Question: Does Comodo modify Windows system files?

Hello I’m new to the forums:

I recently reported a bug where Comodo Firewall/Defense+ 4.0 (free version) caused a program to fail with the error: “[program] is not compatible with NT 4.0”

Because disabling Comodo had no effect on the issue - I had to completely uninstall it - I am concerned about whether Comodo is changing or replacing system files. Does anyone know?

I have Windows 7 Ultimate x64, and I realize KPP should prevent any direct modification of the kernel. However, there are ways around this and I would simply like to know what Comodo could possibly be doing to affect the execution of my software while Defense is off ??? I am worried b/c I suspect it of tampering with a couple other programs, and have been considering implementing the full version in a business environment and don’t want any problems.

There’s no full vesrion: the paid one only adds paid support.

In the thread you are refering to, an old game seems to originate the failure (not so serious whhen speaking of business…).

I don’t see in what way Comodo modifies system files, altough it definitely add some and modifies registry writings.

The “NT 4.0” message is quite strange, as it refers not even to Windows 2000, but to Windows NT itself.

The issue could be related to the game’s installation routine itself, which you didn’t detail: e.g, an old msi setup could be the culprit, or maybe also defense+ is set as not to allow compatibility modes requests to the system.

The problem in this last event could be related with CIS V4 largely acting by default from preset parameters, and thus not asking you the appropriate questions, and could maybe, if so, be solved either in making V4 act like V3 in interactive mode as described in this forum (systematically asking), either make a try with V3 itself.

Hello Brucine,

Thanks for your reply. Let me be more specific. I am a member of the repair team in a computer store, and we tend to keep a lot of old (but useful) utilities around (e.g. Winternals, Partition repair tools, etc). I’ve used comodo personally for some years.

The game? Not at all, but old is the key. A lot of these tools require compatibility shims made by us from ACT to function properly, and because of the potential for damage when running, lets say a partition recovery tool or hunting down rootkits manually, it’s not something you want another program to ■■■■■ up.

Also we (for obvious reasons) have to access damaged/malware stricken systems offline on other systems, we are concerned about malware - worms specifically - using our network as a thoroughfare. Suffice to say our last firewall didn’t cut it, and we’re using virtual machines and looking into a firewall that does a better job with internal security. We’re using one now that I hate even more and have pinpointed as a common cause of kernel crashes on customers’ computers. I’ve used comodo for years and am making suggesting to the powers that we that we switch to it instead. The problem is I’d be responsible for managing and configuring it.

Nah, it’s Comodo - not a problem with the program and not user error. I added the file (installshield btw) to the safe list, renamed the guardxx.dll, deactivated D+, disabled the sandbox and it was a no show until I removed CIS entirely. And it wasn’t just 10 year old flight sims :), but multimedia and hard disk tools that did not work until CIS was uninstalled. I reported these in the bug forum.

Soo, on to my point; I’d simply like to know what the interaction is between the driver and compatibility modes. I don’t know if those are trade secrets, but it’s an important question for me for the reasons stated above. As far as my personal use goes, I’m confident the issues are widespread enough that you guys are aware and will patch them up. I’ve been a comodo user for years, have had little problems before like in any software, and have stuck with it.

As far as business use is concerned, it’s important that I be able to predict it’s effect on other tools so that I’m not constantly debugging program dumps ;D

To see if D+ is interfering you need to permanently disable D+ (requires a reboot). Moving down the slider does not fully disable it. To permanently disable D+ go to Defense + → Advanced → Defense + Behaviour Settings.

What programs are running into problems when using CIS v4? What program is giving the NT4 warning; it looks like it gets limited by the sandbox at first sight.

When programs or CIS crashes please consider making separate topics for each one of them in the bug board following IMPORTANT: HOW TO SUBMIT BUGS (read this if you want them fixed).

For programs running into compatibility problems but are not crashing could you consider adding them to COMODO Internet Security 4 and Application Incompatibility Problems Reporting? That would greatly help Comodo.

It is said elsewhere that the problem is not relevant to a specific program, but would be a general guard64.dll bug when running whatever program under compatibility mode in Vista or Seven.

Even though it is said to be a general problem with guardxx.dll it still will help the devs to know what applications are causing the problems. There may be multiple problems with that .dll file. So not every program will trigger all problems.

Because of that I still suggest to submit the bugs.