Getting "Bad Image" guard64.d11 in Event Log with Comodo on Win10 2004

Comodo (7098) hanging up the system upon startup of the desktop loading. CIS tray icon is not showing, space is empty where it loads. Can’t do anything with the system, task manager does not load, nothing responds. End up having to hard power down the system, maybe it comes up the next time, maybe not.

When the system finally comes up, check the Windows Event Log (system).
Application popup: services.exe - Bad Image : C:\Windows\system32\guard64.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc0000428.

System event log
Event id 26
Source: Application Popup

Error and problems with Comodo loading show up on:

Comodo 12.2.2.7098
Windows 10 2004, build 19041.804

Comodo 12.2.2.6818
Windows 10 2004 build 19041.804

Comodo 12.2.2.8012
Windows 10 2004 build 19041.804

Multiple systems, HP platforms, no disk errors, scandisk and other utils report no issues. Even on a fresh/newly installed Win10 2004 system, same build, same event log entries exist after installing Comodo.

Method for upgrading to 2004: Comodo settings exported, then Comodo is uninstalled, clean tool run, upgrade from 1909 to 2004, Comodo 12.2.2.7098 installed, settings imported from old to the new.

Tried re-downloading the 7098 installer, re-verifying the hash, uninstalling Comodo and running the CISclean tool, then installing with newly downloaded file and get the same error in the event logs.

Again, tried this from scratch on a 2004 system. Downloaded the very latest version 12.2.2.8012, verified the hash. Uninstalled the current 7098 version, cleaned with clean tool. Verified no traces left. Installed the latest version, updated the signatures (33406 at the time–took 4-ev-ver to download tonight–rebooted, AGAIN it still says the application popup bad image for guard64.dll.

I believe this started with Win 10 2004. Not showing on any of my Win 10 1909 systems. Win10 pro 64bit, prior to 2004, the bad image error for guard64.dll never showed up in the Windows logs. Even if I put back on the previous Comodo version they were running, 6818, the guard64.dll has the bad image error in the windows system event log. But it isn’t on the 1909 systems.

Anyone seen this before? How do I fix this? :-\

The bad image error is something you can ignore. It has been around since 2009. Futuretech explains it briefly here:

Windows will notice there is no hash provided as it would like see. It is not a security issue nor does it effect functioning. But it is sloppy Comodo does not fix this. This error has no relation with the issue you are facing.

The problem with the tray icon not always showing is a visual bug and a known issue that is being looked into. The not showing of the tray icon has no bearing on the function of CIS; it’s very much a sore to the eye to many of us but nothing more than that.

Both issues you found are red herrings to your problem. So we have to start from other angles to try to find what is causing this.

First thing that comes to mind is to install the latest stable version 8012 and see if that makes a difference. It can be downloaded from the release topic.

Do you have other security program installed side by side with CIS? That sometimes causes issues. Or did you have other security program installed in the past? In that case make sure to run a clean up tool from that vendor to make sure all traces are removed. Sometimes a left behind driver or service may cause instability. Eset has a list on their support pages with clean up tools of various vendors: [KB146] Uninstallers (removal tools) for common Windows antivirus software .

Hi Eric,
Very sorry for the delay in response, just got super busy. I appreciate your response! :-TU :-TU

Thanks for the info on the error message. At least I can no longer worry about that.
We have not really seen the CIS icon in the tray not showing before, so that to me was something new. My users are very used to seeing their security icons and alert if they don’t show for some reason. We can definitely verify Comodo is indeed running, but I don’t want users to assume it is when maybe it isn’t.

I have tried the 7098, I’ll try the 8012 and see how that behaves.

We have always run Comodo and Malwarebytes together for years with no issues. I create exclusions in MWB for all things Comodo, and the same in Comodo for MWB (via a file group) and apply in Comodo to the Containment, HIPS, and ViruScope. They have always played well together with this approach.

As I said for some reason the instability of Comodo started with the upgrade from 1909 to Win 10 2004. And not all systems, just a handful. Many are still on the 6818 version with win 10 2004 and haven’t had any issues yet (except the bad image message). Some were on 6818 and had issues, and I tried to bump them to the 7098v version but two continued to have issues and I ended up doing a complete clean uninstall and reinstall, and started them with a new config fie and they seem to be fine. So perhaps it is something in the config that just happens to coincide with the upgrade to 2004.

Anyway, that’s the approach I take to get them working again. I’ll get testing 8012 and see how that plays for us.

Thank you again!!!