cmdstat.dll failed to register. HRESULT -2147024894. Contact your support personnel.
in the logs and a few more
To top it off, I can’t find CIS7 to install since all the downloads redirect me to 8
I’ve submitted a support ticket
Ticket ID #AAG-143-93690
Priority Urgent
The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.
If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.
