Random BSOD's in Comodo Free Firewall

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

RANDOM BSOD’s IN COMODO FREE FIREWALL
Can you reproduce the problem & if so how reliably?:
I can reproduce the bug about 8 out of 10 times.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Using RT7Lite x64 - old slipstream program to patch 64 bit Windows OS Install DVD’s
OR
2: Using NTLite x64 - a newer slipstream program to patch 64 bit Windows OS Install DVD’s
AND
3: a) Comodo Firewall is running, or b) If I Exit Comodo - that leaves cavwp.exe and cmdagent.exe running in memory
One or two sentences explaining what actually happened:
These slipstream programs are heavy CPU/DISK usage. They update multiple Gigabytes of 64 bit data and it usually take an hour to complete on my I5 3.2 Ghz PC. Random BSOD’s mostly different, but “BAD POOL HEADER” is a common error. I suspected bad memory, but tested it with microsoft memory tester, then memtest86+ (latest version) and it tested clean.
Once I uninstalled comodo firewall the problem went away. Then I did the slipstream process about 8 times more with no BSOD’s.
One or two sentences explaining what you expected to happen:
Check cavwp.exe and cmdagent.exe module for memory leaks and/or 64 bit compatibility issues.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
?
Any software except CIS/OS involved? If so - name, & exact version:
NTLite 1.9.0.7455 64 bit and also rt_7_lite_win7_x64_sp1.exe 2.6.0.0, processing Win7x64 DVD install files.
Any other information, eg your guess at the cause, how you tried to fix it etc:
My guess is: A possible memory leak or 64 bit compatibility issue in comodo processes, that’s triggered by the
multi-gigabyte FILE, MEMORY, and CPU operations done with these slipstream programs.

B. YOUR SETUP
Exact CIS version & configuration:
Comodo Free Firewall 1.2.2.7036 - other comodo addons - disabled no dragon browser, etc.
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
HIPS [Safe Mode], Firewall [Safe Mode], VirusScope [Enabled], Website Filtering [Enabled],
Have you made any other changes to the default config? (egs here.):
Device control [Enabled] - Filter USB storage devices.
HIPS [Enable] - Adaptive mode under low system resources.
Have you updated (without uninstall) from CIS 5, 6 or 7?:
no, in-fact this problem continued to follow me after doing a clean install of windows, then installing Comodo Firewall again.
if so, have you tried a a a clean reinstall - if not please do?:
Yes, Clean install with default settings.
Have you imported a config from a previous version of CIS:
No
if so, have you tried a standard config - if not please do:

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win7x64 SP1 with latest patches installed, I5 processor, Z97 chipset - only 4 GB Ram - UAC untouched- - Admin - no V.Machine used.
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=Microsoft Security Essentials - RealTime protection disabled for testing against BSOD’s. It didn’t cause any issues or use CPU.
b=

On Mon 6/1/2020 1:15:52 AM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\060120-16208-01.dmp
This was probably caused by the following module: cmdguard.sys (cmdguard+0x2E140)
Bugcheck code: 0x19 (0x20, 0xFFFFFA8008AAFBE0, 0xFFFFFA8008AAFE40, 0x4260034)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\cmdguard.sys
product: COMODO Internet Security Sandbox Driver
company: COMODO
description: COMODO Internet Security Sandbox Driver
Bug check description: This indicates that a pool header is corrupt.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver. This problem might also be caused because of overheating (thermal issue).
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: cmdguard.sys (COMODO Internet Security Sandbox Driver, COMODO).
Google query: cmdguard.sys COMODO BAD_POOL_HEADER

I changed the all caps title to normal case. Eric

2

Thanks for detailed report, but you need to provide the bigger full memory dump as the minidump won’t contain enough information to fix it. Make sure your system is set to create a kernel memory dump and you have enough disk space for it to be created.

3

You’re Welcome and thanks for Comodo Firewall. I really like it :slight_smile:

I can’t attach the full memory dump file. It’s 166 MB zipped and 643 MB uncompressed. I don’t know if I can even send that as an email attachment. If you have a http link that I can upload it to that will accept that size of attachment, I’ll be glad to do that.

4

Just upload it to a file sharing site or if you have a google or MS account, google drive or onedrive, otherwise zippyshare is a good host and then share the download link. Also is virusscope set to monitor all applications or just ones running in containment? I wonder if it has to do with excess amount of activities it is logging when set to monitor all applications that causes the issue.

5

VirusScope is [enabled] to - monitor only the applications in the container. I have not created a container, and auto-containment is [default] disabled.

Attaching the exported active configuration file for Comodo Firewall Free.

Note the PC only has 4GB RAM. And it typically consumes 40-60% of RAM during the slipstream process. The CPU is
at 30-50% utilization of cores on average.

temp link to Memory Dump file:
https://www.dropbox.com/s/5dkva61wopaqp9j/MEMORY.zip

6

Hello indigo69,

Thank you for reporting.We will check this issue.
Could you please check your inbox via PM and share us the requested logs for further analysis of the issue.

Have a nice day!
PD

7

Hi Dharshu,

I replied to your PM, … all the information requested is posted in this thread above.

Thanks and have a great day!

8

Hello indigo69,

Thank you for your great effort :-TU for providing the requested memory dumps.
I have forwarded your dumps to my CIS dev team for further analysis of the issue.

Have a nice day!
PD

9

Hi Dharshu,

I have a newer Memory Dump available if that will help. I got 2 more BSOD’s installing patches for an older version of
Visual Studio 32 bit application, on 2 separate occasions. I had to uninstall the latest release of Comodo Firewall to install those patches. So I’m not sure this is related to a 64 bit OS compatibility issue anymore.

Have a great day!

10

Please check with 12.2.2.7062 thank you.