Hello all,
I noticed a problem related to guard32.dll and GDB. This is the same problem as:
https://forums.comodo.com/empty-t20386.0.html
and
https://forums.comodo.com/empty-t21329.0.html
Summery of the problem is:
Program received signal SIGSEGV, Segmentation fault.
In ?? () (C:\WINDOWS\system32\guard32.dll)
Is there any formal solution for this problem besides disabling guard32.dll or disabling DEFENSE+?
Hope for your answer.
Hey svadimr & Welcome to the Forums!
Is anything related to these files blocked here?
Defense+\Advanced\Computer Security Policy.
If so (Blocked or Allowed), Remove them from the list. Switch Defense+ to Training Mode (It will learn the applicaton), Then if it DOES succeed, Swtich D+ back to Safe Mode.
Thank you for the fast answer.
I did exactly what you said and the problem is still exists. The interesting thing is if the DEFENSE+ disabled the problem still exists. If I rename guard32.dll or disable DEFENSE+ permanently then everything working.
What is the effect of disabling “guard32.dl” from autoruns?
Gurard32.dll is related to CFP 3.
So your saying it blocks it self?
The full error message of the GDB is:
Program received signal SIGSEGV, Segmentation fault.
0x18f589a1 in ?? () from /cygdrive/c/WINDOWS/system32/guard32.dll
The same error happens in others different places related to GDB.
I don’t sure what is exactly the reason for that.
How I can check if it blocks itself?
Well the thing is I don’t know the effects of guard32.dll… It’s very strange. Can you please make this a bug report? I’ll actually move this thread to bug reports…
Done! 
Developers check Bug Reports regularly. So I am hoping a Comodo Staff Member responses to you.
I guess guard32.dll is injected in all processes as part of CFP design.
Maybe guard32.dll trigger such errors because the debugger access it.
Can you disable windows DEP to check if there are any changes?
How do I disable windows DEP?
A detailed description of the Data Execution Prevention (DEP) feature
Disabling Windows DEP (Data Execution Prevention)
Keep it disabled until you take this test after that eneble it again.
I took the test and with DEP and without DEP the situation is the same. The only thing that matters is in AutoRuns guard32.dll is checked or not. Without guard32.dll everything works just fine.
Thanls for taking the test. It appears there is no way round.
I’m concerned that guard32.dll is an essential CFP component.
Please run some leaktest to evaluate your security when guard32.dll is disabled.
BTW for reference please post an URL to download the toolchain that includes GDB as it could be useful when developer are going to address this bug.
Oh well,
Do you have a good suggestion for easy and secure way to perform a leak test? I’ll publish my results on this thread.
I’ll publish soon the full chain of events that cause this BUG, but it is the same as in
https://forums.comodo.com/empty-t20386.0.html
and
https://forums.comodo.com/empty-t21329.0.html
Thanks a lot for your help.
As I don’t know how guard32 work I cannot suggest a specific test. There are many leaktests at Downloadable Security Tests Web Testing Firewall Security Software you can choose few tests in the first group with Firewall Leak and HIPS in Type of Test column
No please post only a site to downoad the version of GDB you are using
I can confirm the bug. I use MinGW with GCC 4.2.1:
http://sourceforge.net/project/showfiles.php?group_id=2435
But it happens for some projects only. Actually, in my case, it happens since I checked the checkbox “This target provides the project’s main executable” in Code::Blocks (http://www.codeblocks.org/). It seems impossible to uncheck it and I can’t find where this setting is stored. Does anyone know something about this?
Hey guys,
I could be way off here but through using the autoruns software as suggested earlier in this thread I have disabled the guard32.dll and everything seems to be working fine as regards using dbg… thing is that the guard32.dll appears (in autoruns.exe) to belong to AVG’s shield.
This doesn’t bother me as I only use avg for on demand scanning.
As I said, I could be waaaay off!
Micheal
if you want to debug an C+±application (with gdb/MinGW) then gdb create Error 5 ( Can’t execute process ).
the problem exits even when the firewall is turn off. so i have to deinstall it :’(.
Source of the problem is perhaps “SIGSEV fault in guard.dll.”
Why is cmdagent/guard.dll still running even when I shutdown the firewall?
Why can’t i terminate this process?
Hello welcome to the forums.
is there anything in your Defense+ logs?>
comodo → Defense+ → Events
(:HUG)
Cmdagent is the service and is protected from shutdown, all you shutdown is the gui all rules etc. you have set still apply.
The only way is to disable it in services and reboot, or uninstall.
Dennis