Defense+ issue with BeTwin and maybe terminal services

Running Windows XP Home, SP3 COMODO Internet Security V. 3.13.126709.581

I installed BeTwin to my desktop in order to have two users with separate monitors/mice/keyboards
work in separate Windows environments. The software works pretty good but is a little sticky when
it comes to AV and firewalls. I tested Comodo’s AV and Firewall and seem to be running well.
However, Defense+ shows an error in the Summary page, System Status, with a white ‘X’ on a red circular
background stating: The Defense+ is not functioning properly! Please run the diagnostics utility
to fix the problem. BeTwin support informed me that their software will work well with any
AV/Firewall that supports terminal services. Could this be the culprit?
Also, the issue with Defense+ only shows up on the last (2nd) user to log in.
If I exit Comodo on both Host and Station while logged in and start Comodo again on both,
the last user to start Comodo will get this error.
And I almost forgot to say, the diagnostics utility did not fix the problem.
Any suggestions?
Thanks for listening.

I am not familiar with these typr of set ups. In LUA situations you need to make sure Comodo Internet Security Helper Service is running with admin rights. I also have the following clue in my notes that might be of help.

Try updating the Comodo Internet Security Helper Service (control panel, admin tools, services, right click on “Comodo Internet Security Helper Service”, properties). The logon Tab for the Service should currently show Local System Account and Allow service to interact with Desktop. Set This Account with your Logon ID and Password (+Confirm) and then reboot.

Eric,
Tried your suggestion but it did not worked. I can only set one account even while
logged in on different accounts at the same time. While checking the tabs for information
I had a “WMI : Critical Error” I researched this and ran a WMI diagnostic tool from Microsoft
and was able to get rid of the error, but other issues are showing up. I was wondering if
these issues could be affecting Comodo. BTW they show up whether BeTwin is active
or not, and whether Comodo is active or not as well. The diagnostic also has some errors
as not showing my SP3 installed and Windows Firewall is installed (but not in use while
Comodo is operating.)

Thanks for listening

This is how the diagnostic looks like:

