defence+ seems broken

An application I started brought up an alert from defence+ that it was going to access a certain folder and file in my system that I did not wish it to. I specifically selected the BLOCK This Request radio button. When I clicked OK the program deleted itself. I performed the Diagnostics and :

The diagnostics utility did not find any problems with your installation.

OK (no? Not OK??)

\Device\HarddiskVolume2\apps\Convert2Play.exe wanted to modify \Device\HarddiskVolume2\apps\Convert2Play.exe. I said no and Comodo Defence+ did not stop the action.

So I deleted all references to \Device\HarddiskVolume1\Program Files\FreeCommander\FreeCommander.exe in the Defence+ rules and did some testing. I answered BLOCK This Request to every defense+ alert and every action FreeCommander wanted to do it did regardless of the choice I made.

I set FreeCommander as an isolated program and it did just as it pleased with no interference from defense+.

I manually set its process access rights to block all and restarted FreeCommander and it was like it had no restrictions at all. This was same in safe mode and clean pc mode.

I archived the comodo instalation folder and I am going to reinstall I also backed up the registry [HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup] and [HKEY_CURRENT_USER\Software\ComodoGroup]
if any one cares.

You got the default action set to block (from now)…
However if you changed to this recently then you might have some “hidden” allow rules that got saved previously.

You see those “modify” buttons you got on that picture?

Try clicking ALL those… :slight_smile: :wink:
See if you you have any “allow rules” in there… If so remove them… =) and the application should be fully isolated. =O

CIS got those controls so you can literally control a application to the fullest… eg you can allow a program to open “bla.exe” and “hihi.exe” but not “badass.exe”… =) Hope my response made sense… =)

they all look like this and nothing in Block tab also.

the blocked app runs any executable it pleases but I’ll update after fresh reinstall if CIS and new testing.

Hmm weird…

Have you checked if D+ is set to disabled? =D if so no rules will apply.!

EDIT:: can’t help you I belive. :open_mouth:

Good luck thou =]

And now paranoid mode as well.

I have reinstalled CIS_Setup_3.8.65951.477_XP_Vista_x32.exe and nothing is different.

Operating System: Microsoft Windows XP Professional 5.01.2600 Service Pack 3

As this seems to be a real issue I am installing threatfire until my concerns are addressed. I am going to test the anti virus and fire wall now as well.

UPDATE: Comodo firewall did block threatfire from updating as it should. when I reset the rule it allowed the update properly.

AVTEST part 1:
downloading known badguy with AVG and COMODO-AV ready:

AVG snagged it. So, rinse, disable avg and repeat…
COMODO did not see it so…


lets see what says:

File has already been analysed: MD5: 308fd8f046a9efc24eebf971bff8c6c0 First received: 04.08.2009 11:00:07 (CET) Date: 04.10.2009 01:36:14 (CET) [<1D] Results: 20/40 Permalink: [url=]analisis/a3d12543a776074a08a274b1df8916eb[/url]
one more chance COMODO:

Sorry Monkey_Boy=) I forgot to thank you for your help. I must be posting this in the wrong forum.

I wonder if I should try to install an older version of CIS?

Complete reinstall of windows xp
installation of WindowsXP-KB835935-SP2-ENU
installation of XPSP3_RTM_UPD_UNF_EN

Installation of CIS_Setup_3.8.65951.477_XP_Vista_x32

start C:\Program Files\SysinternalsSuite\Procmon.exe Defence pluse says
\Device\HarddiskVolume2\Program Files\SysinternalsSuite\Procmon.exe
Access Memory
I say no!
Procmon.exe does as it danged well pleases???
I manually set all the advanced Computer security policy rules for Procmon.exe to block and start it right up and COMODO just lets it do what it wants. I dare any one else to try this with my setup and tell me I am wrong and why I am wrong.

UPDATE:EICAR Standard Anti-virus Test File was caught after it was loaded to my desktop and I left clicked it but I would have felt better if it had not gotten to my desktop at all.
Downloading /CIS_Setup_3.9.73015.489_XP_Vista_x32_BETA.exe I hope this works better than the release.



the beta works like a champ.
I may be stupid and useless but I got my COMODO working.
I may be a spamming aggravation but as far as I am concerned I did good.
this version clamps down hard on any app I tell it to and policy rules are saved and applied ASAP.

Good work!

Hello again. Glad to hear that! =)

Below is a good guide of how to set D+ to monitor all settings… =)

No need to talk down on your self… :o

I doubt you are either stupid… Or useless! :wink:

yea I just am tired and some what relieved that the beta actualy did make a differance and that I wasn’t just being singled out some how.

I am tired so thanks and good night.

Sativarg2, if you consider this topic resolved, please pm myself or any other Mod to have it marked and locked.
Thank you.

Please notice there is a newer beta release (491): .

K thanks.

Downloading … Checking updates…one reboot no…checking next update reboot…OK now up to date.

I Emailed John to say Its OK with me to lock this thread. I am reassured that the issue has been resolved with the Betas. If there was indeed and issue.