Geekbuddy screen came up after manual AV scan clean, then CIS crashed


  1. What you did: After AV scan and subsequent clean, Geekbuddy screen came up again, so repeated ‘clean it yourself’ step on Geekbuddy screen. CFP crashed
  2. What you expected to happen or see: CFP main interface as had finished cleaning, no second Geekbuddy screen, no crash.
  3. How you tried to fix it & what happened: Re-started cfp.exe, which started correctly
  4. If a software compatibility problem have you tried the compatibility fixes (link in format)?: Not a compatibility problem as far as I can determine
  5. Details & exact version of any software (execpt CIS) involved (with download link unless malware): Probable false positive temp file detected as ApplicUnsaf.Win32.CainAbel (emailed on request)
  6. Whether you can make the problem happen again, and if so precise steps to make it happen[color=blue]: Yes:
  • [color=blue]Scheduled scan of computer
  • [color=blue]at end of scan in Geekbuddy nag screen, choose to ‘clean it yourself’, ignore ‘do not ask again’.
  • [color=blue]Geekbuddy nag screen incorrectly comes up again instead of closing, ignore until later - see below
  • [color=blue]In ‘clean it yourself’ Results Window click on Clean button to quarantine probable false temp file
  • [color=blue]Said ‘yes’ in window asking for confirmation of quarantine
  • [color=blue]Then used close cross to close Results window, as it remains open
  • [color=blue]On Geekbuddy nag screen (still incorrectly visible), click ‘clean yourself’ again.
  • [color=blue]CFP tries to open manual clean Results Window again but crashes. Dump attached.
  1. Any other information (eg your guess regarding the cause, with reasons): Probably a state confusion problem caused by GeekBuddy screen coming up again and repeating a process that did not need repeating. Probably not related to low-cpu config, as I think I have seen this before. CIS is excluded from AWM (dll not injected) and Processtamer (cpu priority not controlled).

B. FILES APPENDED. (Please zip unless screenshots).:

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Appended
  2. Screenshots illustrating the bug: Not appended
  3. Screenshots of related CIS event logs: Not appended
  4. A CIS config report or file: Appended
  5. Crash or freeze dump file: Appended
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Appended


  1. CIS version, AV database version & configuration: See appended file
  2. a) Have you updated (without uninstall) from a previous version of CIS: No, bare metal uninstall and re-install using forced uninstaller
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Not major, have changed some more minor settings to lower CPU - see config report (attached)
  5. Defense+, Sandbox, Firewall & AV security levels: Defense+=safe, Sandbox= enabled, Firewall=safe & AV =stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP Pro SP3, 32bit, no UAC (XP), admin account
  7. Other security and utility software currently installed: Google Desktop, Processtamer, Idrive, Everything, Canon network utilities (2 files), Clipmate, Ivault, Actual Window Manager, Killswitch, ATI catalyst control centre, Vmware Player hqtray, CPM, CCBU
  8. Other security software previously installed at any time since Windows was last installed: Trusteer Rapport, Avast (to replicate user bug)
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: Vmware Player installed but not used

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Moved to Verified.

Many thanks again