[font=Verdana][font=Verdana][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt][size=10pt]14210 04:27:07 (0) ** WMIDiag v2.0 started on Saturday, January 16, 2010 at 04:24.
14211 04:27:07 (0) **
14212 04:27:07 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
14213 04:27:07 (0) **
14214 04:27:07 (0) ** This script is not supported under any Microsoft standard support program or service.
14215 04:27:07 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
14216 04:27:07 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
14217 04:27:07 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
14218 04:27:07 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
14219 04:27:07 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
14220 04:27:07 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
14221 04:27:07 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
14222 04:27:07 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
14223 04:27:07 (0) ** of the possibility of such damages.
14224 04:27:07 (0) **
14225 04:27:07 (0) **
14226 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14227 04:27:07 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
14228 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14229 04:27:07 (0) **
14230 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14231 04:27:07 (0) ** Windows XP - No service pack - 32-bit (2600) - User ‘J\OWNER’ on computer ‘J’.
14232 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14233 04:27:07 (0) ** INFO: Environment: … 1 ITEM(S)!
14234 04:27:07 (0) ** INFO: => 1 incorrect shutdown(s) detected on:
14235 04:27:07 (0) ** - Shutdown on 09 January 2010 13:28:01 (GMT+5).
14236 04:27:07 (0) **
14237 04:27:07 (0) ** INFO: The following UNEXPECTED binary files are/is found in the WBEM folder: … 33 FILE(S)!
14238 04:27:07 (0) ** - WBEMPROX(10).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14239 04:27:07 (0) ** - WBEMPROX(11).DLL, 18944 bytes, 4/13/2008 7:12:08 PM
14240 04:27:07 (0) ** - WBEMPROX(2).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14241 04:27:07 (0) ** - WBEMPROX(3).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14242 04:27:07 (0) ** - WBEMPROX(4).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14243 04:27:07 (0) ** - WBEMPROX(5).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14244 04:27:07 (0) ** - WBEMPROX(6).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14245 04:27:07 (0) ** - WBEMPROX(7).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14246 04:27:07 (0) ** - WBEMPROX(8).DLL, 18944 bytes, 8/4/2004 2:00:00 PM
14247 04:27:07 (0) ** - WBEMPROX(9).DLL, 18944 bytes, 4/13/2008 7:12:08 PM
14248 04:27:07 (0) ** - WMIAPRES(2).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14249 04:27:07 (0) ** - WMIAPRES(3).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14250 04:27:07 (0) ** - WMIAPRES(4).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14251 04:27:07 (0) ** - WMIAPRES(5).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14252 04:27:07 (0) ** - WMIAPRES(6).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14253 04:27:07 (0) ** - WMIAPRES(7).DLL, 6656 bytes, 4/13/2008 12:10:20 PM
14254 04:27:07 (0) ** - WMIAPRES(8).DLL, 6656 bytes, 8/4/2004 2:00:00 PM
14255 04:27:07 (0) ** - WMIAPRPL(10).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14256 04:27:07 (0) ** - WMIAPRPL(2).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14257 04:27:07 (0) ** - WMIAPRPL(3).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14258 04:27:07 (0) ** - WMIAPRPL(4).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14259 04:27:07 (0) ** - WMIAPRPL(5).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14260 04:27:07 (0) ** - WMIAPRPL(6).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14261 04:27:07 (0) ** - WMIAPRPL(7).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14262 04:27:07 (0) ** - WMIAPRPL(8).DLL, 89088 bytes, 8/4/2004 2:00:00 PM
14263 04:27:07 (0) ** - WMIAPRPL(9).DLL, 88576 bytes, 4/13/2008 7:12:09 PM
14264 04:27:07 (0) ** - WMIAPSRV(2).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14265 04:27:07 (0) ** - WMIAPSRV(3).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14266 04:27:07 (0) ** - WMIAPSRV(4).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14267 04:27:07 (0) ** - WMIAPSRV(5).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14268 04:27:07 (0) ** - WMIAPSRV(6).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14269 04:27:07 (0) ** - WMIAPSRV(7).EXE, 126464 bytes, 4/13/2008 7:12:40 PM
14270 04:27:07 (0) ** - WMIAPSRV(8).EXE, 126464 bytes, 8/4/2004 2:00:00 PM
14271 04:27:07 (0) ** => This list is provided for information. Unexpected binary file(s) in 'C:\WINDOWS\SYSTEM32\WBEM'
