Defense+ blocks Internet Explorer (iexplore.exe)


I’m a new user and just installed CIS with only “Firewall” option since I’ve ESET-NOD32 installed on my Windows XP Service Pack-3 computer. All was well until I found I can no longer launch Internet Explorer (iexplore.exe) from the quick launch bar or anywhere else. It would open a brief window and then would automatically close. I found Defense+ logs (please see attached) where it is blocking IE for DNS/RPC Client Access for the target \RPC Control\DNSResolver. Defense+ general settings was set on “Safe Mode” and I tried to lower it to “Clean PC Mode” and then to “Training Mode” but nothing worked out until I set to to “Disabled” and only then IE would launch and I’m able to browse. The Firewall logs (please see attached) show that it had blockd Windows OS for various UDP/IGMP protocols. By the way, other miscellaneous applications e.g. NOD32 antivirus, Windows Security Essentials etc. could download their respective definitions file from the internet while IE was blocked (that is my observation) but I couldn’t launch IE to browse since it was shut down each time I tried to launch it. Please help with any suggestions or advice to configure CIS cause keeping Defense+ “Disabled” can’t be a turnaround for this problem. Any help would be highly appreciated. Thanks is advance!!! Adam L.

[attachment deleted by admin]

Be advices, please uninstall the NOD-32 first and reinstall CIS. Restart Computer and Update the Antivirus Database. Use Help handbook with CIS to find more information.

Hello josephrachino,
There’s no conflict between NOD32 and the Comodo Firewall. Its the Defense+ module that has started blocking Internet Explorer (iexplore.exe) suddenly. The installation of CIS with only “Firewall” option went quite well and I had configured the program and it was all running smoothly. I was able to browse with IE and there wasn’t any issues. But I forgot to mention earlier in my post that I had run a port scan from Firewall Test and to see how I had configured the CIS and to see if there’s any open ports. The scan results had shown no open ports but advised that these might not be reflecting my PC and rather the gateway server (ISP) I’m connected to. After these port scans I had logged off and when I logged back into XP I tried to launch IE from the quick launch but it opened briefly and then was shut down. This event repeated everytime I tried to open IE. And the logs in my earlier post would show that Defense+ is actually blocking IE from loading. There’s no issue of NDO32 and CIS for which the former needs to be uninstalled and CIS needs to be re-installed. Please provide insights if you have any solution for this issue. Since, I have actually set Defense+ settings to “Disable” meaning its modules are no longer protecting or participating in any security activity. Any help with knowledgebase advices would be greatly appreciated.
Thanks to all in advance-Adam

Please try deleting the IE rule you made. CIS will make a new rule for you. When you are using a custom policy allow IE to access RPC Control\DNSResolver.

Does this do the trick for you?

Hello EricJH,
Thank you for the response. I was reading the posts of other users with similar problem (here: and found your knowledgeable response in it, where you had asked the person to look into Defense+ “Computer Security Policy” to check how IE is treated by CIS. I did that and found that I had somehow put IE to be treated as an “Isolated Application” by mistake. I wanted to edit the policy but had to leave it as it was, to go out for grocery right away. My PC was running and I came back after 2 hours (after grocery shopping) to open up CIS to edit “Computer Security Policy” under Defense+. But to my utter surprise I found that the policy entry for IE showing that it was being treated as an “Isolated Application” among other entries isn’t there anymore. And I found the policy for IE at the bottom showing that it was being treated with a “Custom Policy”. I launched IE from quick launch on XP and it loaded my homepage Google and I was able to browse internet. I looked into the “Event Log” for Defense+ and found IE had somehow modified a registry key and Defense+ setting was raised to “Safe Mode” from “Disabled”–where I actually left it to be able to browse with IE before I found the wrong policy entry for IE set as “Isolated Application” after reading your reply in the post (link above). I know that I didn’t not change “Computer Security Policy” for IE as I had to leave for grocery and nobody else leaves at my place with me and I did not raise Defense+ setting to “Safe Mode” from “Disabled”. I have no understanding or clue how everything got resolved. Does Defense+ module automatically removes wrong entries for known Windows programs (in this case IE) and sets it into “Custom” policy and then raises its setting by itself from “Disabled” to “Safe Mode”? Or somebody nice & kind from the CIS forum logged (or hacked) into my running machine remotely to bring about these changes? I have attached two images for you to look at and the first one being “Computer Security Policy” where IE is automatically set into “Custom Policy” and the second image is a screenshot of “Defense+ Events” logged until now. In the Defense+ Events Log you’d find the events logged for IE being blocked for accessing RPC control for DNS resolution and then the log for my manual “Disabling” of Defense+ in order to browse. Finally, there are three entries at about the same time (3:52PM on 10th September) near the top showing Defense+ was being set to “Safe Mode”. I’m completely at a loss…about how this happened. Automatic resolution by the module itself could be an explanation or someone logged remotely in my absence to bring about these changes? Could you kindly explain what happened?
I’d really appreciate if you please enlighten me about this issue. Thanks to you in advance!
Best regards,
PS:Forgive my pun of saying “Someone hacked into my system or logged into it remotely to bring about the changes”. I just can’t think of anything else other that the above two probabilities (automatic fixing by module or remote loggin)

