What actually happened or you actually saw: As soon as I log in, Defense+ pops up saying that it detected a shellcode injection attempt at DTLite.exe, and after I select “skip”, DT Lite reports that “This program requires Windows 2000 with SPTD 1.60 or higher. Kernel debugger must be deactivated.” and terminates itself.
What you expected to happen or see: Run DT as usual.
How you tried to fix it & what happened: Only thing I can think of is deactivating D+, but I’ve not tried it.
Details (exact version) of any software involved with download link: DT Lite 4.35.6.91, http://www.daemon-tools.cc
Any other information you think may help us:
Files appended
Screenshots illustrating the bug: DT Lite error message and CFP shellcode warning screenshots attached.
Screenshots of related event logs or the active processes list: attached the related log exported as HTML. Rar is not password-protected.
A CIS config report or file. n/a
Crash or freeze dump file: n/a
Your set-up
CIS version & configuration used: CFP 5.0.162636.1135, firewall only with optimum proactive protection
Whether you imported a configuration, if so from what version: the latest v4 version, can’t remember the full number though
Defense+ and Sandbox OR Firewall security level: respectively: Paranoid mode, enabled, Custom Policy mode
OS version, service pack, no of bits, UAC setting, & account type: Win 7 Home Basic x64 fully updated, UAC enabled, Admin account
Other security and utility software running: Avast 5 free, Sandboxie free, MBAM 1.46 registered
Sounds like it might be related to alcohol’s issue. Both use the SPTD driver. try deactivate defense+ permanently(not to be confused with setting defense+ to disabled) and restart.
Dunno if it’s related to SPTD -Alcohol seems to work perfectly fine-.
About the buffer overflow protection setting, excluding DT (without rebooting) prevents the CIS warning, but it still crashes.
I’ll edit this post as I do more testing about deactivating D+ and so on.
EDIT #1: Adding DT to the exclusion list of the buffer overflow protection prevents CIS from warning me, but leads to DT process being terminated without any warning. I’ll try the D+ deactivation as soon as my backup is finished.
Edit #2: Yep, as stated in the DT forums as well as here, deactivating D+ and rebooting allows DT to work perfectly fine. Guess it’s a small D+ kernel bug or something.
Edit #3: Did a 3rd reboot. Deactivate D+ and DT works fine. Reactivate D+ and DT works fine again provided you previously excluded it from the buffer overflow protection. Remove DT from the exclusions list and we’re ■■■■■■■ up again
OK this is very confusing. Several users have reported that DT does work with CIS 5 if excluded from BO, and computer is rebooted before running. (Obviously DT should also be trusted if it is not already - probably best to try making all the executables in the directory installer/updaters in the computer security policy).
Ca you confirm that it does not run on your system even if you exclude from BO, add all the DT directory executables as installer/updaters then reboot the computer before re-trying?
I have to agree with you about the confusion my results can generate.
However, it seems that the issue can only be reproduced in the first-second reboot after you’ve installed CIS.
I’ve also tried what you suggested in the post above, and as I expected, I was not able to reproduce the issue again.
I think if this works after a reboot, it probably does not count as an issue. Shall I transfer to help to see if others have similar experiences? You post may help them?
No problem, feel free to summarise all this thread in a single post.
Do notice that this problem will arise only if you haven’t rebooted twice before using DT.
I think what probably happened here was that it worked on the first reboot after the buffer overflow exclusion? If so that’s what should happen, so its probably, on reflection, best to mark this as resolved.
Will move it there for the mo, but if you think I am wrong please do post again.
i followed this thread closly and tried all posted solutions, but none worked for me.
Daemon Tools still won’t work for me.
D+ is deactivated(annoyingly it was activated after update) and still the above error appears.
What else am i supposed to solve this issue?
THX
Best regards
Xypher
EDIT:
Worked now. Deleted exlusion Entry and reinserted the Folder of DT to the exclusion of BO. I restarted with D+ active and deactiavted it. Now it works.
I have the same problem. Daemon tools lite and pro doesn’t work and when i start program i have error
This program requires at least Windows 2000 with SPTD 1.60 or higher. Kernel debugger must be deactivated
Fine solution for me (may be some different names cuz i use russian version and just try to translate names on your barbarian language):
comodo->protection->proactive defence settings->execution control settings
at the bottom of page
blah-blah shell code - push exeption button
add DTlite.exe (e.g. “c:\program files (x86)\daemon tools lite\DTlite.exe”)
and add “%systemroot%\System32\drivers\sptd.sys” - this is problem driver, that needs to make DT work.
What you did: Installed latest Comodo Firewall with Defense+ active while Daemon Tools Pro Advanced was installed.
What actually happened or you actually saw: After a reboot, Daemon Tools failed to detect that SPTD was installed when I went to add a SCSI or IDE virtual drive. SPTD is required for the SCSI and IDE virtual drives to function. The program even deleted the SCSI and IDE virtual drives I had set up already and set up a basic DT virtual drive on its own…
What you expected to happen or see: My previous virtual drives to stay active and Daemon Tools detecting that SPTD was installed when I went to add a new drive.
How you tried to fix it & what happened: Disabling Defense+ permanantly through Comodo Firewall fixes the issue but lowers overall system security.
Whether you can make the problem happen again, and if so precise steps to make it happen: Install Comodo Firewall or Comodo Internet Security with Defense+ enabled and then install Daemon Tools Pro Advanced. The reverse order can also reproduce the issue.
Any other information (eg your guess regarding the cause, with reasons): No additional info
B. FILES APPENDED. (Please zip unless screenshots).:
Screenshots of the Defense plus Active Processes List (Required for all issues): Attached in 4 parts because the process list was so long
Screenshots illustrating the bug: Attached. Note the SPTD setup dialog box saying that the version of SPTD required for the SCSI and IDE virtual drives (1.78 in this case) is already installed. You can also see that I’ve pressed the “Add SCSI Virtual Drive” button in the Daemon Tools toolbar only for the “SPTD will be installed” dialog box to appear.
Screenshots of related CIS event logs: No relevant event logs found.
A CIS config report or file: Zipped and attached config file.
Crash or freeze dump file: No crashes or freezes
Screenshot of More~About page. Can be used instead of typed product and AV database version: Attached.
C. YOUR SETUP:
CIS version, AV database version & configuration: Firewall only - version 5.9.219863.2196
a) Have you updated (without uninstall) from a previous version of CIS: No. This is a fresh installation.
a) Have you imported a config from a previous version of CIS: No previous configuration imported.
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Not using Comodo Secure DNS servers
Defense+, Sandbox, Firewall & AV security levels: Safe mode, Disabled, Safe mode (no AV)
OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Ultimate SP1 x64, Default - Notify me only when programs try to make changes to my computer, Administrator account
Other security and utility software currently installed: VIPRE Antivirus v5.0.5134
Other security software previously installed at any time since Windows was last installed: No other security software.
Virtual machine used (Please do NOT use Virtual box): No VM used but Daemon Tools worked properly before Comodo Firewall was installed.
I added DTPro.exe, DTAgent.exe, DTShellHlp.exe and DTHelper.exe to the Shellcode Injection exclusions and rebooted. Now everything is working properly.
Seems odd that I didn’t get a Shellcode Injection prompt though. Might be something to look into.
Thank you for your issue report. I am glad to tell you this issue is already known, well documented, and awaiting a fix. We are not looking for further reports at present. A temporary fix, if there is one, may be listed here. I am forwarding this post to a relevant help forum so you can receive further help if needed. Please also look in the FAQ in this help forum, as it may also be of assistance.
