Killing BO Clean in Task Manager

I can kill BO Clean in TM. I had this before but was able to protect it with the Comodo firewall but it seems to lose protection when the firewall updates.

OK I found out how to protect it again in my other thread,4th post down at https://forums.comodo.com/help_for_v3/firewall_terminated-t20801.0.html

But I still do not know why BO Clean is not keeping its protected state under Comodo

With Comodo uninstalled and no traces of Comodo left you should not be able to kill BOClean. Comodo has no effect in that. I have BOClean and cannot kill BOTH processes via the taskmamanger. Something is screwy with your system. I cannot kill Comodo either.

What might it be Should I reinstall BO Clean

Yes and do a complete uninstall. Use Revo Uninstaller.

???
after reading this topic, i tried to kill BOC426.exe & BOcore from task manager,and i can do it.
tried to uninstall (using revo uninstaller-advanced),reinstall BOC4.26,i still can kill it from task manager ???

I cannot kill it. So I don’t understand why others can. Maybe its the way you installed it? Can you kill both proceeses?

yes. both BOC426.exe & the BOCore. i was installed BOC4.26 on normal mode (not safe mode), does it make any difference? (on normal mode, with antivir & CFP3 shut down).

Why shutdown Avira and Comodo just to install BOClean. I never do that.

shut down CFP to avoid Defense+ pop up message (yeah, i know about installation mode 88) , but since i was doing nothing & not connected to network, i shut it down), shut down avira coz…errr i just wanna see the umbrella closed (:TNG)

well, it still didn’t solve this problem
http://img03.picoodle.com/img/img03/4/4/29/f_lookdownherm_da98df3.gif

why it’s so easily killed?
furthermore, once i tried to activate BOC again (by clicking from start menu), there was no more BOCore in task manager list.i only saw BOC426.exe ??? what exactly BOCore is btw?

Hi Ganda :slight_smile:

BOCore.exe is the program, while BOC426.EXE is the GUI ( = Graphical User Interface ).

Greetz, Red.

??? then i only had the GUI running? :o
nevermind, i already uninstalled it. i’m on peace of mind phase right now :a0 , i only have CFP3 & avast 4.8 running.
i hope david banner has his problem resolved (:WAV)

Explanations are OK on the other stuff … sorry … I thought this was already in the FAQ’s as this has come up many times before. In the OLD days, prior to COMODO, BOClean had a protection mechanism in place. It was removed prior to coming over to COMODO because when it was Nancy and I, we recommended “Process Guard” to those who were concerned about it who weren’t already using PG. PG was well known and well used at the time to prevent such an occurrance.

Reasonable question to ask though why we don’t prevent shutdown, and this might be educational into an issue that is occurring more and more frequently as folks load up their machines with too many “security programs” and then wonder why some of them don’t work the way they should. It was THIS issue which caused us to remove our own protection as “diminishing returns” occurred and doing so actually put people at RISK!

“Termination protection” requires doing something that’s not nice … AND slows down the system significantly each and every time a program does this … “HOOKING THE KERNEL” … the more programs that do this, the more the system gets bogged down. AND … there’s only a total of EIGHT hooks available before there are no more to be had!

Protecting a program requires inserting a hook, and then patching the kernel to redirect any and all calls to a function called “TerminateProcess()” to the hook. In doing so, the system is completely suspended during this “sidetrip” awaiting the hook to process the call, decide what it wants to do after reading the item to be terminated, and then deciding whether to allow the kernel to do the termination or remove the instruction and revert control to the kernel after removing the call.

Process Guard already did this, so does the COMODO firewall. Now PG isn’t all it used to be when it was “top drawer” but COMODO firewall is … “don’t dial out without it” … so now that we’re with COMODO, the solution to this issue is to protect BOClean within the firewall and it cannot be terminated. DOWNSIDE of course is that if you need to uninstall it, you also have to remove it from the firewall first unless you are certain that you’ve manually shut down BOClean before uninstalling.

But that limit of the number of hooks, the horrible expense of placing ANY (not to mention more than one) on system performance, the answer is simple if this is a concern … use our firewall to protect BOClean and all’s well. But the NINTH kernel hook and any more beyond that WILL fail, and we didn’t want to interfere with other “security programs” by being “yet another pig at the trough.” :frowning:

That’s why …