[attachment deleted by admin]

I am out of breath reading your post… :wink: Next time please make paragraphs to make reading an easier job.

Here is the deal with D+. For programs that are white listed it will use the custom policy rule and the program rule will be put under All programs. The only way to have full control like you want is to notch D+ settings up (Defense + → Advanced) to Paranoid.

So, there is no hacking going on. Just D+ going its sometimes incomprehensible ways…:wink:

Hi EricJH,

Thanks once again for your response!

What I understand from your comments is, D+ would set “Custom Policy” by default to all white listed applications/programs irrespective of any wrong policy (e.g. “Isolated Application”) applied earlier by user.

And if this is true, what happened is D+ had removed “Isolated Application” policy that I had mistakenly applied and reverted to defaults (i.e. “Custom Policy”).

My old system (CIS installed) has a 1.20GHz Pentium processor with 1GB RAM and has become considerably slower after CIS installation. Internet browsing is the worst hit and has become noticeably slower too. I guess, newer and powerful systems run smoother with CIS installed.

Is there any custom setting for CIS which would improve system performance but would not compromise security altogether? Do you think setting both D+ and Firewall to “Training Mode” would help improve system performance or reduce the lag? Or these settings wouldn’t have any effect at all?

Any suggestions or advice would be greatly appreciated.


I suggest you, use only CIS firewall+NOD32 for your system performance.
(you need to turn off windows firewall)
There is no other way with your current computer.

For your guidance,
NOD32 v2.7 ~ v.3 is better than v.4 for your system performance.

Usually CIS is pretty lightweight, so compromised browsing sounds out of character. One of the reasons for me to use it on my older hardware. Check my signature. I have not tried CIS on a system comparable to u yours; yet I have CIS running on XP SP3, Vista and Win 7 without deteriorated browsing.

First let Diagnostics run and see what it reports and if there is something to fix. Diagnostics can be found under Miscellaneous.

What version of CIS are you using?
What other security programs do you have running in the background other than NOD 32? Try disabling them and see if that helps.

Hi Creasy,
Thanks for your suggestion. I’ve turned windows firewall off. Lets see if this helps increase system performance including internet browsing experience.

[i]Hello EricJH,
I’ve run Diagnostics and it found no problem with CIS installation.

I’m using 3.11.108364.552 version of CIS.

Other than NOD32, I have Microsoft Security Essentials running in the background and I’ve MBAM 1.41 intalled but I believe MBAM free version doesn’t run in the background (process report doesn’t show any MBAM modules).

Do you suggest disabling Microsoft Security Essentinals?
Thanks in advance.[/i]

It’s never a good idea to have more than one application actively scanning your system.

Are you implying to disable MSE only? Or both MSE & NOD32? Cause the AV NOD32 is also actively scanning the system. And I installed CIS with only “Firewall” enabled.
Could you be more specific please?
Thank you.

Decide which one you like best, then disable the active features of the other one.