The bug/issue

  1. What you did: Tried to run DT Lite.
  2. What actually happened or you actually saw: As soon as I log in, Defense+ pops up saying that it detected a shellcode injection attempt at DTLite.exe, and after I select “skip”, DT Lite reports that “This program requires Windows 2000 with SPTD 1.60 or higher. Kernel debugger must be deactivated.” and terminates itself.
  3. What you expected to happen or see: Run DT as usual.
  4. How you tried to fix it & what happened: Only thing I can think of is deactivating D+, but I’ve not tried it.
  5. Details (exact version) of any software involved with download link: DT Lite, http://www.daemon-tools.cc
  6. Any other information you think may help us:

Files appended

  1. Screenshots illustrating the bug: DT Lite error message and CFP shellcode warning screenshots attached.
  2. Screenshots of related event logs or the active processes list: attached the related log exported as HTML. Rar is not password-protected.
  3. A CIS config report or file. n/a
  4. Crash or freeze dump file: n/a

Your set-up

  1. CIS version & configuration used: CFP 5.0.162636.1135, firewall only with optimum proactive protection
  2. Whether you imported a configuration, if so from what version: the latest v4 version, can’t remember the full number though :slight_smile:
  3. Defense+ and Sandbox OR Firewall security level: respectively: Paranoid mode, enabled, Custom Policy mode
  4. OS version, service pack, no of bits, UAC setting, & account type: Win 7 Home Basic x64 fully updated, UAC enabled, Admin account
  5. Other security and utility software running: Avast 5 free, Sandboxie free, MBAM 1.46 registered
  6. CIS AV database version: n/a

PS: http://forum.daemon-tools.cc/f19/daemon-stop-working-windows-7-ultimate-64-bit-27117/ is the thread at DT forums.

[attachment deleted by admin]

Sounds like it might be related to alcohol’s issue. Both use the SPTD driver. try deactivate defense+ permanently(not to be confused with setting defense+ to disabled) and restart.

Many thanks for a very thorough issue report

I think you may find that it will run if you exclude it from buffer overflow protection on the IEC tab of D+

Then reboot and retry.

Please say if it works!

Best wishes and many thanks


Dunno if it’s related to SPTD -Alcohol seems to work perfectly fine-.
About the buffer overflow protection setting, excluding DT (without rebooting) prevents the CIS warning, but it still crashes.
I’ll edit this post as I do more testing about deactivating D+ and so on.

EDIT #1: Adding DT to the exclusion list of the buffer overflow protection prevents CIS from warning me, but leads to DT process being terminated without any warning. I’ll try the D+ deactivation as soon as my backup is finished.

Edit #2: Yep, as stated in the DT forums as well as here, deactivating D+ and rebooting allows DT to work perfectly fine. Guess it’s a small D+ kernel bug or something.

Edit #3: Did a 3rd reboot. Deactivate D+ and DT works fine. Reactivate D+ and DT works fine again provided you previously excluded it from the buffer overflow protection. Remove DT from the exclusions list and we’re ■■■■■■■ up again :expressionless:

OK this is very confusing. Several users have reported that DT does work with CIS 5 if excluded from BO, and computer is rebooted before running. (Obviously DT should also be trusted if it is not already - probably best to try making all the executables in the directory installer/updaters in the computer security policy).

Ca you confirm that it does not run on your system even if you exclude from BO, add all the DT directory executables as installer/updaters then reboot the computer before re-trying?

Best wishes


I have to agree with you about the confusion my results can generate.
However, it seems that the issue can only be reproduced in the first-second reboot after you’ve installed CIS.
I’ve also tried what you suggested in the post above, and as I expected, I was not able to reproduce the issue again.

I think if this works after a reboot, it probably does not count as an issue. Shall I transfer to help to see if others have similar experiences? You post may help them?

Best wishes


No problem, feel free to summarise all this thread in a single post.
Do notice that this problem will arise only if you haven’t rebooted twice before using DT.

I think what probably happened here was that it worked on the first reboot after the buffer overflow exclusion? If so that’s what should happen, so its probably, on reflection, best to mark this as resolved.

Will move it there for the mo, but if you think I am wrong please do post again.

Best wishes


Hi there,

i followed this thread closly and tried all posted solutions, but none worked for me.
Daemon Tools still won’t work for me.
D+ is deactivated(annoyingly it was activated after update) and still the above error appears.
What else am i supposed to solve this issue?