14272 04:27:07 (0) ** do not necessarily represent an error. For instance, the file(s) listed can be added by
14273 04:27:07 (0) ** any applications implementing WMI providers.
14274 04:27:07 (0) ** => NO ACTION is required.
14275 04:27:07 (0) **
14276 04:27:07 (0) ** There are no missing WMI system files: … OK.
14277 04:27:07 (0) ** There are no missing WMI repository files: … OK.
14278 04:27:07 (0) ** WMI repository state: … N/A.
14279 04:27:07 (0) ** BEFORE running WMIDiag:
14280 04:27:07 (0) ** The WMI repository has a size of: … 6 MB.
14281 04:27:07 (0) ** - Disk free space on ‘C:’: … 52438 MB.
14282 04:27:07 (0) ** - INDEX.BTR, 966656 bytes, 1/16/2010 4:23:03 AM
14283 04:27:07 (0) ** - INDEX.MAP, 496 bytes, 1/16/2010 4:23:03 AM
14284 04:27:07 (0) ** - OBJECTS.DATA, 5275648 bytes, 1/16/2010 4:23:03 AM
14285 04:27:07 (0) ** - OBJECTS.MAP, 2600 bytes, 1/16/2010 4:23:03 AM
14286 04:27:07 (0) ** AFTER running WMIDiag:
14287 04:27:07 (0) ** The WMI repository has a size of: … 6 MB.
14288 04:27:07 (0) ** - Disk free space on ‘C:’: … 52437 MB.
14289 04:27:07 (0) ** - INDEX.BTR, 966656 bytes, 1/16/2010 4:23:03 AM
14290 04:27:07 (0) ** - INDEX.MAP, 496 bytes, 1/16/2010 4:23:03 AM
14291 04:27:07 (0) ** - OBJECTS.DATA, 5275648 bytes, 1/16/2010 4:23:03 AM
14292 04:27:07 (0) ** - OBJECTS.MAP, 2600 bytes, 1/16/2010 4:23:03 AM
14293 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14294 04:27:07 (0) ** Windows Firewall: … NOT INSTALLED.
14295 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14296 04:27:07 (0) ** DCOM Status: … OK.
14297 04:27:07 (0) ** WMI registry setup: … OK.
14298 04:27:07 (0) ** WMI Service has no dependents: … OK.
14299 04:27:07 (0) ** RPCSS service: … OK (Already started).
14300 04:27:07 (0) ** WINMGMT service: … OK (Already started).
14301 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14302 04:27:07 (0) ** WMI service DCOM setup: … OK.
14303 04:27:07 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: … 6 WARNING(S)!
14304 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
14305 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
14306 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
14307 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
14308 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
14309 04:27:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
14310 04:27:07 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
14311 04:27:07 (0) ** fail depending on the operation requested.
14312 04:27:07 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the ‘REGSVR32.EXE <Filename.DLL>’ command.
14313 04:27:07 (0) **
14314 04:27:07 (0) ** WMI ProgID registrations: … OK.
14315 04:27:07 (0) ** WMI provider DCOM registrations: … OK.
14316 04:27:07 (0) ** WMI provider CIM registrations: … OK.
14317 04:27:07 (0) ** WMI provider CLSIDs: … OK.
14318 04:27:07 (0) ** WMI providers EXE/DLL availability: … OK.
14319 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14320 04:27:07 (0) ** DCOM security for ‘Microsoft WBEM UnSecured Apartment’ (Launch & Activation Permissions): … MODIFIED.
14321 04:27:07 (1) !! ERROR: Default trustee ‘BUILTIN\ADMINISTRATORS’ has been REMOVED!
14322 04:27:07 (0) ** - REMOVED ACE:
14323 04:27:07 (0) ** ACEType: &h0
14324 04:27:07 (0) ** ACCESS_ALLOWED_ACE_TYPE
14325 04:27:07 (0) ** ACEFlags: &h0
14326 04:27:07 (0) ** ACEMask: &h1
14327 04:27:07 (0) ** DCOM_RIGHT_EXECUTE
14328 04:27:07 (0) **
14329 04:27:07 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
14330 04:27:07 (0) ** Removing default security will cause some operations to fail!
14331 04:27:07 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
14332 04:27:07 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’.
14333 04:27:07 (0) **
14334 04:27:07 (0) ** DCOM security for ‘Microsoft WBEM UnSecured Apartment’ (Launch & Activation Permissions): … MODIFIED.
14335 04:27:07 (1) !! ERROR: Default trustee ‘NT AUTHORITY\INTERACTIVE’ has been REMOVED!
14336 04:27:07 (0) ** - REMOVED ACE:
14337 04:27:07 (0) ** ACEType: &h0
14338 04:27:07 (0) ** ACCESS_ALLOWED_ACE_TYPE
14339 04:27:07 (0) ** ACEFlags: &h0
14340 04:27:07 (0) ** ACEMask: &h1
14341 04:27:07 (0) ** DCOM_RIGHT_EXECUTE
14342 04:27:07 (0) **
14343 04:27:07 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
14344 04:27:07 (0) ** Removing default security will cause some operations to fail!
14345 04:27:07 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
14346 04:27:07 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’.
14347 04:27:07 (0) **
14348 04:27:07 (0) ** DCOM security for ‘Microsoft WBEM UnSecured Apartment’ (Launch & Activation Permissions): … MODIFIED.
14349 04:27:07 (1) !! ERROR: Default trustee ‘NT AUTHORITY\SYSTEM’ has been REMOVED!
14350 04:27:07 (0) ** - REMOVED ACE:
14351 04:27:07 (0) ** ACEType: &h0
