Defence+ is not functioning properly!

Hi,

The above message and a red alarm icon is in the botttom of CIS menu. Initially when opened from System Tray the General Status Icon in CIS said that Defence Plus is functioning properly, then changed. I have run the diagnostics unility but it did not find any errors? Please help. Regards, KH.

What version of CIS are you using? When using the latest did you clean install it or did you update from a previous version?

Hi there,

This is my first post as I cannot work out what is making Defence+ stop functioning properly. I have recently installed a large number of “critical updates” and “component updates” for windows using Autopatcher. One that slipped through was Windows Defender v1.1.1593.21 and I wandered if this could stop CIS from initializing properly?
On top of this Comodos says my Virus Database has not been updated and when I try to I get the message “Update failed. Error code 0x80004002. No such interface supported.”

I have tried everything I can think of from uninstalling Comodo and manually removing all trace of its services (including legacy) from the registry. I have uninstalled my network card drivers in case this was the unsupported interface. I have also run aswclear.exe, avgremover.exe, BitDefender_Uninstall_Tool.exe, CFP_3_File_Registry_Cleaner.zip and mbam-setup.exe.

Should I post the services I have running, programs I have installed and the hardware I use?

Hi Geezar,

Welcome to the forums,
This error suggest that the cmdagent.exe is not running, this is the engine for FW/D+/AV.
Do you still have CIS installed ?
If so please go to Misc and press the “Diagnostics” option and see what that comes up with.

Hello Ronny, thanks for the reply,

I have just run the diagnostic utility again and it found no problems with my installation.
One strange occurrence that I am not sure is linked is that while updating my windows installation, by process of elimination, I found out that some of the updates made my Internet connection stop working.
I can post which ones if you want (there are 4 of them).

Cheers.

You say installing those updates made your connection stop working ?

What are the symptoms then ?
Does the adapter still stay connected ? (Line signal)
Are you able to ping the default gateway ?
Are you able to resolve DNS names like ping www.comodo.com ?

I created restore points as I installed each critical security update after installing one of these, sorry not sure which, it broke my Internet connection:
KB956744
KB954600
KB951748
KB950762
So I uninstalled the one that broke the connection and the Internet now works.

The symptoms were as if I didn’t even have a network card installed although I’m pretty sure it could connect to the router. Was not able to resolve DNS names so I checked dns settings to see if Comodo secure DNS was still active and it wasn’t it had reverted back to original settings (I have Comodo secure DNS activated at the moment).

Just checked for cmdagent.exe in task manager and it is there, however strangely tasklist /svc in command prompt no longer works and states ERROR: Provider load failure

Can you check the eventlog to see if it recorded additional information about tasklist not being able to start.

If you say “So I uninstalled the one that broke…” then you know which of the four caused this ?

Hi again,

Went through the process again as I couldn’t remember which one of the four it was. The reason being is that I told Autopatcher to install 1 update (kb951748) and it actually installs 3 (not sure if that is normal).

After the update was installed I rebooted. The services.exe VM Size surpassed 2GB and hung while logonui loaded the shell (is that usual after updates. it seemed like it was stuck in a loop for 5 minutes).
Checked internet connection to confirm it didn’t work any more tried ping www.comodo.com that couldn’t connect but it is still able to access the router (so NIC not faulty?).

System restore stated that it had installed:
kb950762
kb951748
kb958752

Restored back to before installation (stated that restoring cannot be undone as system restore had either not been monitoring or turned off (is this something updates do?)) and here I am sending a reply.

System/Application Eventlog attached.

No information was recorded about tasklist /svc not being able to start.

Hope this helps.

[attachment deleted by admin]

http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

The second update is for DNS system can you try to check your DNS servers and/or see if you still can ping based on ip address ?

ping download.comodo.com
ping 91.199.212.171
nslookup download.comodo.com

While testing this, maybe it’s best to set D+ and FW to disabled (if your behind a router that is…) else leave FW on.

Hi again Ronny,
Have ran all the tests you asked for, heres the results.
ping download.comodo.com = could not find host
ping 91.199.212.171 = works. 0% loss 54ms average
nslookup download.comodo.com = cant find server name for address 156.154.70.22 or 156.154.71.22 (as you know comodo secure dns)
default servers are not available
server unknown 156.154.70.22
non-authorative answer
name download.comodo.blackink (what does .blackink mean?)
address 92.242.144.10

I have attached as much information as I could including:
filemon log file (this is the log file captured as soon as I could launch filemon during system startup, noticed the time markers are wrong as it actually took around 3 more minutes for hard drive activity to settle down. The writes to C: and F: are my swap files)
dos prompt screen grab (so you can see I did the test right)
opera screen grab (opera loaded the cached pages and displayed this as the logon page)
javaconsole text file (showing errors during while loading web pages (think opera might just be using cached information here so maybe this isn’t important)
torbrowser screen grab (highlighting that my tor browser using firefox works, which is interesting)
systemrestore screen grab (shows file renamed during system restore)

Maybe this is overkill but I really want to sort this issue out and get back to my much loved Comodo setup.

Cheers again,
speak soon.

PS thanks for your help so far.

[attachment deleted by admin]

Maybe it’s configured on your DNS Suffix Search List, can you type

ipconfig /all

And look for DNS Suffix Search List. . . . . . :
and see if it turns up there somewhere

For the rest does it look like i expected your DNS resolving broke down for some reason.
Pinging that address proves there is nothing wrong with your internet connection, it just lacks Name to IP resolving and if that’s not working it becomes very quite on the network :wink:

One thing I’d like to try is to use your “original” DNS Servers instead of the Secure servers of Comodo.

Are you willing to test this again ?

Hi Ronny,

Thanks ever so much for your advice, unfortunately I gave in and re-installed the operating system. Luckily 90% of my apps are portable so it doesn’t take long to get back up and running.

Cheers again.

No problem, i assume it’s running fine now :-TU