Okay… this is a really weird one… and I really hope that someone from the development team sees this (or is referred to it or something)…
Is there any possibility that D+ (or, really, any other part of CIS, for that matter… but I just figured D+ would be the most likely candidate) could somehow be “awakening” certain features of Windows Defender (WD) even if WD is turned off?
I know that sounds crazy, but let me tell you what’s going on…
I’ve got two notebooks… one a couple years old, and one brand spankin’ new. On the former, I admit, I’ve introduced many registry hacks; but on the latter, I haven’t hacked a thing… er… you know… yet. [grin]
My reason for explaining that, though, is simply to make the point that when the symptom I’m about to describe showed-up on my older machine, I kinda’ dismissed it as something I have probably somehow directly or indirectly caused by all the tweaking. However, when the same symptom appeared on the new laptop, I had to start asking myself what was both true and new about them…
…and my having installed the most recent CIS on both of them came first to mind. That doesn’t mean, I realize, that the symptom I’m about to describe is CIS’s fault, mind you… but I’m just racking my brain trying to figure this out… so I came here to see if anyone here has any notions about it.
First, I’m using 32-bit Vista SP1 on both notebooks.
On both machines, I’ve turned off Windows Defender using the method explained on most Vista tweak sites, which is: Open Windows Defender, then click on “Tools,” then “Options,” then scroll all the way down and uncheck everthing under “Administrative options.”
I’ve also, on both machines, told both copies of Vista “not to notify me, and not to display the icon” under the “Change the way Security Center alerts me” in the Windows Security Center.
Finally, I’ve applied a tweak to silence (but still keep working) User Account Control (UAC).
The Windows Firewall is also off (obviously, because CIS’s firewall has replaced it).
And then, of course, I’m using CIS 3.8.64739.471 (as firewall, anti-virus, D+, etc.). (I was using only the stand-alone Comodo firewall before… then just last week de-installed that and installed the newest CIS).
So, then, here’s the symptom: All of a sudden, Windows Defender, even though it’s allegedly turned off, is blocking certain programs from starting-up with Windows… programs that Windows Defender (because it has long been been turned off) had stopped blocking and nagging me about; and programs that have been starting-up with Windows for almost two years without a hitch…
…that is, until now… now that CIS is installed.
What I mean by blocking is exactly what Windows Defender does when it blocks a startup program. It puts a little icon in the system tray and pops-up a balloon saying that certain startup programs have been blocked; and then if you right-single-click on the little System Tray icon a menu pops-up and offers to let me “show or removed blocked startup programs” or “run blocked programs”, etc. If I click on "Show or remove blocked startup programs, lo and behold, the turned-off Windows Defender opens!
While the allegedly-turned-off Windows Defender was open on my screen, I went into the Security Center and clicked on “Windows Defender” and I got a message saying that it’s turned off. Now make sure you understand what I just wrote: While the allegedly-turned-off Windows Defender was open on my screen (having been opened by me from its icon on in the System Tray after its having appeared there because it inexplicably blocked some programs on Windows startup), Windows Security Center was saying that Windows Defender is turned off; and it’s offering to let me turn it back on and configure it by clicking on the little link at the bottom of the dialog that’s telling me this.
Huh? I’m thinking to myself, “Wait just one minute, here! How is it possible that I’m being told that Windows Defender is off (which, of course is exactly what it’s supposed to be) when, there it is, right there, open on my screen after having done something that it isn’t even possible for it to have done (because, after all, it was turned off), and that’s blocking some startup programs? What the heck is goin’ on here?”
Oh, but wait… it gets better: So then I closed Security Center and went back to the earlier-opened Windows Defender screen, and I clicked on “Tools” (so that I could go to “Options” and then scroll down to “Administrative options” to make sure that, indeed, there are no checkmarks there… to ensure that I really haveturned-off Windows Defender after all), and before I could get to the “Options” choice, up pops the very same dialog described in the bold letters in the immediately preceding paragraph… the one that tells me that Windows Defender is off, and offers me a link at its bottom that will let me, by clicking on it, turn Windows Defender back on and configure and use it.
It’s sort of like it’s saying to me, “Look, man, Windows Defender is off… so why in the heck are you clicking on “Tools” from the Windows Defender interface… it’s off!” (Never mind that if it were really off, then said interface wouldn’t even be up on my screen in the first place, would it? But I digress… sorry.)
Oh, but wait… it gets better yet again: What I just described, immediately above, is what happened the very first time I clicked on “Show or remove blocked statup programs” from the System Tray icon on the new laptop. After some Windows updates (which, incidentally, included cumulative Windows Defender updates, which I had not been receiving because, after all, Defender was off); and after the required post-updates rebooting, then when next I right-single-clicked on the little “Blocked Startup Programs” icon in the System Tray (again, after reboot), and then I clicked on the “Show or remove blocked startup programs” item, then, that time, instead of opening-up Windows defender (like it had the last time I did that), it opened to the “Startup” tab of the Windows “System Configuration” dialog (msconfig.exe) instead.
