Problem installing device driver in Windows Vista. Install prevented by Defence

The bug/issue
1. What I did: I plugged in my new camera device into the USB port. Windows Vista proceeded to attempt to install appropriate device driver (Digital Still Camera) Note: this is a Windows device driver, not provided by camera manufacturer.
2. What actually happened: Device driver install failed. Message received “access denied”.
3. What I expected to see: Device driver install successful.
4. How I tried to fix it: Reboot. Re-install camera software. Search Windows & camera manufacturer site. Open issue with camera manufacturer support.
Examine Windows event log. Disable UAC. After discovering an event in Defence+ log, disable Defence+.
5. If its an application compatibility problem have you tried the application fixes here?: Nothing relevant found.
6. Details & exact version of any application (except CIS) involved with download link: Windows Vista, Service Pack 2.
7. Whether you can make the problem happen again, and if so exact steps to make it happen: as described above.
8. Any other information (eg your guess regarding the cause, with reasons): Defeince+ running in “safe mode”. I tried disabling Defence+ and repeated the procedure. Install successful.

Files appended.

  1. Screenshots of Defence+ event log = events.jpg
  2. the Defense+ Active Processes List = to follow
  3. A CIS config file = config.zip
  4. Text entry from Windows event log = canon.txt

Your set-up

  1. CIS version, AV database version & configuration used: CIS version 5.3.181415.1237, no AV database, config attached
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? : No
  5. Defense+, Sandbox, Firewall & AV security levels: D+= Safe Mode, Sandbox= Dislabled, Firewall = Safe Mode, AV = not used
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows Vista, SP2, 32-bit, UAC enabled, administrator.
  7. Other security and utility software installed: AVG v10 virus scan.
  8. Virtual machine used (Please do NOT use Virtual box): No virtual machine.

[attachment deleted by admin]

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Dennis

Hi bill_l

Irrespectively - “wudfvs” is a legit service
Most likely you don’t need it, … but that is a different matter

Sure, you have 2 follow the suggestion by Dennis2 & post proper report in case you are blaming Comodo

Personally I don’t see any issue here
anyway more information is needed
You did not sated neither the system you’r using no the platform , nothing about other security in place … even nothing about Comodo components & their versions that are installed

That is not acceptable when you or any user trying to figure out the cause of a problem

Then, “Access denied” message That is just pathetic message that can be produced either by MS or by the specific Software you are using

Any details ? Do you ave any title bar (at least) stating which Software produce such degenerative message
Microsoft is the one that can do that - no title bar/ no details therefore I called that “degenerative”
So have a look and investigate logged Events . Probably, =you can get more precise information, which possibly can lead to pinpointing the the cause of an issue

Then

Can you tell us why would you were trying Safe Mode? …AND… disabling Defense+
What about just disabling Defense+ or disabling it permanently (System reboot needed) and then testing your camera?

many other questions can follow, but please provide more information here or post it as a “standard Bug Report” suggested by Dennis2

My regards

I have reformatted my report above. The platform was Windows Vista as mentioned. Normally, Defence+ on my machine is running in “Safe Mode” - I didn’t pick that setting; if that is not appropriate, then that may be a bug. I don’t want to pursue it at this time anyway. After I disabled Defence+, the install worked. I agree that the message “Access denied” without any additional information is not very helpful; that did come from the Windows device driver install process.

Actually, from my perspective, my problem is fixed since I can work around the problem. However, I do suspect that I am not the only victim of this problem which is why I am reporting it.

Attaching process list (process.jpg) and screen shot of error (denied.jpg)

[attachment deleted by admin]

Thank you for your Issue report in the required format.

Moved to verified.

Thank you

Dennis

When the driver for the camera got installed did you get alerts from D+ about services.exe wanting to modify certain registry keys?

Can you see if there are blocked registry keys or folders in the rule for services.exe in D+? Look up the rule in Computer Security Policy → Defense + Rules → edit it → Customise → click on the Modify link behind Protected Registry keys → look under the Blocked tab. See attached image.

Do you see blocked registry keys?

[attachment deleted by admin]

I did not see any messages about blocked registry keys (or anything else) from D+.

I see HKLM\SYSTEM\ControlSet001\Services\wudfsvc under blocked keys for application name %windir%\system32\services.exe. That is the only blocked key which appears. I noticed before I clicked on Modify that “Ask” is checked on the line associated with Protected Registry Keys for this program.

The HKLM\SYSTEM\ControlSet001\Services\wudfsvc should not be in the Blocked Keys of services.exe; by default there are no blocked keys for services.exe.

Wudfsvc stands Windows User-mode Driver Framework Service. I think it is needed when installing drivers. Remove the registry keys from the blocked keys tab of services.exe.

Then try installing the device driver again. Does that fix it for you?

Yes, that fixed the reported problem. When Windows went to install the driver, I was asked about the registry key update and, after I said OK, then the driver installed correctly.

This change also fixed another Windows problem related to device drivers that I had been seeing. Previously, Windows tried to reinstall the driver every time I connected the camera. Now, once the driver is installed, Windows won’t try to reinstall the driver. The changed behaviour makes more sense. However, because of this, I had to explicitly uninstall the driver for the camera to confirm that the update to the protected registry keys fixed the original problem. Previously, just unplugging and replugging the camera would have been enough to force the driver install and cause the related “access denied” error message.

Thank you for your assistance. Unless you need any other information from me, this issue has been resolved.

Glad the issue got fixed for you.

When installing a new driver there will almost always be alerts from services.exe when Windows is creating a service. When those alerts are blocked by the user then problems like this occur.

It shows both the strength and weakness of a HIPS like D+. It monitors a lot but depends on user interaction giving highly technical questions to the user.

Hi bill_l,
I was sure you would get a good assistance here
Just a short note re: “Safe mode” - my bad - I was under impression that you were talking about “PC Safe Mode” the way the sentence sounded. My apology :wink:
Cheers!