Defense+ is having problems with an .exe on my system named HydraDM.exe. It is a safe and valid .exe that is a part of my ATI video card driver and application suite.
When the defense+ dialog comes up asking me whether to white or blacklist the .exe the Firewall causes my system to lock up. The Defense+ dialog says not responding. I cannot exit out of it. I cannot get to killswitch or task mgr to kill the app. The only thing i am able to do at that point is Ctrl-Alt-Del and do a force restart.
There’s little chance of that particular file being malicious, as it is a part of ATI’s hydravision desktop management suite. But here is the report conclusion which came back normal. I’m guessing that means it’s benign.
Probability of Static Verdict Static Verdict Combination Create Time
99.5% Normal 2012-02-10 00:19:51
Operating System
MS Windows 7 Ultimate 64-bit SP1
CPU
Intel Core 2 Duo E6750 @ 2.66GHz 54 °C
Conroe 65nm Technology
RAM
6.00 GB Dual-Channel DDR2 @ 385MHz (5-5-5-15)
Motherboard
ASUSTeK Computer INC. P5E-VM HDMI (LGA775) 45 °C
Graphics
AMD Radeon HD 6700 Series
In the device manager it says:
Driver Date: 7/7/2011
Version: 8.872.0.0
I did the install for the video card from the disk that came with the video card. It is a PowerColor Radeon HD 6750. http://goo.gl/bI58e This is the link to the product page, but they do not have specific downloads for that particular card. Just for the series.
Does the software have a ‘check for update’ button somewhere?
Most of the time the drivers on the boxed disk are ‘older’ then the latest one’s available on the net, maybe that’s a workaround for the issue…
Also please check if the software is marked as ‘Trusted’
Open Defense+, View Active Process List, and then check the processes related to the video driver and the ‘verdict’.
If they are not trusted right click on them and select ‘Add to trusted files’ if all are done please reboot and see what that brings.
I was able to reboot and switch off Defense+ before that particular .exe came up.
I went to the active process list and white-listed all the related processes. It has not come up since then.
I don’t mind going in and doing some manual white-listing, but Comodo completely locked my system to the point where all i could do is reboot.
Is there a shortcut to disabling something like Defense+, or at least to close the notification window? Although i was very limited to what i could do at that point. Like i said before the only screen that worked was the menu screen resulting from a Ctrl-Alt-Del. Even Windows Task Manager was frozen, so i doubt i could have gotten to a run box or command line.
Thank you guys for your time and consideration. We can consider this closed unless you would like to investigate further the lock up.
As an aside, i’ve recently come back to Comodo because of products like their DNS, CIS and CCE. Killswitch is great! In particular CIS is not near as annoying with pop-ups like it used to be. I wanted to recommend it to friends and family, but it was just so high maintenance for casual users. This no longer seems to be the case and i’ve been recommending it wholesale again.
glad the workaround helped, but indeed this should not lock the system up.
It seems the software wasn’t able to do it’s job because CIS limited it’s behavior.
Another way of working around this problem would be to boot Windows in Safe Mode in case you wouldn’t have the time to disable D+. temporarily. Or temporarily disable D+, reboot, white list and switch D+ back on.
On a side note on ATI/AMD drivers. There is a monthly release of the Catalyst driver suite. You can find them here: http://support.amd.com/us/gpudownload/Pages/index.aspx . The latest version is 12.1 (12 is short for 2012 and 1 for January, etc).
I was hoping for some assistance. This is also happening on my computer. I followed the instructions by adding HydraDM.exe and HydraDM64.exe to my safe applications list, though the problem is still persisting.
The current Comodo Defense+ Alert: “HydraDM is trying to execute HydraDM64.exe”.
Security Considerations:
HydraDM.exe is a safe application. However the executable HydraDM64.exe could not be recognised. Please submit to COMODO for analysis.
I was eventually able to submit the file to COMODO for analysis - as the previous poster refers to, this problem all but locks up the computer on initial start-up. The error is still continuing and the only way I have been able to have “normal” start-up is to disable Defence+.
I’d appreciate some advice on how to fix this, as disabling Defence+ is far from ideal.
Like EricJH posted above, reboot your PC in safe-mode.
Now start CIS and add the ‘HydraDM64.exe’ to the Defense+ Trusted Files list.
Reboot in normal mode and the issue should be solved.
Disabling D+ shouldn’t be necessary as D+ isn’t active in Safe-Mode.
I assume when I add a file to the Trusted Files, that it should appear in the Trusted Files list?
I am going into Defense +
clicking on: Trusted Files
clicking on: Add
then: Browse Files
I am selecting both:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(I’ve tried using the arrow pointing right and drag and drop to select them)
I click “apply”
… and they do not show in the Trusted Files list.
I’ve been trying that over the last few days and it’s the same outcome each time.
I’ve had Comodo on this computer for 12 months and had no issues - I’m a big fan We installed the ATI device last month. There were no issues with it until I installed etax software (from Australian Government) on my computer last weekend and it spazzed out at the firewall. It took a couple of days to get that program working, and ever since then, I’ve had this problem with booting. Though that may all be a grand coincidence.
I rang the Australian Tax Office IT area twice, though they couldn’t help as the error code was for third party software. The error code I was getting through etax was due to my firewall blocking access. The initial Comodo message was: etax2012.exe is trying to install global hook dwmapi.dll
Sorry, I know this is pretty bad but I can’t remember what I did to eventually get it working as I tried quite a few things (and have tried lots of things since due to the HydraDM issue).
I’m finishing my tax return through etax on Thursday/Friday this week and then I’ll delete the program and let you know. Until then, the computer works some of the time normally and other times (like now), i boot in safe mode with networking.
Again, I’m not sure if this is a coincidence, though reckon it’s worth mentioning: It shows in CIS that D+ is not functioning properly. When I run diagnostics, it finds errors and offers to fix. I click “yes”, then it says: The dignostics utility could not fix some of the problems" and offers to create a report.
Please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. And left over applications, drivers or services can cause all sort of “interesting effects”.
Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: ESET Knowledgebase .
I’m now booting in normal mode (not safe mode) and D+ is not showing any errors. I’ve attached the diagnostics report from yesterday. (Apologies for format - had to copy to word doc as it wouldn’t let me post xml doc)
I have been concurrently using CIS and MSE for 12months without any problems. Prior to that, I was using Nortons IS. I’ve just downloaded and will run the Norton’s removal tool now. I suspect it has something to do with installing new video card last month and/or etax program.
Could you post the XML file packed in a zip archive? It is not easy to read as .doc also renaming to xml is not helpful so I’d rather read it as xml file.
The log did mention it saw a trace of Norton (which is incompatible). Let us know if the Norton Removal Tool helped or not.
We installed the ATI device last month. There were no issues with it until I installed etax software (from Australian Government) on my computer last weekend and it spazzed out at the firewall. It took a couple of days to get that program working, and ever since then, I’ve had this problem with booting. Though that may all be a grand coincidence.