“Okay,” I actually said aloud, “now I really am confused!”
Now, just to be clear, here: Neither Windows Defender having opened the first time that I clicked on “Show or remove blocked startup programs” from the System Tray’s “Blocked startup program” icon; nor msconfig.exe having opened the second time instead, is really the problem. I figure that both of those will go away when and if we can figure out why Windows Defender is even bothering to look at what’s starting-up since, after all, it’s turned off. There shouldn’t have been a little “Blocked startup programs” icon in my system tray to begin with… because, after all, again, Windows Defender is turned off… or at least so says the Windows Security Center. This beyhavior just isn’t possible…
…that is, unless, just maybe, Comodo D+ (or some other part of CIS) is somehow interfacing with, tickling, using, sparking, touching, disturbing or in some other way somehow affecting or accidentally triggering Windows Defender behavior…
…which is the only thing I can think of because it all began pretty much around the time that I installed the latest CIS version on both laptops.
If I’m blaming CIS when I shouldn’t be, then I’ll wear that… that is, if it turns out that that’s the case. Until then, my 32 years of IT experience leads me to at least wonder if there’s a connection. I think that’s reasonable.
So, then, back to the question… a question that maybe only the developers can likely answer (hence the reason I earlier wrote that I hoped they’d somehow see this posting), and an issue in which I’d think they’d be interested since I know they’re trying to get CIS all bug-free and wonderful by October 2009, pursuant to Comodo’s CEO’s public pledges…
Might it be possible, wild though it may seem, that the Defense+ part (or any other part, for that matter) of Comodo Internet Security version 3.8.64739.471 (which version is fully and completely updated as of this posting on 2/20/2009) is somehow awakening or activating enough of my otherwise completely turned-off Windows Defender that said Windows Defender has started blocking startup programs again even though it shouldn’t be? Or… another possibility… has CIS turned Windows Defender completely on (not just awakened part of it but, simply, turned it backon), yet some registry entry is telling the Windows Security Center that it’s off?
It’s happening, I tell you… right in front of my eyes. If I’m lyin’, I’m dyin’! [grin]
Thoughts? Please? I’m kinda’ desperate, here.
NOTE: Of course, I know I can manually rip Windows Defender completely out of my copies of Vista, and then kill anything in the registry related to it. I’ve found several sets of instructions on various Vista tweak sites explaining how to do that. And I might consider that on my machine (the older notebood). But I’m trying not to hack-up/over-tweak my wife’s new notebook too much… or at all, really, if I can help it. I want her computer using experience to be as vanilla and standard as possible so she won’t ever have to explain to some tech support person somewhere why her copy of Vista is behaving differently than either its factory specs, or what is possible using regular Windows setting and configuration tools. I can handle those conversations because I’m an IT geek; but she can’t… nor do I want her to have to. So I really need to leave Windows Defender in (though still turned-off) at least her copy of Vista.
But, if you think about it, why am I even proposing that possibility? The drastic measure of ripping-out Windows Defender so that it will stop blocking startup programs even though it’s turned off (so that I can run CIS if, in fact, that’s the culprit) shouldn’t be necessary in the first place. Instead, if it turns out that CIS is somehow involved in this new and weird behavior (and I’m not saying it is… but if it turns out that it is… and it makes sense that it might be), then CIS needs to be patched/changed so that it plays nicer with all parts of the Windows Vista SP1 OS.
I need some help, here. I’m not saying, yet, that I blame CIS, but if you logic-your-way through all that I’ve described here, I think you have to admit that not at least considering the possibility that CIS might be the culprit would be flatly irresponsible… no? C’mon… that’s reasonable, under the circumstances, right?
I’ll take any thoughts or ideas or notions on this that I can get. Anyone? Please? I really don’t want to give-up on CIS. I’ve become a huge fan; and I like that CIS is finally getting so good – and almost certainly will be so by October 2009 – that it’s really starting to make sweat the execs at Norton and the other competitors!
And could someone who works for Comodo who’s reading this figure out which part of the development team would know about this and ask them to take a peek at this posting? And respond accordingly? Please?
NOTE: When I first made this posting, both notebooks were using the 3.8 … 468 version of CIS. Then maybe an hour later I noticed that the new version ending in “.471” came out, so I update both to that version, and the problem’s still there. So I edited the two references to version number, above, to the latest version because the newer version didn’t change anything… and I’m writing this to explain why the long delay from initial posting to the edit.