How to handle IBM embedded security chip with CFP V3 [Merged Threads]

There are a few other threads on this, but the posters there have reported slightly different experiences so I thought I’d add this.

On my IBM ThinkCentre desktop (m/t 8122), CFP works fine. On my IBM ThinkPad laptop (m/t 2687), CFP version seriously gums up the works. Both machines previously had Sunbelt Software Personal Firewall installed.

The laptop and desktop both have ThinkVision Client Security Solution 8.2 software installed. The laptop, however, also has a TPM chip, which is hardware. After installing CFP on the laptop, and rebooting, the laptop loops endlessly at the stage where it checks the integrity of the hardware security chip. A cold power-off is necessary. The only way to regain control is to abandon attempts to log on to Windows and, instead, to go into a protected IBM partition and restore a Windows partition image from prior to the installation of CFP.

To my mind, this is a serious shortcoming that Comodo should address soon.

IBM computer has an imbedded security chip TPM device driver that conflicts with CFP v3. I have read just about everything in the help section and most of the FAQs that could apply to this issue. OS XP Pro SP2 logging in as Admin & trying to train CFP so far is unsuccessful. No matter what I put in as trusted or allow applications CFP will not allow the TPM imbedded security device to operate. When PC is rebooted it goes into an eternal loop that will not get passed the imbedded chip and prevents start-up. I have to restart in safe mode or last known good configuration because CFP prevents the normal IBM TPM login. The book Windows XP Inside Out along with everything written that Comodo offers has not helped to resolve the conflict.

AVG free is installed and does not seem to conflict w/ CFP. I uninstalled Norton Internet Security - Norton had no problem operating with the TPM imbedded chip. From what I read, I want to install CFP as it will provide the security i am looking for that Norton and Windows does not provide. Since the TPM driver device is limited to login and restore/backup how can I get CFP to recognize it and lean that this is an acceptable application? CFP tries to delete the TPM device driver by changing the registry for the TPM.

I appreciate any help on getting this matter resolved before I uninstall CFP. Installed CFP on 8-14-08.

XP Pro SP2
Uninstalled Norton Internet Security 2007
AVG 8 free anti virus installed
Spybot search & destroy installed
Firefox Browser
IBM Laptop R60 1GB RAM; 60GB Hardrive

Installed CFP then added Lenovo ThinkVantage items to D+ Protected Registry in an attempt to resolve conflict with CFP. Now getting message that firewall is not functioning properly; run diagnostic. After running diagnostic the msg comes back: no problems with installation. The diagnostic did not result in the firewall working properly. The red X shows in the summary.

Is the firewall not working properly msg due to adding the imbedded security items to the protected registry?

Is there a way to make CFP compatible w/ IBM imbedded security chip? ???

If I am wasting my time going over this for days and hours w/o ever having success - Please! someone put me out of my misery and at least let me know that the conflict between the CFP and the imbedded security chip cannot be resolved. To date I have read numerous articles and posts in addition to multiple attempts to resolve the issue by adding to the D+ protected files and Protected Registry and whatever else I can think of; experimented by setting the levels at various levels. I’ve spent three full days at this and if it is impossible to make the two compatible I will give up and uninstall CFP - no hard feelings. BUT if there is a way to accomplish a working CFP with an IBM computer then I don’t want to walk away from what I feel is a potentially great program.

Please - can anyone out there at least tell me whether it’s hopeless or not? (:NRD)


Need help.

Some more information.

I downloaed a while a go CFP_Setup_3.0.18.309_XP_Vista_x32.exe
Now I noticed that after I install and reboot everything is fine.
It is only after CFP does an update and reboots when I start having the IBM/Lenovo Built-in Security chip TPM loop issue.
You have to reboot in Safe mode and uninstall CFP to get back into your machine.

Running WinXP SP2, IBM/Lenovo Z61p notebook.

