Defense+ problem

I have version 5.5.195786.1383 of Comodo firewall, on Windows XP Pro SP3, and lately I am having problems with Outlook Express and Firefox, whatever program I start first.

Outlook Express will hang at “connecting” , get the warning “msimn.exe is an unknown application and will be isolated” and I have to kill the program with Task Manager. The next time Outlook works fine.
Firefox will hang forever without warnings and I also have to kill it with Task Manager. The next time Firefox works fine.

Regrettably I have deleted the Comodo log, but I remember some errors as “access memory” and “unknown application”.
I have tried all the combination of settings I could imagine, even making Outlook Express a “System application”.
Finally, I totally disabled Defense+, and my problem disappeared.

Is there another solution ?

Now I realized that I should have post this at Defense+ / Sandbox Help - CIS . Sorry, I am new to this forum.

Hi insipido,

welcome to the forum.

I’m running win XP SP3 with defense+ in paranoid mode and don’t experience the same problem as yours nor with outlook express nor with my browsers (Dragon, Opera, IE8).

You could try setting Defense+ in learning mode and then launching and using outlook express. Then reset Defense+ to your usual security level and see if your problem is solved. Do the same with firefox.


Thanks for your answer Boris 3,

In Learning Mode everything works fine.

But when I go back to Safe Mode and restart the System, Firefox hangs, and when killed, the warning appears “Firefox is an unknown application and will be isolated”

Outlook Expres takes nearly 3 minutes to start and then hangs at “connecting”. Soon appears the warning “msimn.exe is an unknown application and will be isolated”. When I select “Not isolate again”, it proceeds normally.

So I disabled again Defense+, and both programs work fine.

You haven’t by any chance enabled in defense+ > defense+ settings > general settings the option “block all unknown requests is the application is closed”. If the answer is yes, disable it and tell us if it helps.

No, I did not enable that option.

Here I attach two screen captures (they don’t fit in one) of the Defense+ log, corresponding at the time when Defense+ was in Safe mode.
I regret they are in Spanish, but I hope you will understand them.

[attachment deleted by admin]


Could you lookup outlook express and firefox files that are sandboxed ==> Defense+ > unrecognized files > lookup
and also submit these files to this online tool :

I’m wondering if the integrity of these files are not corrupted.

There are not any unrecognized files on Defense+, neither any sandboxed, as now I have disabled Defense+.

As for corrupted files, as I suspected this could happen, I have run sfc/scannow before making my first post, so I believe that possibility could be discarded.

Anyway, I have submitted msimn.exe file to

The results are here:

I am not quite sure of the meaning of these results, as some detectors find it normal and some unknown.

the auto result is normal which means the file is not seen as malicious or malware.

What version of FF are you using? Is it a regular version or an adapted version for use on USB stick for example? Or are you using Nightly or other test builds.

Can anybody running XP see if Outlook Express is digitally signed by Mircrosoft? To know for sure that msimn.exe is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.

Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.

When this is done navigate to C:\Program Files\Outlook Express, look up and select msimn.exe click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.

I check with Sigverif and Outlook Express is signed.

[attachment deleted by admin]


here is the result with sigcheck

[attachment deleted by admin]


I am using Firefox 5.0 Final Release.

I downloaded the zip archive you suggested, created a folder named SysinternalsSuite on C:\Program Files, unpacked the zip file to that folder, ran sigcheck.reg , which was successfully added to the registry.

But when I right click msimn.exe, Signature appears on the context menu, but when I select that option, I get a list of programs with the heading “Choose the program with which you want to open this file”.

I can’t go beyond that.

Here I attached a copy of my msimn.exe, but I had to change its extension to .txt, as .exe files are not allowed.

Maybe someone luckier than me could determine it is signed or not.

[attachment deleted by admin]

The file is not digitally signed. I had it checked with Jotti’s and Virus Total online virus scanners and it is not malware.

Try adding msimn.exe to Trusted Files and let us know what happens.

I have just checked the list of Trusted Files and msimn.exe is already there.

It seems that Comodo forgets that when I activate Defense+.

Remember what I said in a previous post. When I click “Not isolate again” and kill Outlook Express, the next time I start it, it behaves normally.

Try adding msimn.exe to the Shell Code Exclusions and see if that helps or not.

Do you mean using the button I signaled in the attachment to exclude msimn.exe ?

[attachment deleted by admin]

That one indeed.:slight_smile: