Resources for bug reporters

[ol]- Making a screenshot

How to find crashdumps in Windows XP
In order to confirm that Dr.Watson MS Crashdump utility is enabled run drwtsn32 -i

Windows XP uploads the crash logs to Microsoft but does not save a local copy. You need to enable this option running a file contained in Windows Error

If some application crashed and you think it is related to CFP please run drwtsn32.exe without any options or switches and look for a crash dump in the path listed in Dr.Watson dialog (Make sure it was created at the time the crash happened) please confirm that Dump symbol table, Dump all thread contexts, Append to existing log file and Create crash dump file checkboxes are enabled. “Create crash dump file” checkbox is the most important option to enable.

How to find crashdumps in Windows Vista
Windows Vista uploads the crash logs to Microsoft but does not save a local copy. You need to enable this option running a file contained in Windows Error
You need to uncompress Windows Error and then run Windows Error Reporting.reg

NOTE: in some cases you will only see the name Windows Error Reporting without the .zip or .reg part . You can right click and coose Properties to confirm the filetype.

When an application crashes you can find the required crash informations in %LOCALAPPDATA%\Microsoft\Windows\WER\ReportQueue

Just paste that bolded text in explorer and hit go

Be sure to include the following files in a compressed zip file:

This is the most important file. It contains the crash dump that can be opened inside Visual Studio or other Windows debuggers.

Contains the operating system version and other hardware information.

Lists all of the DLLs loaded at the time of the crash with their version information.

If the windows error reporting (WER) dialog for the crash is still open
Do not answer the dialog (the devs have said that the info may not be valid if collected on second or subsequent dialogs). Go to Advanced Tasks ~ Monitor Activity and open Killswitch. Find the process that WER is saying has crashed or hung and right click to take a full dump.

If not you may be lucky and find the dump file (it will probably be a small dump file), zipped up with other files in:

Just type the strings above into Windows explorer and hit to see if they are there. You can append the whole zip file.

Failing that, or if the WER dialog is not open and you want a full dump file
(which the devs prefer) you need to set up local crash dump collection using the appended .reg file, and await another crash.

To do this just
a) make a restore point (not really needed but better to be safe)
b) download the appended file
c) extract it
d) double click on the .reg file on it
e) say OK when you get the usual warning regarding changes to the registry.

From then on you will find your dump files, as .dmp files, in:


Just type the string above into the explorer address bar and press enter.

[attachment deleted by admin]

In Win7/8 & or Vista:
CIS 5.x
Navigate to Defense plus ~ Computer Security Policy ~ Defense plus rules. Then select the CIS group. Choose Edit ~ Customise ~ Protection settings ~ Interprocess memory access ~ Modify ~ allowed applications ~ add taskmgr.exe. Save/apply all settings. Invoke the task manager using and right click on the process, then select “create dump”. (In win 8 you’ll need to choose ‘more details’ first). You’ll need to zip the resulting file, and upload it to the Cloud, as it will be large.

CIS 6.x
Navigate to Advanced tasks ~ Watch activity and open Killswitch. Do not attempt a dump of cmdagent. Right click on any other CIS process. Choose to create a full dump. You’ll need to zip the resulting file and upload it to the Cloud, as it will be large,

In Windows XP
CIS 5.x
1. Install the latest version of process explorer and allow it in memory access to CIS
Download Process Explorer from here. Install and run it. Navigate to Defense plus ~ Computer Security Policy ~ Defense plus rules. Then select the CIS group. Choose Edit ~ Customise ~ Protection settings ~ Interprocess memory access ~ Modify ~ allowed applications ~ add procexp.exe. Save/apply all settings

2. Make the hang dump
When the hang/freeze occurs open process explorer and right click on cfp.exe and cmdagent.exe, choosing to create a mini memory dump. Zip this file before uploading it to the forum please.

CIS 6.x

Please follow instructions for Win 7/Vista

You’ll find these in the following directory:


Vista and later

What to do
Don’t be confused by the % signs. Just type this path exactly as above into Windows Exlorer, or any windows file selection dialog box and you will go to the right place.

There should be zipped and unzipped versions of the crash file. The zipped version is the one you want and should be named after the file that crashed eg,

You will probably have been prompted to submit a crash dump by email - this has not been working for a long time at time of posting 1 November 2011

The unzipped file name is crash.dmp, and it is created by Comodo crashrep.exe, not Drwtsn.exe.

