I have version 5.5.195786.1383 of Comodo firewall, on Windows XP Pro SP3, and lately I am having problems with Outlook Express and Firefox, whatever program I start first.
Outlook Express will hang at “connecting” , get the warning “msimn.exe is an unknown application and will be isolated” and I have to kill the program with Task Manager. The next time Outlook works fine.
Firefox will hang forever without warnings and I also have to kill it with Task Manager. The next time Firefox works fine.
Regrettably I have deleted the Comodo log, but I remember some errors as “access memory” and “unknown application”.
I have tried all the combination of settings I could imagine, even making Outlook Express a “System application”.
Finally, I totally disabled Defense+, and my problem disappeared.
Is there another solution ?
Now I realized that I should have post this at Defense+ / Sandbox Help - CIS . Sorry, I am new to this forum.
I’m running win XP SP3 with defense+ in paranoid mode and don’t experience the same problem as yours nor with outlook express nor with my browsers (Dragon, Opera, IE8).
You could try setting Defense+ in learning mode and then launching and using outlook express. Then reset Defense+ to your usual security level and see if your problem is solved. Do the same with firefox.
But when I go back to Safe Mode and restart the System, Firefox hangs, and when killed, the warning appears “Firefox is an unknown application and will be isolated”
Outlook Expres takes nearly 3 minutes to start and then hangs at “connecting”. Soon appears the warning “msimn.exe is an unknown application and will be isolated”. When I select “Not isolate again”, it proceeds normally.
So I disabled again Defense+, and both programs work fine.
You haven’t by any chance enabled in defense+ > defense+ settings > general settings the option “block all unknown requests is the application is closed”. If the answer is yes, disable it and tell us if it helps.
Here I attach two screen captures (they don’t fit in one) of the Defense+ log, corresponding at the time when Defense+ was in Safe mode.
I regret they are in Spanish, but I hope you will understand them.
Could you lookup outlook express and firefox files that are sandboxed ==> Defense+ > unrecognized files > lookup
and also submit these files to this online tool : http://valkyrie.comodo.com/
I’m wondering if the integrity of these files are not corrupted.
There are not any unrecognized files on Defense+, neither any sandboxed, as now I have disabled Defense+.
As for corrupted files, as I suspected this could happen, I have run sfc/scannow before making my first post, so I believe that possibility could be discarded.
What version of FF are you using? Is it a regular version or an adapted version for use on USB stick for example? Or are you using Nightly or other test builds.
Can anybody running XP see if Outlook Express is digitally signed by Mircrosoft? To know for sure that msimn.exe is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.
Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.
When this is done navigate to C:\Program Files\Outlook Express, look up and select msimn.exe click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.
I downloaded the zip archive you suggested, created a folder named SysinternalsSuite on C:\Program Files, unpacked the zip file to that folder, ran sigcheck.reg , which was successfully added to the registry.
But when I right click msimn.exe, Signature appears on the context menu, but when I select that option, I get a list of programs with the heading “Choose the program with which you want to open this file”.
