D+ Alert Bug with dumprep.exe

I couldn’t find this listed anywhere else, hence why I’ve joined and posted it. This is doubly annoying as when fullscreen game (Morrowind) crashed, the debug tool started to run. While off-screen the D+ window appeared and with the way Morrowind crashed I had to hard-shutdown my computer as I could not bring up the D+ window to allow dumprep to run.

The bug/issue

  1. What you did: Ended a program that had crashed
  2. What actually happened or you actually saw: Defense+ Alert about the “Windows Error Reporting Dump Reporting Tool”
  3. What you expected to happen or see: Nothing (Have set always allow multiple times now)
  4. How you tried to fix it & what happened: Have set the always trust this file or package

Files appended

  1. Screenshots illustrating the bug: Attached
  2. Screenshots of related event logs or the active processes list: No
  3. A CIS config. report or file: No
  4. Crash or freeze dump file: No

Your set-up

  1. CIS version, AV database version & configuration used: Not sure, latest version with latest database version
  2. Whether you imported a configuration, if so from what version: No
  3. Defense+ and Sandbox OR Firewall security level: Safe Mode
  4. OS version, service pack, bits, UAC setting, & account type: Windows XP, SP3, 32 bit, N/A, Admin account.
  5. Other security and utility software running: None?
  6. Virtual machine used: No

[attachment deleted by admin]

Thanks for a very helpful bug report.

Could you check the file signature on Dumprep.exe please. You can use Run ~ Sigverif.exe. And check the resulting list of files without signature for Dumprep.exe.

Many thanks


Done, dumprep.exe is not listed. A full system search for dumprep.exe found it located in:


Also got Comodo to check those files. They are not infected with anything according to Comodo.
www.VirusTotal.com result is: 0/ 43 (0.0%)

Thanks - its the System32 version that is live. Just to confirm this conclusion you might want to try adding a trusted vendor to Trusted Vendors in the Computer Security Policy using this file. It should object and say that MS is already a trusted vendor if CIS thinks it is signed.

Was CPU use high when dumprep was running?

Best wishes


You are right about one thing, Comodo did object to it being added. However it objected because “The file does not seem to be a valid signed executable”.
dumprep uses only a small amount of the CPU when it runs, and it runs for only a few seconds before closing again.

Comodo has also complained about Windows Messenger. Basically the same bug, just a different file. It also says that its not a valid signed file…

I’m sure there are others but I can’t remember them right now. I have used the “Send this file to Comodo for analysis” option on dumprep.exe and msmsgs.exe so that might help.

Other information that might help:
To get the dumprep.exe message, I use Media Player Classic and cause it to crash by opening video files one after another until it crashes. the msmsgs.exe pops up when opening Outlook Express.

Error reporting is disabled. With “But notify me when critical errors occur” ticked.

cmdagent.exe is not running. I use Comodo to terminate this process as it regularly disrupts software from running. One application in particular stops responding for a few minutes while cmdagent.exe sits there using 99% of the CPU and up to 100mb of RAM.

The paging file is located on an external 1.5TB Harddrive, set to system managed size. All other drives (3) have it set to “no paging file”.

[attachment deleted by admin]

Not all Windows files are signed. In Windows XP more than in Windows 7. On my XP SP3 with all updates msmsgs.exe and dumprep are not signed. No Comodo bug here.

There is a backlog of submitted files that are waiting to be processed. Nothing we can do but wait and see.

Also try the workaround as described in App. is not working correctly, but does not seem to be s/boxed. What to do? to see if that fixes the problem with your game app.

Hmm maybe, but don’t think so, but I don’t think this is a bug either. Are you judging by the file properties tab? In Windows confusingly, files which are catalogue signed do not have a certificates tab. Quite idiotic :slight_smile:

On my XP SP3 machine dumprep is signed, presumably on Itchy’s as well as sigverif did not pick it up (though this tool can be confusing).

I think the reason may lie in the fact that Itchy has cmdagent disbled?

If you disable cmdagent CIS does not work - you do not have security coverage.

This should not be possible: “I use Comodo to terminate this process as it regularly disrupts software from running”. But it is. So this is in fact an issue, I think.

Your CPU issue is probably caused by files being sandboxed, or needing exclusion from BO protection. I’ll wait for your and Eric’s response but probably transfer this back to help tomorrow, so someone can help sort your CPU issue out.

You are welcome to post “I can terminate cmdagent using the APL” as an separate issue if you wish :slight_smile:

Best wishes


I didn’t know that. Learned something new today. :slight_smile:

Working on my Win 7 here and used Sysinternals Sigcheck on dumprep of XP and it says it is not signed. See attached image. For unknown reason sigcheck does not check msmsgs.exe.

[attachment deleted by admin]

Hmm fascinating. Both signed here - using sigcheck. Msmsgs should be in program files\messenger?.

@Itchy. How are you with the command line? If OK download sigcheck.exe from Microsoft sysinternals and use:

Start ~ Run
sigcheck.exe -i -r dumprep.exe

Same for msmgs. And post the results please.

You may need to put the paths in inverted commas if they contain spaces

You still need to make sure you are running cmdagent!

Best wishes


The issue was caused because cmdagent.exe was not running. However in previous versions of Comodo (v3, v4) the issue never occurred, even if cmdagent.exe wasn’t running.
I doubt being able to terminate cmdagent.exe is a bug. I found that it can only be terminted via Comodo and not via other methods.

I still think this may be a bug due to the fact that this issue never existed in previous versions.
Also dumprep is signed according to sigcheck.exe

Turns out I need to use “” around the path for msmsgs.exe.

Further finding is that you can only do sigcheck on files of the active OS. In short when I booted my Windows XP SP3 installation both dumprep.exe and msmsgs.exe turned out to be signed. When I use sigcheck in Win 7 it cannot verify files from my XP installation.

Think we need a FAQ on checking sigs !!!

RE APL debatable, I agree. Maybe a devs back door!

RE issue in this report. No don’t think it a bug - CIS is not intended to work without command agent.

Re your CPU issues. On balance I think you should probably make a separate post in help for these. People will probably be able to help you with them.

Marking this one as resolved if that’s allright

Best wishes