14352 04:27:07 (0) ** ACCESS_ALLOWED_ACE_TYPE
14353 04:27:07 (0) ** ACEFlags: &h0
14354 04:27:07 (0) ** ACEMask: &h1
14355 04:27:07 (0) ** DCOM_RIGHT_EXECUTE
14356 04:27:07 (0) **
14357 04:27:07 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
14358 04:27:07 (0) ** Removing default security will cause some operations to fail!
14359 04:27:07 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
14360 04:27:07 (0) ** For DCOM objects, this can be done with ‘DCOMCNFG.EXE’.
14361 04:27:07 (0) **
14362 04:27:07 (0) **
14363 04:27:07 (0) ** DCOM security warning(s) detected: … 0.
14364 04:27:07 (0) ** DCOM security error(s) detected: … 3.
14365 04:27:07 (0) ** WMI security warning(s) detected: … 0.
14366 04:27:07 (0) ** WMI security error(s) detected: … 0.
14367 04:27:07 (0) **
14368 04:27:07 (1) !! ERROR: Overall DCOM security status: … ERROR!
14369 04:27:07 (0) ** Overall WMI security status: … OK.
14370 04:27:07 (0) ** - Started at ‘Root’ --------------------------------------------------------------------------------------------------------------
14371 04:27:07 (0) ** INFO: WMI permanent SUBSCRIPTION(S): … 2.
14372 04:27:07 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name=“Microsoft WMI Updating Consumer Scenario Control”.
14373 04:27:07 (0) ** ‘SELECT * FROM InstanceOperationEvent WHERE TargetInstance ISA ‘MSFT_UCScenario’’
14374 04:27:07 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name=“SCM Event Log Consumer”.
14375 04:27:07 (0) ** ‘select * from MSFT_SCMEventLogEvent’
14376 04:27:07 (0) **
14377 04:27:07 (0) ** WMI TIMER instruction(s): … NONE.
14378 04:27:07 (0) ** WMI ADAP status: … OK.
14379 04:27:07 (0) ** WMI MONIKER CONNECTIONS: … OK.
14380 04:27:07 (0) ** WMI CONNECTIONS: … OK.
14381 04:27:07 (0) ** WMI GET operations: … OK.
14382 04:27:07 (0) ** WMI MOF representations: … OK.
14383 04:27:07 (0) ** WMI QUALIFIER access operations: … OK.
14384 04:27:07 (0) ** WMI ENUMERATION operations: … OK.
14385 04:27:07 (0) ** WMI EXECQUERY operations: … OK.
14386 04:27:07 (0) ** WMI GET VALUE operations: … OK.
14387 04:27:07 (0) ** WMI WRITE operations: … NOT TESTED.
14388 04:27:07 (0) ** WMI PUT operations: … NOT TESTED.
14389 04:27:07 (0) ** WMI DELETE operations: … NOT TESTED.
14390 04:27:07 (0) ** WMI static instances retrieved: … 569.
14391 04:27:07 (0) ** WMI dynamic instances retrieved: … 0.
14392 04:27:07 (0) ** WMI instance request cancellations (to limit performance impact): … 0.
14393 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14394 04:27:07 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
14395 04:27:07 (0) ** DCOM: … 19.
14396 04:27:07 (0) ** WINMGMT: … 4.
14397 04:27:07 (0) ** WMIADAPTER: … 0.
14398 04:27:07 (0) ** => Verify the WMIDiag LOG at line #13830 for more details.
14399 04:27:07 (0) **
14400 04:27:07 (0) ** # of additional Event Log events AFTER WMIDiag execution:
14401 04:27:07 (0) ** DCOM: … 0.
14402 04:27:07 (0) ** WINMGMT: … 0.
14403 04:27:07 (0) ** WMIADAPTER: … 0.
14404 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14405 04:27:07 (0) ** WMI Registry key setup: … OK.
14406 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14407 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14408 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14409 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14410 04:27:07 (0) **
14411 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14412 04:27:07 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
14413 04:27:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
14414 04:27:07 (0) **
14415 04:27:07 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP_.CLI.RTM.32_J_2010.01.16_04.24.18.LOG’ for details.
14416 04:27:07 (0) **
14417 04:27:07 (0) ** WMIDiag v2.0 ended on Saturday, January 16, 2010 at 04:27 (W:100 E:23 S:1).
[/size][/size][/size][/size][/size][/size][/size][/size][/size][/size][/font][/font]

First thing I want to try is to “reset the security center”. There are errors reported in the WBEM folder. That folder will be deleted in the reset procedure and I want to see what the procedure brings in your situation.

Open a command prompt by clicking Start → Run. Type cmd and click OK.

In the command prompt window, type NET STOP WINMGMT /Y and press ENTER.

Type REN %WINDIR%\SYSTEM32\WBEM\REPOSITORY REP.OLD and press ENTER.

Type EXIT and press ENTER to close the window.

Restart the system. Windows should start normally, but you may be prompted to restart the system once more to complete the changes caused by resetting the core repository. You may also need to restart once more if Windows Security Center still does not detect your security product.

When the problem persists please post a screenshot of the D+ logs. They can be found under Defense + → Common Tasks → View Defense + Alerts.