Enhanced protection mode causing BSOD?

Since I updated Comodo on the 23rd October I’ve received 6 BSOD’s over a 3 week period. All while booting up, either before or immediately after logon screen. Since I un-ticked the ‘Enhanced protection mode’ box (about 2 weeks ago) I haven’t had any BSOD’s.

Firewall is in Custom Policy Mode, Defense + is in Safe Mode, with unrecognized files Untrusted.

I’ve attached the minidump files.

[attachment deleted by admin]

Enhanced protection for 64 bit? I haven’t had any problems or BSOD. Languy says in his video review of 5.8 to keep it off because it “can” be buggy, but its up to the individual user.

i would recommend submitting a bug report

i have been using enhanced protection mode since it was released and i havent had any problems but as you can see it still can have bugs

I had the exact same problem, BSODs on Start-Up.
First I thought it was an hardware issue, but in the end I was able to track it down to the “Enhanced Protection Mode” of Comodos Defense+.

I would like to send them a bug-report about that issue, I just can’t seem to find the right destination for it.
Is there a site here somewhere where I can send them my report directly, or do i have to send them a mail, or post it here in the forum?

Thanks in advance for any help.

Please put any bug reports here.

Also, please read this before posting.

Thanks.

Thanks a lot, I posted my report now. Hopefully it will help solving the error.

Hi all,

I tried to reproduce the issue, but can’t succeed, and I analyzed the minidump, from minidump, I guess the issue is caused by incompatibility of avst and CIS, but can’t get more valid information. For fixing the issue, I hope guys who encounter the issue to help me do following things.

  1. Install Debugging Tools (windbg);
  2. Launch gflags.exe, click “Kernel Flags” tab, select “Enable heap tagging”;
  3. Configure Startup and Recovery settings, set it as Kernel memory dump file.

If you get dump file, please notify me ASAP. you can send eamil to me or contact me with MSN:greenfield_wang@hotmail.com.

Thanks,
Rick ■■■■

I’ve installed the debugging tools, I will send you the dump when I next get a BSOD.

It only took 2 reboots to get a BSOD with ‘enhanced protection mode’ enabled.

I’ve attached the dump file.

[attachment deleted by admin]

It happened again, so I’ve uploaded another minidump. I will disable enhanced protection mode now unless anyone needs more dumps, let me know.

[attachment deleted by admin]

Have you ran sfc to ensure all system drivers are free of integrity issues as well as chkdsk? While I realize that this only happens if you enable the enhanced protection, it does not mean that is the exact cause… In other words it could be that you are having problems that you are not seeing until you enable enhanced protection. From the minidump, I cant really see what specific driver is causing the issue. If your up for solving your own problem (provided its not actually a CIS issue entirely), you may consider trying Microsoft Driver Verifier (Use Driver Verifier to identify issues - Windows Server | Microsoft Learn). This would help you to figure out what specific driver is misbehaving (which could be the actual cause of your problems with having enhanced mode enabled).

maybe RickWang will post back and tell us whats going on

Actually just found something interesting in your last minidump… cdd.dll appears to have caused that crash while all your other dumps show up as BAD_POOL_HEADER meaning “The pool is already corrupt at the time of the current request. This may or may not be due to the caller.” You may also consider ensuring all your drivers are up to date and running memory checking software like memtest86+ (along with the other 2 recommendations i made: sfc and chkdsk.

Hi all,

Sorry for the trouble caused to you.

We are analyzing it. and I attach the test patch here (the patch is for windows 7 x64bit). Please guys who encounter the issue to test the patch and tell me result. following is test steps:

  1. Replace file %windir%\system32\drivers\cmdguard.sys with the attached;
  2. Select option “Enhanced Protection”;
  3. Reboot machine, during startup, click button “disable signature”;
  4. Try to reproduce the issue.

If yu have any question, please tell me ASAP.
Thanks for your kindly help.

Rick ■■■■

[attachment deleted by admin]

Since I have the same issue, I tried that test patch.
Comodo doesn’t crash with “Enhanced Protection” enabled now, but it reports “Defense+ is not working properly”.

And I have a question regardings step 3: Where exactly do I have to “disable signatures” during boot-up?
I don’t get any option like that.

To Trolljäger,

The driver file should be signatured in x64 OS, but the attached is test patch, and I don’t signature it.
So when you use it, you should disable driver signature. the operation is simple, when you srart machine, please click key “F8”, and a set of operation appear, you select operation about “Disable Signature”. then its ok.

Next week we will provide the released version for the issue.

Thanks,
Rick ■■■■

So, version 5.9 is going to be released next week?
As a Christmas gift? ;D

You cracked the code ;D

Sorry, my bad. Now I understand.

I think I’ll wait for the fixed version with the signed driver then. Feels kinda safer.
But I will test the patch again with signing disabled and report here.

Hi Guys,

I signatured the new test patch, please help me to verify it.
Any result, please tell me ASAP. if it works, we will add it into released version.

Thanks,
Rick ■■■■

[attachment deleted by admin]