Best regards

Worked now. Deleted exlusion Entry and reinserted the Folder of DT to the exclusion of BO. I restarted with D+ active and deactiavted it. Now it works.

Can please someone provide the steps to be taken in order to make DT work? I am realy confused here… ???

Please see the FAQ number 4:


I have the same problem. Daemon tools lite and pro doesn’t work and when i start program i have error
This program requires at least Windows 2000 with SPTD 1.60 or higher. Kernel debugger must be deactivated

What i must do daemon tools work??

Fine solution for me (may be some different names cuz i use russian version and just try to translate names on your barbarian language):
comodo->protection->proactive defence settings->execution control settings
at the bottom of page
blah-blah shell code - push exeption button
add DTlite.exe (e.g. “c:\program files (x86)\daemon tools lite\DTlite.exe”)
and add “%systemroot%\System32\drivers\sptd.sys” - this is problem driver, that needs to make DT work.


  1. What you did: Installed latest Comodo Firewall with Defense+ active while Daemon Tools Pro Advanced was installed.
  2. What actually happened or you actually saw: After a reboot, Daemon Tools failed to detect that SPTD was installed when I went to add a SCSI or IDE virtual drive. SPTD is required for the SCSI and IDE virtual drives to function. The program even deleted the SCSI and IDE virtual drives I had set up already and set up a basic DT virtual drive on its own…
  3. What you expected to happen or see: My previous virtual drives to stay active and Daemon Tools detecting that SPTD was installed when I went to add a new drive.
  4. How you tried to fix it & what happened: Disabling Defense+ permanantly through Comodo Firewall fixes the issue but lowers overall system security.
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?: None of those scenarios apply to this situation.
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): Daemon Tools Pro Advanced 4.41.0315.0262 - DAEMON Tools for Mac: Smart mounting and imaging software - DAEMON-Tools.cc
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Install Comodo Firewall or Comodo Internet Security with Defense+ enabled and then install Daemon Tools Pro Advanced. The reverse order can also reproduce the issue.
  8. Any other information (eg your guess regarding the cause, with reasons): No additional info

B. FILES APPENDED. (Please zip unless screenshots).:

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Attached in 4 parts because the process list was so long
  2. Screenshots illustrating the bug: Attached. Note the SPTD setup dialog box saying that the version of SPTD required for the SCSI and IDE virtual drives (1.78 in this case) is already installed. You can also see that I’ve pressed the “Add SCSI Virtual Drive” button in the Daemon Tools toolbar only for the “SPTD will be installed” dialog box to appear.
  3. Screenshots of related CIS event logs: No relevant event logs found.
  4. A CIS config report or file: Zipped and attached config file.
  5. Crash or freeze dump file: No crashes or freezes
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Attached.


  1. CIS version, AV database version & configuration: Firewall only - version 5.9.219863.2196
  2. a) Have you updated (without uninstall) from a previous version of CIS: No. This is a fresh installation.
  3. a) Have you imported a config from a previous version of CIS: No previous configuration imported.
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Not using Comodo Secure DNS servers
  5. Defense+, Sandbox, Firewall & AV security levels: Safe mode, Disabled, Safe mode (no AV)
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Ultimate SP1 x64, Default - Notify me only when programs try to make changes to my computer, Administrator account
  7. Other security and utility software currently installed: VIPRE Antivirus v5.0.5134
  8. Other security software previously installed at any time since Windows was last installed: No other security software.
  9. Virtual machine used (Please do NOT use Virtual box): No VM used but Daemon Tools worked properly before Comodo Firewall was installed.

[attachment deleted by admin]

Hi PalZer0,

Have you tried the solution provided here:

I know it’s about the light version but it will probably work for the Pro version also.

I don’t get any shellcode injection prompts at all. Also, I’m not sure what that thread is asking.

Try the workaround as described in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if they help here.

I added DTPro.exe, DTAgent.exe, DTShellHlp.exe and DTHelper.exe to the Shellcode Injection exclusions and rebooted. Now everything is working properly.

Seems odd that I didn’t get a Shellcode Injection prompt though. Might be something to look into.

Thank you for your issue report. I am glad to tell you this issue is already known, well documented, and awaiting a fix. We are not looking for further reports at present. A temporary fix, if there is one, may be listed here. I am forwarding this post to a relevant help forum so you can receive further help if needed. Please also look in the FAQ in this help forum, as it may also be of assistance.