problem with defense+ and disabling

hey all,
im running comodo firewall 4.1.150349.920 on a win7 ult 64bit machine with 4gb of memory. everything has been runnign great for awhile. i run bitdefender AV 2010 with superantispyware. firewall, defense+, and sandbox modes are on. i’ve always been fuzzy about defense+ and i know it is great to have but it seems to block a number of things i do want to run, but usually i can add the folder/files to “my own safe files” and be ok.

i bought transformers: war for cybertron for pc yesterday and for some reason it will not run at all. i can install the game fine, but when i launch the game, i see the “loading” splash screen and twfc.exe in task manager, then they will both disappear. seems like something is killing the exe or preventing it from running. look at my two attachments:
defense.settings.jpg
sandbox.settings.jpg

i also add “activision publishing” to “my trusted software vendors” by finding the signed twfc.exe file.

i think its defense +, so i goto defense+, advanced, defense+ settings and drop the bar to “disabled” then click ok. i then goto sandbox and disable it as well. i try to run the game again and it does the SAME thing. grr…

so this time i goto defense+, advanced, defense+ settings, and ENABLE the “Deactivate the Defense+ permanently(requires a system restart)” option. after a reboot, i try to run the game and it works fine.
see attachment:
defense.work.jpg

so it seems like defense+ has to be completely disabled for me to run this game, which is odd to me. i never got any popups from defense+ about twfc.exe. i installed the game on my winxp computer and when i launch it, defense+ gives me a popup about shellcode injection, which i didn’t get on my win7 laptop. i can “terminate” or “skip” and it will NOT work on my desktop. the only way to get this game to work on either PC is to completely disable and turn off defense+. im not sure why tho.

on my win7 64bit laptop, i tried to add twfc.exe to “my own safe files” but the file listing is missing my “Program Files (x86)” folder completely. i know the folder exists, there are tons of folders/files in “C:\Program Files (x86).” i looked at the ntfs permissions to “C:\Program Files (x86)” and users have READ permissions. there are a few other accounts in there but everyone should be at least to read in “C:\Program Files (x86)”

twfc.exe is located in ““C:\Program Files (x86)\Transformers\Binaries””
see attachment: missingfolder.jpg

so here are my questions:

  1. why does the “disable” setting with the slide bar in defense+ act different from the “Deactivate the Defense+ permanently(requires a system restart)”? are they supposed to act differently? or what exactly is the difference?

  2. under what security context/account does defense+ use to enumerate the list of folders/files on my computer? why can’t i even SEE the “C:\Program Files (x86)” folder?

[attachment deleted by admin]

To totally disable D+ it is needed to use “Deactivate the Defense+ permanently(requires a system restart)” . I don’t know where the difference is between the two ways of disabling.

i installed the game on my winxp computer and when i launch it, defense+ gives me a popup about shellcode injection, which i didn't get on my win7 laptop. i can "terminate" or "skip" and it will NOT work on my desktop.
Try adding the game to the exceptions of the BO detector. Go to Defense + --> Advanced --> Image Execution Settings --> now push the Exclusions button behind "Detect Shellcode injections (i.e. Buffer overflow protection) " and add the executable to the list.
the only way to get this game to work on either PC is to completely disable and turn off defense+. im not sure why tho.
What copyright protection is being used by this game?
on my win7 64bit laptop, i tried to add twfc.exe to "my own safe files" but the file listing is missing my "Program Files (x86)" folder completely. i know the folder exists, there are tons of folders/files in "C:\Program Files (x86)\." i looked at the ntfs permissions to "C:\Program Files (x86)" and users have READ permissions. there are a few other accounts in there but everyone should be at least to read in "C:\Program Files (x86)"

twfc.exe is located in ““C:\Program Files (x86)\Transformers\Binaries””
see attachment: missingfolder.jpg

Go to Control Panel → Folder Options → View → now choose to “Show hidden files, folders and drives” and untick "Hide protected operating system files (Recommended).These two measures will make sure you will all files and folders.

so here are my questions: 1) why does the "disable" setting with the slide bar in defense+ act different from the "Deactivate the Defense+ permanently(requires a system restart)"? are they supposed to act differently? or what exactly is the difference?
  1. under what security context/account does defense+ use to enumerate the list of folders/files on my computer? why can’t i even SEE the “C:\Program Files (x86)” folder?
See my reactions in the above.

hey ericjh,
thanks for ur reply.

  1. yeah i wish i knew what the difference between the two ways of disabling. but it appears that totally disabling d+ with the “Deactivate the Defense+ permanently(requires a system restart)” option is the correct method. the “disable” with the lil scroll bar doesn’t seem to perform the same action.

  2. i tried to add the game to the exceptions of the BO protection detector, but “C:\Program Files (x86)” isn’t listed. which brings up the

  3. i believe the game uses securerom but im not 100% sure.

  4. i already have all those options enabled. i can view EVERYTHING in windows explorer without a problem, hidden files and what not. thats how i know they exist lol. the problem seems that comodo doesn’t see it. i looked at the ntfs permissions and it seems like ‘trustedinstaller’ was the owner, so i took owner ship and pretty much gave read access to everyone. now when i go into the comodo BO protector exclusions, i can see the “C:\Program Files (x86)” folder but for some reason its not in alphabetical order. “C:\Program Files (x86)” is listed WAY at the bottom, when it should be right under “c:\program files” im not sure why its all the way at the end. now i dont remember looking at the BOTTOM of the list when i wrote this initial post, so it could be possible that it was there and that i didn’t see it at the bottom. or my recent ntfs changes did in fact make a difference and now comodo can see the folder structure. i can’t revert back my changes now with the ntfs permissions, cuz i dont remember the exact permissions prior to the change.

win7 is a lil different in that trustedinstaller has ben leveraged to increase security. im assuming comodo has to use some security context to list the file/folder structures. im assuming it would be using my account like or “localservice”. sux now cuz i wish i could see what the default permissions were lol

i’ll re-enable d+ and try the BO protection exclusions thing. but i can’t right now cuz i can’t reboot hehe.

if it doesn’t work, what are my other options? keep d+ completely disabled?

Let’s start with this and how it works out. No need to jump to conclusions before hand…:wink: