guard32.dll doing nasty things [Issue Report]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Debugging one of my projects i noticed guard32 doing wrong things.

The bug/issue

  1. What you did:
    Using WinDBG with application verifier on one of my projects

  2. What actually happened or you actually saw:
    During start of program:

First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\SysWOW64\guard32.dll - 
guard32+0x127c3:
100127c3 66813e4d5a      cmp     word ptr [esi],5A4Dh     ds:002b:0310a000=????

This is the important bug 1 of 2:


=======================================
VERIFIER STOP 0000060A: pid 0x688: Incorrect FreeType parameter for VirtualFree operation. 

	0000C000 : Incorrect value used by the application.
	00004000 : Expected correct value 1.
	00008000 : Expected correct value 2.
	00000000 : Not used.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

(688.10d4): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
vrfcore!VerifierStopMessageEx+0x543:
6a953c38 cc              int     3

This is the important bug 2 of 2:

0:000:x86> g


=======================================
VERIFIER STOP 000000000000060A: pid 0x688: Incorrect FreeType parameter for VirtualFree operation. 

	000000000000C000 : Incorrect value used by the application.
	0000000000004000 : Expected correct value 1.
	0000000000008000 : Expected correct value 2.
	0000000000000000 : Not used.


=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

(688.10d4): Break instruction exception - code 80000003 (first chance)
verifier!VerifierStopMessageEx+0x6fb:
00000000`0011ae03 cc              int     3

  1. What you expected to happen or see:
    Comodo not not mixing up free mem functions

  2. How you tried to fix it & what happened:
    Use the correct type of free function.

  3. If its an application compatibility problem have you tried the application fixes here?:
    Not applicable

  4. Details (exact version) of any application involved with download link:
    exe file and pdb file
    http://www.mediafire.com/?pjnf6csk8n2pr3r

  5. Whether you can make the problem happen again, and if so exact steps to make it happen:

In application verifier, Use these settings:
http://img27.imageshack.us/img27/2408/addverscreenshot.png
Remember to save.
2. Run exe file with windbg
The memory free fun bugs appear when you exit the program (exe file) normal red button close button right upper corner.

  1. Any other information (eg your guess regarding the cause, with reasons):
    Not applicable

Your set-up

  1. CIS version, AV database version & configuration used:
    CIS 5.4.189822.1355 (PLEASE: make this version string copyable in the about box in next update, please!! )
    virus sig: 8923

  2. a) Have you updated (without uninstall) from CIS 3 or 4:
    No

  3. a) Have you imported a config from a previous version of CIS:
    No

  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
    No

  5. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
    Defense+ : Safe Mode
    Antivirus : Disabled ( removes good / safe files without my permission )
    Firewall : Safe Mode
    Sandbox: Disabled ( how about pausing the program and wait for user to choose an option and not automatically sandbox and then ask)

  6. OS version, service pack, number of bits, UAC setting, & account type:
    Windows 7 64-bit Ultimate
    UAC: default
    account type: default

  7. Other security and utility software installed:
    No other software (excluding my brain and paranoia )

  8. Virtual machine used (Please do NOT use Virtual box):
    Not applicable

Here are the dump files of all three issues:
During start of program:
http://www.mediafire.com/?z2u30uw0yqrobim

This is the important bug 1 of 2:
http://www.mediafire.com/?dfjzp3mczb8rj5x

This is the important bug 2 of 2:
http://www.mediafire.com/?afarn9cllmn1krp

If you want more info just ask

[attachment deleted by admin]

#2

This problem should be easy to fix.
Why have there been any updates on this yet ?

#3

Thank you for your Issue report.

Moved to verified.

Thank you

Dennis

#4

guard32.dll i suspect was installed with fakeantivirus… why isn’t comodo detecting and removeing it?

If i do nothing, it eventually finds it’s way into comodo itself as well as other software, how do i remove this entirely?

#5

Guard32.dll belong to CIS. It is not a fake anti virus.

If you have more questions about guard32.dll please start a topic in an appropriate board. Your observation is in no way related to this bug report.