HIPS Policy Rules with Results = Name Not Found & Detail Length 144

Hi All! I have been experiencing an extremely slow shut-down of Win7 running with Comodo Firewall v6.0.26, installed yesterday. The Summary of Firewall events shows: Infections Prevented - 0. Unknown Programs Blocked - 102. Suspicious Activities Blocked - 23. Network Activities Blocked - 2692. Iam curious about the number of events recorded with the Firewall installed for only 36 hours (as of this writing). Does anyone have any idea on this?

I viewed the Logs and, despite the above Log stats, the only one with any entry was Defense+ Events that showed C:\Windows\explorer.exe Access Memory with Targe C:\Program Fiels\COMODO.

All the rest were empty!

I would have thought that somewhere on Comodo there would be some sort of resource that would have a list of error codes or other such trouble shooting aids that would return using the same String for Search.

I used Sysinternals Procmon and the only thing I saw that looks like it applies are three different entries for cmdagent.exe:

cmdagent.exe PID 1060 RegQueryValue HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\9\Rules\0\Allowed\5\Condition NAME NOT FOUND Length: 144

cmdagent.exe PID 1060 RegQueryValue HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\9\Rules\0\Allowed\6\Condition NAME NOT FOUND Length: 144

cmdagent.exe 1060 RegQueryValue HKLM\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Condition NAME NOT FOUND Length: 144

Anyone have any idea if these events are normal or not? I have searched Comodo forums, google and bing using the String Comodo Firewall Configuration Hips Rules, all with no success.

Thanks,
Steve

https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2013-v-602607392674-released-t89185.0.html;msg643662#msg643662

that’s the release build. when you say comodo 6.0.26 do you mean build 2674?
i would do a clean install. uninstall 5 and start fresh.
also to narrow it down why don’t you just install the firewall product by it self.
the link above has download links for the firewall only product.

better yet here it is

http://download.comodo.com/cis/download/installs/2000/standalone/cfw_installer.exe

that’s the comodo 2013 build 2674 firewall standalone installer from the above release announcement.

Hi Doc!

Thanks for taking time to read and Reply.

Yes, you are correct on the Build Number.

I did a complete re-Install today and the only mod to the Default Installation was to decline the Toolbar. It just stopped working after about 3 hours. So I did another uninstall and then installed 5.0.163652.1142. I have not tried to update this because I am tired of fooling with computer maintenance all day.

My Win7 Event Viewer has the following synopsis of Administrative Events for the last seven days:
1 Critical - Event ID 41 - Kernal-Power
565 Errors
173 Warnings
10,669 Informations
2,381 Audit Success’

I think I have more problems tha Comodo HIPS / Rule violations.

Considering I did a reinstall and got a Comodo Crash after about 3 hours, and suggestions?

Thanks again,
Steve

Most likely the issue came from an improper uninstall. Thus, my advice is that the next time you feel up to trying to update to the newest version you uninstall the previous version, and then install the newest version, while following the advice I give in this post.

Please let me know if you still run into problems.

Thanks.

Hi Chiron - Thanks for the Link and information - Good advice.

I reviewed the Post on how to effectively Reinstall CIS and it sounds like a good way to go.

RIght now I sm seriously thinking about just reinstalling Win7 and all the other stuff - I really don’t want to, but with all the entries in the Windows Event Viewer, I am not sure I have an alternative.

Thanks again for the Reply, I will be investigasting that Revo product for future use.

Have a good Eve,
Steve