Not sure if this a Comodo issue or not but my problem started after Comodo popped up this AM. defense saying I had about 12 new files for review. Opened up the pending file window and saw 4 files that didn’t ring a bell. The others were from an update from AVG last night. I next selected all the files and hit purge to see what happened (maybe this is the wrong selection at this time) and instantly a small window popped up saying these 4 files were invalid and did I want to del. I foolishly said yes as Comodo have never let me down in the past. All appeared to be OK and I closed the Comodo window. At this time I was log into my normal account and things seemed to be working OK but shortly afterwards I needed to log-on to the ADMIN account. ADMIN started to load but part way in, the whole machine locked up. Had to remove power to get back control. On booting the machine locked up and had to removed power again. Was able to get booted into my normal account by using restore and restored from a saved point from last night. Was again able to log on to my normal account but again when I tried to log into the ADMIN account, locked up again.
Don’t log on the ADMIN account daily but the last time, earlier this past week, all was OK.
I’m at the point I’m trying to recover the files Comodo removed but not sure how to at this point. I use SyncBack to make bkps every night but that pgm is run from the ADMIN account. I have other means to restore files but since I don’t know the complete file/path name for the files removed by Comodo, I don’t know where to start. Yep, I tried using an undelete prgm but it found 1700+ possibilities. Good luck in trying to find that needle.
Anyone ever have a similar problem? Could Comodo have been wrong in reporting the files as being not valid? And, is there a way to find out what the file names/path were?
Need to add a clarification. the ADMIN mentioned in the original post it not top level Win admin but a user account admin = HP_admin.
The “other” files in the “my pending files” were various AVG update files and they were moved to the “my safe files” area.
The window saying the 4 files were not valid is something new I’ve never seen before. This window didn’t pop up until after I hit the purge button, and it specifically said files were not valid and asked whether to DELETE not remove or move.
You could be right about this not being part of Comodo but seems strange a new action showed up for first time and a couple mins later the computer locks up when trying to log on to another account. Since the initial post I did another restore, moving back a couple more days and still the same action. Any attempt to log on to the ADMIN account results in locked up computer. This still leave me thinking the deletion of these 4 files has had something to do with the problem. Won’t know until I can learn more about the not valid file window.
Do want to thank you for your replay. Maybe this additional information can help.
The pending file list is meant to be used with D+ cleanpc mode in order to let D+ alert about new files.
The actual files are untouched and pending list actually list only filenames and paths.
Cleanpc mode is meant to have D+ learn all applications not listed in pending list in the assumption the user can guarantee those unlisted apps are trusted (eventually using the lookup button in pending list to only remove safe apps) and is usually used soon after CFP/CIS installation to let D+ create the necessary policies for all existing apps without any alert.
Switching D+ to Safe mode will not automatically fill pendnig list.
Regarding that HP_admin admin issue, provided that a system restore should be able to revert previously made changes, I guess it would prove useful to uninstall CFP/CIS to eventually confirm the issue was casused by a software conflict or a miscofiguration.
Thanks gibran for your response. I think I’m following your comments. The reason I questioned Comodo action was it was the first time I’ve noted the not valid window pop up. Since I’d not seen it before and only saw it for a brief moment, I wasn’t sure what took place other than I replied YES. You are correct there was an assumption that the failure to the user ADMIN account was due to the close association in time between the two actions. That is the reason I asked, trying to get a better understanding of how Comodo works.
Being somewhat new to the defense + setting, what it the proper order to use the various button functions? It isn’t clear to me from reading the help file.
Several restores to prior dates has not restored the ability to log onto the ADMIN account. The issue I face there is, it is an admin account and one prgm executed from there can no longer be accessed. The prgm is SyncBack a backup prgm. I have a number of profiles associated with the prgm for backing up various files and all these profiles are associated with the ADMIN account I no longer can get access to. That is at the heart of my problem.
If CIS/CFP is even indirectly linked to that issue then uninstalling CFP/CIS should solve that.
Pending file list is now designed to be used along with CleanPC mode. IMHO CleanPC mode should be used only for a limited time frame in order to have CIS/CFP create policies for all installed apps. After few days it would be better to use D+ Safe mode.
As for pending list itself the first steps would be to use Purge, then Lookup (online updated safelist) + automatic submission of unknown applications (if safe they will be added to the online safelist). This will remove all deleted and safe files from the pending list and will leave only a list of unknown apps.
D+ CleanPC mode will show alerts for all application listed in Pending file list. So the user is supposed to remove those files only if he can guarantee them to be safe.
If a malicious file is listed in pending file list and an user remove it from the list using the remove button then D+ CleanPC mode will automatically learn that application even if malicious.
It is possible to use pending list in D+ safe mode only to manually add new applications and use the lookup function to update D+ safelist database in case that application was not added to D+ safelist when CIS/CFP was released.
Since pending list files will not be automatically removed after a lookup until the file is confirmed to be safe (or is already marked as safe by the current Safelist DB) it is possible to use pending list in D+ Safe mode to upload unknown executables and periodically check if Comodo added these files to the online safelist.
Thanks gibran for the order to use the buttons on the pending files list. That is how I’ve done it in the past but wasn’t sure if that was the proper/best order.
Have moved the defense + to the safe mode. Think this issue is now closed but I’m still left with trying to figure out why I can no longer log on to the other user account.