Normally you will find:

  • A full dump in a file called Memory.dmp (a ‘full dump’) your %SystemRoot% directory, normally C:\Windows
  • A minidump in a file called .dmp or minidump.dmp in your %SystemRoot%\Minidump directory normally C:\Windows\Minidump

Check the time and date of the dump file against the incident you wish to report. If you have both a full and a minidump with the correct time and date, use the full dump if it’s not of inconvenient size. (Dump files shrink significantly when zipped, but full dumps are still normally better posted in the cloud with a link in the forum).

To access %SystemRoot% just type it into a Windows explorer address bar and hit

If there’s no dump in either of the locations please follow the more detailed guidance below:

The following guidance was compiled by Gibran, and has been reposted with edits by Mouse.

Setting up your machine to help you record BSOD error messages

Setting up your machine to record minidumps or fulldumps;topic=6747.0;attach=3542;image;topic=13169.0;attach=7517;image

Find your minidumps or full dumps
Paste the Small or Full dump directory string you found in Startup and Recovery Dialog (eg. %SystemRoot%\Minidump) in explorer and hit go;topic=13169.0;attach=7523;image

NOTE: According to Microsoft, there are several reasons why the Memory.dmp file is not being created when your computer encounters a STOP message:

Virtual machine software allows you to run a virtual computer, running any operating system, in a window on your normal computer. The virtual computer is called a virtual machine.

It can be very helpful to install CIS on a virtual machine and use it to test CIS. The advantages are:

  • You can test CIS in a standard environment, and so determine what bugs are inherent to CIS and what issues are the result of interaction with other software
  • If testing a beta version of CIS you can test without much risk to your production machine, and without much risk to your main machine’s security
  • You can create a dedicated testing enviroment with all the tools at hand you need to test CIS

If you do please do NOT use VirtualBox as CIS does not work reliably when VirtualBox is installed. A free alternative is Vmware player. Vmware workstation works well too but is not free. You need to exclude the Vmware progrm directory from shellcode injections under D+ settings ~ Execution control ~ Exclusions.

Brief tips: I’ve installed mine on a XP machine with 3 GB of accessible memory & it runs OK - installation was smooth though - when creation of the Windows virtual machine is included - slow. You must start with a licensed version of Windows with a licence key - the key may be on the back of your computer or your OS disk. I find you need at least 10Gb of free disk space per Windows Virtual machine, if you include .NET, but its wiser to set a higher limit to the size of a given virtual machine when installing it. It’s important to keep the virtual disk file (the largest file) defragmented, and don’t use the sequence in the virtual machine.


Cloud disabled
Heuristics Medium or High

Any level apart from ‘safe’
Removed any preset rules
Added any global rules or safe zones manually
Not using Comodo DNS servers
TrustConnect set to encrypt all public connections

‘Block all unknown requests if the application is closed’ ticked.
Enhanced mode turned on or off
Any level apart from safe
Any preset (eg operating system or CIS) rules deleted

File rating
Trusted Software Vendors list deleted
Cloud disabled

Behavior Blocker
Registry hack in place to virtualise unrecognised files
‘Treat unrecognised files as’ changed
Detect installers off
Heuristics Off
Shellcode off

Do not virtualise access to files unticked
Do not virtualise access to registry keys ticked and keys defined

We ask for the the information in the bug reports because it helps developers fix bugs quickly. This is particularly important for free software, as the development teams a usually small.

To fix a bug quickly and efficiently developers need to:

  • Understand. Understand precisely what is happening and why you think it’s a problem
  • Replicate. Be able to make the bug/issue happen themselves, so they can fully diagnose it and tell when it is fixed
  • Find info. Have all the information in a standard format so they can find any specific peice of information quickly

Here’s why we ask for the information we do in specific sections of the bug report.

The bug/issue
This section is mainly about helping the developer to understand what is happening and why the user thinks it is a problem. One question asks whether the user can make the bug happen again - this helps the developers reproduce the issue on their computers.