I have not tried a later install version… I am downloading CFP_Setup_3.0.25.378_XP_VIST_x32.exe now

Ok just installed on IBM/Lenovo Z61p Laptop (with fingerprint scanner and built in security chip)
On Reboot
Get Bois Screen
Get WinXP Startup Screen
Get Window “Checking the Status of the Security Chip”
now endless loop

here is a temporary solution but CFP still kilsl the Security Chip login

So powered off and booted up into “Safe Mode”

Launched ComodoFR
Under Defence+ Select “My Trusted Software Vendors”
Click Add and select “Read from signed executable”
Browse to C:\Program Files\Lenovo\Client Security Solution
Select an application .exe file - a Pop up should state that the Company is “Lenovo Group Limited” (I selected file “css_policymanager.exe”
This now adds a Trusted Software Vendor “Lenovo (United Stated) Inc.”
Click Apply

Now on Reboot we do not get endless loop - BUT!!!

Now You do get to the Lenovo Security Loin Screen
Hit Ctrl+Alt+DEL
Account Loging screen show active user - click OK
Lenovo Fingerprint Scanner Window Appears
Scan Your Finger = OK

Now and Error appears “Client Security Solution logon - There was a problem connecting to a critical service. It is possible that antivirus or firewall software is blocking the connection. Also, check to make sure that the TPM device is installed and enabled” - OK

System Cannot log you in error - OK

Re-enter you account name and password - OK
Windows continues and logs you into your desktop.

Note: If you use the Lenovo ThinkVantage Client Secuirty Solution Manage Password vault thingy - this now does not work!
Actually anything to do with the Built-in Security chip does not work!

After struggling with this for three days this is what has happened so far:

I did not uninstall/reinstall CFP - I continued using the original download.
D+ entered all of the TPM related items in Protected Registry;
D+ entered all of the TPM and ThinkVantage related files in Protected Files;
After getting the msg that the firewall was not working properly and sending the additional question “does changing the registry to protect the TPM conflict w/ CFP” I decided to shut it down for the night.

Today, I started the Lenovo Thinkpad and after about a minute I got the msg that a virus or firewall…check to see if the TPM device driver is installed; however, I was able to click OK and the screen “Press ALT_CTRL_DELETE” appeared and I was able to login as usual.

CFP appears to be working properly so far today. Status has green check mark and got msg for network connection which I had not yet set up due to all the other problems. From what I can see CFP seems to be working now that I input the TPM items into the D+ Protected Files & Registry. The scan reported my PC was clean nothing detected - which I was confident it was clean.

I tried to put ThinkVantage into Trusted Vendors but every time I go into it and select read from signed Executables I can’t seem to get beyond that point. Any suggestions on how to get CFP to allow me to put ThinkVantage in there???

Not being a computer expert I may have missed some files or registry items to protect - I don’t know.

I do not have the fingerprint reader - I have the secure login with ThinkVantage Technologies suite and Productivity Center.

Is there anything else I might be able to do to resolve any remaining conflict between CFP and the TPM device driver? Does anyone know what happens when the TPM device driver is uninstalled? I hope this information will save someone else the headache it gave me but at least I think I may have resolved the problem(?). I’ll keep my fingers crossed and knock on wood, anyway! (:AGL)

Day 5 the frustration continues: :o

Day 4: Able to use my computer all day w/o any problems. However, the entire day went w/o reboot. Login after hibernation twice was successful. Work piled up previous three days struggling to get CFP to work w/ embedded security chip; most of the 10 hrs was spent on work. (:s*)

After about three hours able to get the D+ Trusted Software Vendors to accept Lenovo, AVG, and Mozilla. Previously, kept getting msg from CFP “no valid certificate on file”. I suppose keeping CFP in training mode helped? :BNC

Day 5 tried to login – no success.
Could not login using the “last known good configuration” or safe mode. Set Bios to disable security password and security chip - unsuccessful. Unable to restore to previous backup. Continued to get endless loop “checking for embedded security chip”. Nothing resolved the problem. Perhaps adding Lenovo to D+ Trusted Software Vendors confused CFP since I was able to login yesterday and was prevented (by the program) adding vendors at that point? (:SAD)

Called Lenovo tech support; asked why setting Bios to disable for security didn’t work. Explained what was happening – tech walked me through steps I had already completed and verified my PC has issues – be it because of CFP or independent of CFP – they are sending a prepaid label and shipping material to send it in for evaluation and to restore files & folders. Since I could not access Windows I could not uninstall CFP or do anything except get frustrated. ???

