D+ prevents all programs from running in Windows 7

AK-87 · December 12, 2010, 9:37am

Greetings.

When I was installing CIS 5 on my computer, (Win 7 Home Extended, 32-bit version) I had Avast 5 already. After installation of CIS (I’ve used web-installer) and reboot, programs in autorun were working properly, but no other programs (e. g. Firefox, Foxit Reader, Total Commander etc., even Task Manager), except explorer, could be started by user. Trying to start them led cursor to go to “background mode” and – nothing. System continued to work, D+ made no notifications, but applications were unreachable.
I’d uninstalled Avast 5 – no changes. Turning off D+ and/or Sandbox and/or execution control and/or monitoring left everything unaffected.
The problem is solved only if deactivate the defence + permanently (even without reboot).
I think that CIS has conflict with internal windows security settings. But i don’t know what should be changed.
Had somebody encountered with similar problem? Help, please! O0

Valentinchen · December 12, 2010, 10:34am

Hey and Welcome!

look if you have blocked files and if thereare files that are always sandboxed.

CIS —> Defense+ —> Computer Security Policy. you have to check blocked files and always sandboxed

Can you tell me how big your file vendor n file? this is how you check the vendor files (they should be some kb) Now do these steps: desktop —> My computer —> program —> comodo —> comodo internet security —> database.

and if you have problem with the vendor list then look below.

Hey all!

here is how you solve this how you solve you “Trusted Software Vendors was lost” problem.

Download the attached and extract it on your desk (so that you have it visible).
restart the computer and press F8 and select safe mode.
Now do these steps: desktop —> My computer —> program —> comodo —> comodo internet security —> database. Keep database window open, now you delete all files besides the files that are called pending, now copy what’s in database_CIS in database.

The attached folder has the database from a clean Win7.

Take care and have a nice day.

Regards,
Valentin

[attachment deleted by admin]

AK-87 · December 12, 2010, 8:13pm

Thanks for help

Sections:
blocked files – empty
always sandboxed – empty.

Folder C:\Program Files\COMODO\COMODO Internet Security\database

24 bytes pending.h
2 bytes pending.n
2 bytes submit.n
4 672 bytes vendor.h
24 010 bytes vendor.n
24 034 bytes vendor.sha
76 bytes white.h
434 bytes white.n
8 files 53 254 byte

If I’m not mistaking, my vendor list is full.

So what can I still do to solve the problem? :comodorocks:

Citizen_K · December 12, 2010, 11:10pm

Do the D+ logs give us any insight? Can you post a screenshot of them? They are under Defense + → View Defense + Events.

Melih · December 12, 2010, 11:13pm

you can also simply uninstall and reinstall CIS…

sorry for the trouble we caused this by a dodgy update…really sorry

Melih

Citizen_K · December 12, 2010, 11:51pm

umesh post:20:

Hello Everyone,
We investigated the problem and here is explanation as what happened. For few hrs on Wednesday, cloud started returning Absent for all vendor look up and as CIS does scheduled cloud lookup for existing vendors to ensure if any is removed from cloud it is removed from local list; it ended up removing vendors from local list.

So in case any existing user who had been affected due to this bug, sees a new signed application, which is not safe by signature but only through trusted vendor lookup and if live cloud lookup fails, he may see alert.

While we are contemplating in providing update to local vendor list via program updates, any one willing to have list updated, can download master list via following URLs:

Steps for replacing:

Go to CIS installation folder
%PROGRAMFILES%/COMODO\COMODO Internet Security\database\

Rename ‘vednor.n’ and ‘vendor.sha’ and replace with following respectively:
http://download.comodo.com/av/tvl/vendor.sha
http://download.comodo.com/av/tvl/vendor.n

Re-start system and you should see complete list in Defense±->Computer Security Policy–>Trusted Software Vendors

Sorry for inconvenience caused.

Thanks
-umesh

AK-87 · December 17, 2010, 12:47am

Hi all, and great thanks for concern :-TU

Here are them

http://xmages.net/storage/10/1/0/d/1/upload/f67ebedb.png

It is since second reinstall of CIS. Previously I removed Avast 5, but it was of no use. So I decided to install it again, that’s the source of the second warning.

EricJH

Thanks again for advice, I tried it and my Trusted Software Vendors became much bigger, but the situation remained unchanged

Never mind, I like COMODO for innovations and bugs necessarily come along. The point is that I can contribute to make it better (even without coding skills ;D )

as for uninstall/reinstall – I’ve done twice – no result…

P. S. I’m really sorry for troubles that I make, but I’ve used CIS with D+ for almost 3 years and like it…

Citizen_K · December 17, 2010, 1:19am

It looks like there is another program or left over from previously installed security programs that may be in the way.

What are the security programs you have running in the background now? What security programs did you have in the past? May be left overs of previously uninstalled security programs are acting up. Try using removal tools for those programs. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Otherwise do a Google search with terms “removal tool” and * name of product or vendor*.

Keep us posted.

AK-87 · December 19, 2010, 10:13am

So… My system was installed in September and since then Avast was the only anti-virus/anti-malware soft. Using half an hour and these instructions I’ve done the following (++ means reboot):

Avast uninstall ++
Cleanup with avast cleaner ++
Manual & CCleaner cleanup, D+ enable ++
No use. D+ disable, uninstall of CIS ++
Manual & CCleaner cleanup ++
CIS install ++

After reboot all files in “Startup” worked properly. D+ added them to “Trusted files” list. When I tried to launch Total Commander, the warning appeared, that app was sandboxed. After clicking “Don’t isolate it again”, warning disappeared and nothing happened. No other programs except explorer could be launched (and no warnings about them were seen). BTW, CIS added TC to “Trusted files” list, but obviously it had no effect.
I still think that it is conflict between CIS and Windows security settings…

Citizen_K · December 19, 2010, 5:13pm

Not sure what is going on here. Did you change Windows security settings? If so, which ones?

AK-87 · December 19, 2010, 9:35pm

No, I hadn’t made any changes.
May it be conflict with UAC?
Should I post appropriate logs here (for UAC) ? Or, generally, should I post any system info for You to see if my suspicions are right? If so – what info and how to get it?
Many thanks

Valentinchen · December 19, 2010, 9:53pm

Hey and warm welcome to comodo forums AK-87!

do you have problem with the vendor list? Check what you have for size of you vendor files. all should have some kb.

Regards,
Valentin

AK-87 · December 20, 2010, 10:08pm

I’ve tried it – no result, unfortunately…

Citizen_K · December 21, 2010, 2:47am

What is your D+ rule for Explorer?

AK-87 · December 24, 2010, 6:15am

Windows System Application

Valentinchen · December 24, 2010, 10:52am

Could you provde you with a screen shoot for D+ events?

I don’t want to sound ignorant but I think it’s best if you uninstall CIS, read this and download the clean tool and then install CIS as admin.

Merry Christmas AK-87!

Regards,
Valentin