A. THE BUG/ISSUE (Varies from issue to issue) [ol]- [b]Summary - Give a clear summary in the topic subject, NOT here.[/b] - [b]Can U reproduce the problem & if so how reliably?[/b]: ? - [b]If U can, exact steps to reproduce. If not, exactly what U did & what happened[/b]: [b]1:[/b]? [b]2:[/b]? [b]3:[/b]? - [b]If not obvious, what U expected to happen[/b]: ? - [b]If a software compatibility problem have U tried the conflict FAQ?[/b]: ? - [b]Any software except CIS/OS involved? If so - name, & exact version[/b]: ? - [b]Any other information, eg your guess at the cause, how U tried to fix it etc[/b]: ? [/ol]

Your set-up
This section is mainly about helping the developers to reproduce the problem on their computers. Users often think that bugs they experience are happening to everyone using the sofware. In fact most bugs occur only:

  • in a specific CIS version or with specific CIS settings
  • in conjunction with other security or utility software
  • on specific operating systems or with specific OS settings
    So developers really do need to know ALL this information if they are to reproduce a bug.
B. YOUR SETUP [ol]- [b]Exact CIS version & configuration[/b]: ? - [b]Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV[/b]: ? - [b]Have U made any other changes to the default config? (egs here.)[/b]: ? - [b]Have U updated (without uninstall) from CIS 5 or CIS6?[/b]: ? [li][b]if so, have U tried a a clean reinstall - if not please do?[/b]: ? [/li]- [b]Have U imported a config from a previous version of CIS[/b]: ? [li][b]if so, have U tried a standard config - if not please do[/b]: ? [/li]- [b]OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used[/b]: ? - [b]Other security/s'box software a) currently installed b) installed since OS, including initial trial security software included with system[/b]: a=? b=? [/ol]

Appended files
These serve to illustrate or add information to the above sections.

  • Screenshots are often worth a thousand words in helping devs to understand a bug.
  • The Killswitch Process List shows what software your machine is running, and how CIS may be restricting it
  • Random BSODS, crashes & hangs cannot be diagnosed at all without dump files
  • CIS configuration files make it easy to give detailed information about settings to devs.
C. ATTACH REQUIRED FILES [ol][li][b]Always attach - [url=]Diagnostics file[/url], Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m'ware)[/b]

Application crash dump files can be created by CIS or by the operating system - you can tell which by whether the message informing you of the crash is a Windows or an CIS message. OS crash dumps are always created by the operating system. Hang dumps have to be specially requested using the OS or a third party utility.

If you have CIS 6.x you probably won’t have to worry about finding crash dumps for CIS processes, they should already be in your Diagnostics file which you always have to append to bug reports. However please do check that the right dump file is there. If it isn’t or if you need to find crash dumps for other applications, hang dumps or OS crash dumps, please see the guidelines below.

[ol]- How to find application crash dumps created by CIS.

[This list created by Mouse as a guide mainly to Gibran’s work. Gibran’s original first post is now obsolete and has been moved].

Option 1 - Append a file (better for small files)
When you create a topic or reply to one you will find a little arrow and the red words ‘Additional options’ just below the text box. Just click on this and use the attach sub-option. You’ll need to zip the files, unless they are in common image or text formats. If you have any problems please PM an active mod.

Option 2 - Upload to the Cloud (better for bigger files)
Upload to your favorite Cloud drive provider, and post the public shortcut to the file. You can get a Comodo Cloud account for free.

Virtual machine software is software that allows you to run multiple ‘guest’ computers on a host computer. The computers can use the same operating system as the host computer or a different one.

It can be very helpful to use a virtual machine to test CIS. If you do please do NOT use VirtualBox as CIS does not work reliably when VirtualBox is installed. A free alternative is VMware player. More info here.

If you are happy to install additional software, Faststone is a very good free program. It allows to to take screenshots of a whole window scrolling down aromatically - very useful for Killswitch process lists. Also you can capture any part of your screen. (Depending on the version used you may need to make it a Defense plus trusted file and restart it). This post here explains how to use Faststone.

Without installing additional software the easiest way is to:

  • In Windows XP and Vista Take a copy of the whole screen (you cannot select parts) using the key. This places the image in your cut and paste buffer. Paste it into any program that allows you to save images (eg Microsoft Paint), and save it as an PNG (.png), GIF (.gif) or JPEG (.jpg) file. The first two are higher quality so text will be more readable, the third lower quality but smaller (size limit is 12.5Mb)
  • In Windows 7 and 8 and some Vista versions Use the Windows snipping tool to take a copy of the area of interest. Under Start ~ All Programs ~ Accessories in Windows 7. You can append the default .png file

Note that image formats other than JPEG, GIF or PNG may need to be archived (eg placed in a zip file) before posting.

