guard32 and guard64 dlls and ALSR status.


I’ve noticed both guard32 and guard64.dlls that comodo loads into most processes via the app_init mechanism (presumably for HIPS?) appear to be both not compiled with ASLR enabled.

Could you please comment on why this is the case and if it will be remediated (and avoid giving us the ‘it’s all good we assure you industry best security blablaba’ speech). Or alternatively very verbosely why this is not a concern given both seem to be always loaded at 0x180000000 or 0x100000000 into things like web browsers, email clients, etc.


ps I believe this was reported to you in Why Usermode Hooking Sucks – Bypassing Comodo Internet Security | (and the other issues from there were possibly fixed )

ps the cis version is question is 7.0.317799.4142
os - win7 x64, and win8 x64

As this is a question about the functionality of CIS, and not necessarily a bug, I will move this to the Feedback section of the forum. It is most likely that you will receive a satisfactory answer in that part of the forum.

Thank you.

well, up to you guys re how to classify it.
Personally I think it’s a bug/potential vulnerability. For other security products e.g. sophos AV it was a bug/vulnerability for their equivalent of guard32.dll. (detour dll)

I should clarify that I am not Comodo staff. I am a volunteer moderator who handles the bug reporting board. Thus, my comments should not be interpreted as those of Comodo.

Thus, I think it’s best that this first be discussed. That is why I moved this to an area of the forum where discussion is likely. If others have not commented on this within a few days please contact me and I will look into this deeper.


ps im not certain, but fairly sure that CIS causes my win7 pc to freeze up consistently when configuring ASLR to be always on via EMET 4.1 u1

If you can replicate this it is certainly worthy of a bug report. However, please create a new topic for this in the bug reporting section of the forum. This particular topic is more of an inquiry than a bug report.


Can you elaborate on the exact nature of the freezing that happens?

I have had problems with system becoming less and less responsive. Read, starting executables did not seem to happen; after 15 or so minutes I would get an error message from Windows stating it cannot open the file and suggests right limitations may be at hand.

It seemed to start happening after I had shortly installed EMET. The odd thing was that the problem also happened when I installed previous versions of CIS 7 (I did not have the problem on those versions before); my system was jinxed… :-X Reinstalling and uninstalling EMET did not change the system. The problem went when I uninstalled CIS.

I decided to reset Windows 8.1 and start from scratch again. My Windows 7 SP1 installation is still jinxed. I may try installing EMET again after making a system restore point to see if the problem resurfaces again.

The formatted bug report for that issue can be found here.


i’ve just in case replied in the other thread.