I didn’t realize what I was doing so I choose “treat as isolated” to a security app “lock.exe” on an Imation USB stick. After this my fresh new XP installation is useless. I have no user rights, cannot close down the computer except by pushing the button, no right to access programs or data. There was no warning from the Comodo software, asking if I really was sure etc.
Cannot reboot with F8, maybe because I run an encrypted harddisk (standard Thinkpad option).
Can reboot as another user, “administrator”, but no rights here either.
I have access to copy my data through Thinkpad Rescue & Recovery tool which I am doing right now. I had (:AGY)n’t gotten around to to a making a backup using the Thinkpad software so a Windows restore from the Rescue & Recovery section is not possible, except if I do a full restore to factory state. I’ll loose many hours of work if I have to rebuild the whole installation from anew. Does anyone know how to disable Comodo with only file level access (I could probably boot from my rescue cd and get to an editor - or maybe I could boot from some linux rescue cd).
this seems like a serious flaw. Comodo supporters (if any reading this) - what can you do to get me out of this mess asap and make sure it does not happen to others.
Can’t access the Gui or pretty much anything eh ? Just click on Start > Log off (not turn off), then you’ll be able to restart pc. After that you will need to boot into safemode and make the changes from Comodo Gui. I’m guessing %windir%\explorer.exe is what you need to change from computer security policy menu.
This probably needs to be a sticky. Not sure if it already is.
They cannot get into safe mode. That is even in the subject title. Before you select block or isolated you should know what program your block or isolating.
Turned out I had a second problem that interfered. The computer is a new Thinkpad T61 and when it is docked in the docking station (which in the new generation has electronics built in - and the computer has autodetect of driver for the dock) there is only a extremely short interval in which F8 is accepted. Found help on this here My New Laptop – A Thinkpad T61 – Carlton Bale - go to post # 73
This was the first time I needed a F8 reboot on the new machine so I wasn’t aware of this. I could access F8 once I had undocked - and yes, it was explorer.exe that had been isolated. I can see I’m not the first one experiencing this. Should be fixed by Comodo developers by inserting extra warning menu before isolating a program - stating exactly what is being isolated, especially when it is a program normally classified as safe.
u can login but have no right to disable defense+ ?
u didnt use some app to backup your system so u can recover it before changes were made in comodo?
or it’s not possible to backup your encrypted HD?
if explorer.exe is set as isolated app, so it’s impossible to use the GUI i guess?
is it possible to uninstall comodo in console mode?
when u got a defense+ alert u can check infos about the file, so u see where the file comes from, it’s better not to isolate a MS file in defense+.
and i imagine that u knew that explorer.exe is the GUI of your system so to isolate it means u wanted explorer to have no rights to access or modify system.
so if u set explorer like that, it means u can’t change anything in comodo?
it’s not possible to modify settings in comodo if explorer is configured by mistake as isolated app?
if it’s the case, that’s a problem, comodo access and modify settings shouldnt be locked by a wrong rule.
but i’m not sure i get the prob, what i understood is that setting explorer as isolate app in comodo had for result a completly mess of your system with no more rights.
i’m going to isolate explorer.exe and reboot to see how it is, after some backup of the system, so in case i get into troubles and find no possibility to fix it, i’ll recover and get back with the same system i’m actually using.
if i face same probs, we have to be sure that there’s no way to fix it.
but my system is not encrypted,
can u access console mode and use commands to access data? is it possible to uninstall comodo from console mode? and if it’s not possible, is it possible to delete comodo folder from there or is the folder protected from delete, and if it’s not, what will happen on reboot if comodo is not present anymore? maybe it will be not possible to login or explorer will not load?
yep that’s true that setting explorer as isolated block u from doing anything, there’s no more possibility to change anything but as it was posted before, u just have to log off then restart from the login screen and reboot in safe mode so u can modify the explorer setting in comodo and i set it back to windows system app and i’m back with a working system so all is fine, i was able to fix explorer, but u just cant reboot after set explorer to isolated, only log off then restart is possible then safe mode allow u to modify explorer setting in defense+.
Got the same problem with ALL applications NOT responding (including shutdown!) and did the following:
Invoked Task Manager with Ctrl-Alt_Del as right click on Taskbar did NOT function.
In the resulting window, clicked on the File menu and selected the “New Task (Run…)” option.
In the Create New Task window, typed cmd and clicked “Ok”. This should open a Command window.
In the Command window, typed the following: cd “C:\Program files\COMODO\Firewall”. Note that a single space must be left between the words “Program” and “Files” and that the double quotes must be typed as well.
Executed the cfp.exe program there and the COMODO firewall window should appear.
AFAIK the isolation problem is not a bug, it’s a misunderstanding. The selected option always applies to the process doing the action. In a execution alert the parent is the one doing the action (e.g. explorer.exe is trying to execute lock.exe), not the child.
However many users get confused and believe that, during an execution alert, the option applies to the child process (a very easy to make mistake as users are usually thinking about the child process and it’s not clear from the alert).
For example if you select treat as installer/updater and remember this action the explorer.exe policy is changed to installer/updater (I’m not using comodo right now, so somebody test that for me, please)
IMHO “treat as” should say “treat [the name of the application without the path] as” e.g. treat explorer.exe as
That’s smart. When you press ctrl+alt+del the taskmanager is executed by winlogon.exe, not by explorer.exe.