Network rules deleted!

Hi
I am a long time user of Comodo and love it.

Today I discovered that all my network rules were gone and replaced by a single rule to Allow All !
I have the box ticked to protect Comodos registry keys.
After further research I found that the tool NTREGOPT causes at least part of the problem.

After running NTREGOPT and rebooting, all my newly created netowrk rules had gone and the default rules remained.
This doesnt explain why I had no rules at all this morning but maybe further running of NTREGOPT causes this. I need to investigate further.

NTREGOPT optimises the registry by creating a new registry from all the valid keys in the registry.
The new registry is used when rebooted.
This brings up a few issues.

Firstly, is this expected behaviour? I havent found anyone else with this problem so am wondering if its unique to me or I have been compromised.
I am using NTREGOPT v1.1j, 10/20/2005

Secondly, this looks like a simple way to get round any registry protection.
If malware was do the same thing as NTREGOPT… well the mind boggles!

I appreciate any feedback
many thanks

ps I’m using comodo version 2.4.18.184

Dear Getthings,

I did a google search and found that a link showed a download site for this software contains trojan. One rule for sure is that do not use any software before you are sure it is safe and always download software from official sites or trusted source only. Considering using another free tool from Comodo - the “BOClean” which may give you more protection.

Hope this can help you.

cpfuser
Oct 7

NTREGOPT is a known good tool for Windows registry maintenance. It’s current release version is the same as yours: v1.1j, 10/20/2005. It’s origin site is http://www.larshederer.homepage.t-online.de/erunt/

If you do a google search limiting to site:castlecops.com, you’ll find NTREGOPT and ERUNT as well recommended.

As to malware doing what NTREGOPT does, well, yes some varieties of malware will do things like that. Yes, it is boggling.

An ‘allow all’ sounds like a default state given an absence of rules. To check this, set your rules normally, then use the settings backup script listed at the top of the forums topics page to make a backup. Run NTREGOPT, then make another backup to see if there is any kind of obvious difference in backup files. If there is, then NTREGOPT is most likely the problem. That points a need to work with the Comodo folks on a bug report. If the backup files are the same, then you may need to look for other causes of the problem. At that point, doing a HiJackThis scan might be in order.

Thanks for the replies.
The copy I have should be virus/trojan free (it better be!), it was obtained from Lars hederers site as you recommend.
It has been scanned/monitored using Avast, Spybot, Adaware, SSM, Spyware Guard and Comodos BO Clean.
One of my concerns is whether already installed malware could use the tool or modify its behaviour while being run.

It was quite a shock to find all the rules had gone, luckily I created a backup of them a months before. I dont know how long it had no rules though!
I have been performing a Comodo registry backup/restore when running NTREGOPT since finding this problem.,
I’ll grab the backup tool you mentioned, thanks.

Can Comodos operation be modified in any way to prevent this problem?
If not, I doubt the problem is unique to Comodo but it might be wise to alert Comodo users of the issue.