Defense+ and csrss.exe

Rebooted my winxp sp3 computer after having put csrss.exe in my blocked files list, and now it goes BSoD when loading user profiles. Would comodo possibly be at fault?
If so, how can I fix this without logging into my computer short of a complete reinstall?

Boot into Safe Mode F8 and take csrss.exe out of your blocked files.

csrss.exe is a system file you should not block it.

[attachment deleted by admin]

Safe mode doesn’t boot either.

Rather, it booted once. It also had a different menu the first time. Now, when I try, I get a different menu for boot options, and it definitely doesn’t work no matter how I try to boot it.

Should probably add that the bsod comes and goes so fast, it’s hard to tell what the message says. I think it says something about the file manager, however, which leads me to think that this is the problem.

And yes, I realize that blocking csrss.exe was a stupid idea… but hindsight doesn’t exactly help me at this point.

Could you please post what boot options are in the menu.

I have asked to see if someone can help with this.


Doing this from memory…

Safe Mode
Safe Mode with Networking
Safe Mode with command prompt

Load last known working configuration
Load windows normally
load windows with debugging


May be missing one or two, but that’s what I can remember.
I also recall the first time that safemode worked, it did not ask me what OS i’d like to load. It just loaded in safe mode. Now I have to select which OS each time. I wish I’d thought of this when it did boot up.

I’ll have to check back on this later today or tomorrow. Thank you for your help so far.

Do you have the Windows CD/DVD at hand?

You could boot from CD/DVD and chose Repair option, using that way you should be able to set the Comodo Service (cmdagent) to manual/disabled at system startup.

More about this here:

and here:

You can use this command to list the services:

And this command to disable the service:


I’ll see if this works when I get home.

Or try System Restore with this Spartan but efficient off line method: .

I don’t think System Restore will fix this issue…
It’s CIS that’s blocking here, so only way to fix this is to

  1. Prevent CIS from starting at boot
  2. Edit the (remote) registry for the system by using a boot disk

Since CIS rules are stored in the registry off line System Restore seems a viable option.

I wonder if changes to CIS registry keys are part of “System Restore”…

As far as I know System Restore restores a complete previous registry.

According to this article here
System Restore takes “snapshots” of critical system files and some program files and registry settings and stores this information as restore points.

However the same M$ writes here
You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly

Here is a handle-with-care
In some cases, System Restore might not be the best choice for correcting a problem you’re experiencing. System Restore changes many different files and registry entries, and in some cases might replace too much and actually cause more problems than it solves.

So 88) ??? :o I say it’s time to put this on a VM and see how things turn up…

Done some testing;
After blocking it crashed with a BSOD like this one

Using F8 at boot I chose “Last known good…”

But that did not fix the issue, after that I tried to boot in “Safe Mode” that works.

You should be able to start in “Safe Mode” because no CIS drivers are loaded in “Safe Mode” so CIS can’t cause issues there.

(Just for test results, System Restore does remove the entry from the CIS registry configuration so it does monitor CIS keys also).

So if you can’t boot in to “Safe Mode” please use the option to “Disable automatic reboot after crash” on the F8 boot screen as shown above and try to capture the BSOD it gives… maybe that can give a better clue about what’s going on…

[attachment deleted by admin]