It appears that only three of us with an IBM and/or embedded security chip have attempted to install CFP. Since no one has offered help on the issue we are having (and it’s been more than 48 hours) I suspect this is the first CFP folks have been made aware that a problem exists with the software and embedded security chips?

So now we wait to see if Lenovo can solve the mystery as to why there’s a conflict with CFP/embedded security chips. I remain hopeful that tech support can resolve the issue with using the CFP program. Whatever they determine, I’ll let you know so that no one else has to keep wondering if it’ll ever work.

Keep the faith! :THNK

Question… When does CFP actually start using the Defense+ Trusted Applications list???

Does it start using it at windows boot when we are accessing the Built-in security chip? or only after windows has reached desktop???

I believe it starts right when CFP starts up. but I think D+ is active right when cmdagent.exe loads. I could be wrong but I am pretty sure that is how it is…

Should this subject be added to the thread in bug reports: CFP conflict w/ embedded security chip?

This may be a problem with all IBM/Lenovo Thinkpads/laptops. ???

Will CFP prevent the scheduled backup due to the identified embedded security chip issue? Since my scheduled backup is due in Sept (already completed in Aug prior to CFP installation) this problem was not identified, yet.

Configuration writers, please add this to the list of identified conflicts.


Extensively reading this forum while Lenovo evals my PC. Came across the post link below - when I performed searches using variety of words (Lenovo and Thinkpad were the keywords I used) it did not identify this post. Go to page 2, scroll down to fadi’s comment posted June 12, 2008.

Not sure if all problems are exactly identical; reading some of the replies from various experienced CFP users indicates there may be variables at sub levels w/i each OS or programs used.

Previously, I stated I had XP Pro SP2 but I had actually downloaded SP3 about 2 wks prior to CFP download. Also, the post identifies the T series; I have R60.

This solution may not be the fix for everyone. Having recently purchased my Thinkpad which had the newer version of CSS and then downloaded CFP on 8-14 I had the newest versions of both CFP and CSS ThinkVantage.

The post below doesn’t address issue of backups within ThinkVantage/CSS that are now identified.
Thank you to the poster who identified that problem which would not have produced until my scheduled backup was due to perform. Has anyone else had the backup issue w/ CSS & CFP and found a solution?

If solution below works for you then I am so very happy to have found it for you. I remain hopeful that CFP developers can identify the cause of all Thinkpad CSS conflicts and fix them w/i the program. :wink:

The post was started April 2008 and the issues continue to be a problem for Thinkpad PCs

Apparently, the IBM System Update application (which installs the latest IBM software and drivers) was not updating the “Client Security Solution” whenever a new version was available. The old version of this software is the cause of the problem in my case as it was conflicting with newer versions of Comodo. The newer version of Lenovo’s “Client Security Solution” was incompatible with the IBM’s “Rescue and Recovery” software (also an IBM software). This is how I solved the problem:

1- From Control Panel>>Add/Remove Programs:
a. Uninstall IBM’s “Rescue and Recovery”.
b. Uninstall whatever version from IBM’s “Client Security Solution”.
2- Download the latest version of IBM “Client Security Solution” 8.1 from this IBM url:
3- Restarted and everything was working fine.
4- I installed the latest version of Comodo ( and voila… everything is working smoothly. I also witnessed considerable speed-up in Windows log on process.