Defense+ prevents being able to kill a hung program.

WindowsXP Pro, all service packs, no viruses (NOD32) or trojans and the latest Comodo Firewall Pro version. Whenever I need to kill a hung program (rare), I cannot, and I get no Windows Error Reporting window either. dumprep.exe shows up in the Task Manager and no alerts are shown. If I keep trying to kill the program I will get another instance of dumprep.exe each time. Defense+ turned off solves this problem. I have both dumprep.exe and csrss.exe listed as windows system applications in the settings. It makes no difference whether Defense+ is set to Training Mode or Clean PC mode. I have run the firewall for a while now so it has learned all my programs. Can you help? Thanks!

Hi and welcome Mike,

Have you looked in the Defense+ logs to see what got blocked?

Hi
I am using windows xp home, and i had dumprep.exe shows up in the Task Manager as well, and had a hard time killing it. But eventually i managed to kill and i also had no alerts.

I checked defence+ logs with nothing showing.

Cheers :■■■■

I have the same problem. Windows XP Pro, SP2 on a Core2Duo laptop (2.16 GHz and 2 GB RAM).
It seems that Defence+ is slowing down dumprep.exe somehow.
Whenever an application crashes or when I ask to terminate a frozen application, Windows windows will launch dumprep.exe. Without Defense+, dumprep.exe completes within seconds. With Defense+ on, it may take 5-10 minutes.
Defense+ logs show nothing relevant, so it’s obviously not blocking dumprep.exe, just slowing it down.

Since dumprep will block the application’s resources while it’s doing its job, the machine is as good as frozen for those 5-10 minutes.

Defense+ has automatically assigned a custom policy to dumprep.exe, with all access rights set to ‘Ask’. (This seems to be the default behaviour.)
Maybe it needs more of a free reign than that, but what is acceptable?
Any ideas anyone?

Today my daughter crashed Windows Live Messenger and IE7, and this showed up in Defence + logs.

1/22/2008 5:42:01 PM C:\WINDOWS\system32\dumprep.exe Create Process C:\WINDOWS\system32\dwwin.exe (:AGY)

Once again it took about 5 minutes for it to do the dump and cpu was at nearly 100%, making the computer virtually unusable.

To me it is more of a pain then a major bug, as i don’t have this problem that often.

Cheers :■■■■

I believe I have finally found the way to fix this problem. Uncheck the box “Interprocess Memory Access” in Defense+. Works fine now. Dumprep.exe activates and the Report Error box comes up and you can kill the program.

Hi,

You can also try to disable error reporting:
Start
Run…
sysdm.cpl
Special tab
Error reporting
Switch on disable.

Ark

Or…

Go to defense+/advanced/computer security policy
And search for dumprep.exe. Change its policy to ‘trusted’ or ‘windows system application’
It should work without unchecking ‘interprocess memory access’.
Btw I dont understand this issue as I dont have it.

Oh…and if you have a hard time killing a process with task manager, try it from cfp. :wink:
–>go to defense+/common tasks/view active process list, search for the hung process, right click and ‘terminate’ (without quarantine)

Hope it helps,
Blas

I don’t want to…nor should you have to disable error reporting, and this still would probable not enable being able to kill a hung process. Also, I already earlier tried adding dumprep.exe as a trusted system application and that did not work. I believe that it has something to do with a memory dump process being initialized during the kill process and that having interprocess memory access box enabled somehow interferes with this, but not knowing much about programming I can only speculate. It is obviously a comodo problem in my opinion but I’m glad that I at least found a workaround and I hope this helps anyone else having the same problem and that comodo will look into this.

hmm…strange.
I only had similar issue with dumprep when cfp was in alfa stage. Even then I could solve it by deleting the corresponding rules and make cfp learn them again. Btw I had issues with nod32. Not the http scanning one, but excessive cpu usage. (when used alongside cfp)
Do you have any other resident applications running than the ones specified in your first post?
Have you tried a clean install of cfp? (last option)
Anyway we should wait for a developer to look into this.
I am also running (genuine) windows xp sp2, all patches. And don’t have this issue. Comodo memory firewall and avira free is running also. It has to be something with your configuration. Maybe a corrupt installation or program conflict.

Hi Blas…Yes…running legal WinXP here also. Nod32 configured to exclude the Comodo directories from real-time scanning to prevent any conflicts. Tried complete (and I mean complete…all registry entries cleaned up manually which were not removed by the uninstall program) removal/uninstall of CFP and reinstall…did not fix problem. No unnecessary programs running resident (Comodo Free firewall, Copernic Desktop Search, Yahoo Widget Engine, APC PowerChute Personal Edition). Registry is quite clean…minimal fluff. Yes…could be some conflict with another process/resident program, in my 14+ years in IT/IS I know that no programmer can forsee complete interoperability with every possible configuration. I’m satisfied that I can have all the Defense+ boxes checked except 1 until there is a solution. Except for this Comodo is A-1 and I’ve tried them all.

Anyway a developer sholuld look into this. Only disabling interprocess memory access in defense+ is better than turning it completely off, but its still comprimising its security. I just searched for dumprep.exe in computer security policy, and found out that its in custom mode, and everything is set to ‘ask’. Maybe if you set ‘interprocess memory access’ locally to allowed…but if setting it to trusted doesn’t worked I doubt this will.
Sorry Mike, Im out of ideas. Have you updated to the newest cfp version that came out monday?