After installed CIS, My Windows XP Home Ed PC cannot boot up sucessfully after installing CIS. After showing the wall paper, and taskbar (but no all icon shows up on the notification area), then I got several pop up messages:
- drwtsn32.exe has problem, need to close
- to proect your computer, Windows has close the Windows Explorer
- to protect your computer, Windows close the Run a DLL as an App
Anyone can help?? I need urgent help.
Can you still boot in to Safe Mode by pressing F8 at startup ?
Yes, I can boot the PC up through safe mode. And I did several trials:
1/ a) uninstall the CIS under safe mode, and reboot the PC. My PC can boot up normally
b) reinstall the CIS again, problem comes again
2/ a) uninstall the CIS under safe mode, and also uninstall two applications which I tought they might contribute to the problem. Then I reboot the PC. It can boot up normally
b) I then reinstall the CIS agian. Sadly, the problem still persists. And the symptom is quite consistent
Can you please post more details of your system ?
Like Os version ServicePack version, language 32 or 64 bits.
Other “security” software installed.
Have you tried to install only the AV or maybe only the Firewall ?
PC brand: HP
OS: Win XP, Home Edition, Version 2002, SP3
Language: Traditional Chinese
Security SW: All uninstalled
32 or 64 bit: I don’t know where to get this info
I did other trials which makes me more confused:
3/ a) boot up PC in safemode and activitate the ICS. Surprisingly ICS can be launched sucessfully
b) In summary page, the System Status shows “The Defense+ is not Functioning properly!”
c) I run the Diagnostics utility as istructed, but the information shows “The diagnostics utility did not find any problems with my installation” after running the diagnostic utility
d) but the System Status still shows “The Defense+ is not Functioning properly!”
e) Since the problem seems happing when ICS initializing durign system boot up, so I try to change the Setting ti disable the “Automatically start the applicaiton with Windows” and “Automatically detect new private networks”. I want to see if the PC can be boot up normally without automatically initializes CIS during normal boot up
f) Surprise to me, problem still there. Either the warning message pop up by the system is the “drwtsn32.exe has problem, need to close”, or “to proect your computer, Windows has close the Windows Explorer”, or “to protect your computer, Windows close the Run a DLL as an App” or “rundll32.exe stop response”
Now, I run out of idea what more I should test…
Hope you do not mind Ronny.
Just a suggestion.
Did you check the Defence+ logs/events for anything blocked, when you were in Safe Mode after trying to boot normally.
No problem Dennis
If windows boots in SafeMode the “non” windows drivers are not started, that’s the reason you see the “Defense+ is not functioning properly” message because the driver was not loaded at startup.
Can you also set the CIS Firewall and D+ level to disabled while in safe mode then reboot and see if that helps ?
Can you also check your eventlog for details of the “drwatson” message ? or maybe click on the details link if it has any.
Based on suggestion, I do more trials as below:
4/ a) Install the AV only, prolbem still there
b) No event log can be found in safe mode, not sure if it is because I did not initiate virus scan activity yet
d) Disabled Real Time Scanning setting in safe mode as per request. And disable auto start the application with Widows
e) Reboot the PC under normal mode, problem still there.
f) view the AV event log under safemode, no record
g) then do trial 5/
5/ a) Install the firewall only (without proactive defense). PC can boot up normally and sucessfully. Problem does not occur during normal boot up. 88)
b) no firewall event log can be found
c) it seems like the firewall only can run normally
d) then do trial 6/
6/ a) Install the firewall with Optimum Proactive Defense. drwtsn32.exe problem comes when booting up the PC in normal mode. and then the PC just hang without finishing the boot up prdocess
b) The firewall event log under safe mode. The event log shows is empty
c) The D+ event log shows
- the action of drwtsn32.exe is in state of Access Memory. The Target is cfp.exe of COMODO Internet Security
- There is another action of Custom.exe is in state of Create Process. The target is dwwin.exe. of WINDOWS\system32. The Custom.exe is belongs to a digital writing pen.
d) Disabled the Firewall and D+ Security Level and reboot the PC
e) then problem comes again. The message shows
- to proect your computer, Windows has close the Windows Explorer
- rundll32.exe has problem, need to be closed
f) boot up in safemode. Event log of Firewall is same as 6/b. The Event logs of D+ is same as 6/c plus two more logged events. The two event are the same but in different timing:
- application of cfp.exe of COMODO Internet Security in Action state of Changes Defense+ Mode. Target shows Disabled
7/ a) insatll both AV and Firewall with D+. Of course all problem comes as described previously
b) go to safemode to read all event logs:
- anti-Virus event log is empty
- firewall event log is empty
- D+ event logs shows two drwtsn32.exe application in Action of Access memory. Target is cfp.exe of CoMODO internet Security
We can safely assume that some driver and or application used on your system startup conflicts with D+
Just to be sure can you test the following, If you do a full install (or maybe it’s still installed) go to Defense+, Advanced, Defense+ Settings, and tick “Deactivate the Defense+ permanently”.
Then reboot and see if it’s gone, if so and you want to find out where the conflict is coming from you could start with disabling all other programs that “autostart” with windows and set the Defense+ back to unticked (so it’s activated again).
A good program to test and enabled/disable autostart stuff is Autoruns from Sysinternals:
The most important tabs are “Logon”, “Services” and “Drivers”.
Tks for guidance. As you predict, the problem does not appear after selecting “Deactivate the Defense+ permanently”. But I really want to use Defense+.
So, I am trying to use your suggested programto find out where the problems are. But, I am not sure if I can manage to find it out. As I am not a really good are PC stuff. The number of application/executables/dll/drivers are really scaring when I tab “Logon”, “Services” and “Drivers”, because it simply out of my knowledge area.
I will try to check it as much as I can. Do you have any good suggestion to make it more efficient?
Yes i have, we can start by filtering all Microsoft Drivers and Services.
If you start autoruns you can click on Options on the menu bar and select, Hide Microsoft and Windows Entries.
Also select Verify code signatures (this will cause internet connection requests to check the Signatures).
Now press F5 and you will only see the “NON” Microsoft entries are left.
If your not sure if it’s safe to “untick” you can always post a screenshot here
I did the filtering. And tried to disable one of not frequently use logon application. Unfortunately it does not help. But when I tried to un-tick it, the Autoruns got problem. It stop respond. Bad luck!
So I think I’d better post FOUR screen shots to you to see which entry can be disables. Hope you can help.
I think it’s safe to untick all but CIS on the logon tab, reboot (with D+ active of course) and see what happens ?
If the problem is gone, you have to start the process of setting an application enabled one by one, reboot, test etc.
I finally fiinished checking. I found that one popular apllication which cause the incompatiblility with the D+. The application is for a Chinese handwriting pen which is very very popular to both Hong Kong and Taiwan. Since the tool need to be used everyday, I have no choice but disable D+. Hope next time I have more luck.
Very well done, can you please give us more details for your system and can you tell us which version software/drivers you are using for this “handwriting pen” also a link to the suppliers website and the type would be interesting.
That way developers can take a look what’s causing the conflict and fix the bug (if it’s CIS fault).
If we have all that information i can move this post to the Bug board for D+
Try to install CIS in safe mode
I know it sounds stupid,but try!