Use the appended adapted Microsoft sysinternals software to do signature checks

How to do this:

[ol]- Just unpack appended zip archive to C:\program files\SysInternalsSuite (Spelling - note double S - and location of directory must be exact)

  • Make a system restore point just in case
  • Navigate to the directory and double click on the sigcheck.REG file - this adds a registry key. You may be told that the publisher is unrecognised, asked to grant the files admin privs, and/or asked to confirm the addition of a key to the registry. Please say yes to all these.
  • That’s it! Now if you right click on any file. You should now see a menu item ‘signature’. Choose this to check the file’s signature, and make a screenshot of the results. You may get a ‘run’ alert for installers - just say yes, it will not run the installer.[/ol]

This is better then using Windows signature tabs because it covers catalogue signed files (eg Windows files) as well as normal signed files, and checks for certificate revocation. The formal signer name can be checked against the CIS trusted vendor list.

If you wish the latest version of the executable in the zip file can be downloaded from Microsoft here but the version in the zip file work perfectly well.

[attachment deleted by admin]

To back up

  • In 6.x navigate to Advanced Settings ~ General Settings ~ Configuration. In 5.x go to More ~ Manage Configurations ~ Export
  • Export your current settings to a .cfgx file with a distinct name of your choosing, in a folder outside the Comodo directories, saving if asked
  • Go to Program files/Comodo/Comodo internet security/Database, copy the files named Trusted.db, Vendor.h and Vendor.n

To restore

  • Go to More ~ Manage Configurations ~ Export
  • Import the configuration, highlight it, and then choose ‘activate’
  • Copy the Trusted.db, Vendor.h and Vendor.n files back to their original location over writing existing. If this causes an access error, try the same in safe mode if you know how, or PM a currently active mod for help
  • Reboot to ensure all software is running under the imported rules

NB if asked to test for a bug after a clean re-install of CIS please do not import your settings before testing.

You’ll hardly lose any settings if you follow this guidance:

[ol]- How to back up and restore your settings so you don’t lose them.

If you have been asked to do a clean reinstall to see if it solves your problem please do not restore you settings until you have done the test. Clean re-installs also clear CIS log, so please make sure you have created any log screenshots you need before doing this.

FOR MODS ONLY - Needs updating when Comodo tracker is introduced

Mods enter bugs into the mod’s issue tracking system - Bugzilla - at their discretion. However mods may, if they wish, use the following criteria to determine which user-reported issues are tracked.

These are in addition to the normal criteria given for issue reports in the format and guide.

[ol]- BSODS and crash reports with dumps normally get a Bugzilla entry with a cc to Head of Development

  • Other issues should meet the following criteria:

[li]Importance. Be likely to have have a significant impact on a significant proportion of users, or a substantial effect on a smaller number, or a small effect on a substantial proportion of users. This means that they will enter Bugzilla with a severity of ‘normal’ or above.

  • Replicability. Be reported by at least 2 users, or be replicable on a mods/devs computer, or be accepted by devs as a valid issue, or be from a user whose expertise the mod is familar with
  • Resistance. [list][li]be unlikely to be resolvable by trying further, more advanced, settings changes [1].- Has continued despite trying disabling or uninstalling potentially conflicting security software from other vendors. This test is relevant even if the problem, does not seem to involve security software from other vendors. Such conflicts can cause complex and indirect effects.[/li]
  • Persistance. Not solved by a clean reinstall of CIS - ie not a transient version update/import problem. Not solved by a new AV database, TVL, whitelist update.

Bugs that do not fulfill these criteria may be marked [NBZ] if the mod feels they are never likely to, or be left flagged [WBZ] if they may given further information, user tests or user reports.

[1] Only the standard settings changes will have been tried by the time the bug reaches format verified - so others may be tried before the issue enters Bugzilla. But these changes should of course be without significant side effects. Issues with work-arounds are still bugs.

CIS stores your current customised configuration in your currently active configuration, which may (confusingly!) bear then name of a standard configuration. So to be sure to load a clean configuration you need to do the following:

[ol]- In 6.x Navigate to Advanced Settings ~ General Settings ~ Configuration. In 5.x Navigate to More ~ Manage My Configurations

  • Backup your current configuration to a non-comodo directory by choosing export, navigating to the directory, agreeing to save if asked, and naming the resulting export file with say your name and the date. To avoid confusion do not give the file the name of a standard configuration.
  • Choose import and navigate to the Program Files\Comodo\Comodo Internet Security directory
  • Choose Comodo Internet Security configuration (the default - use to test a problem under default settings) OR the Comodo Proactive Security configuration (slightly higher security) OR Comodo Firewall Security configuration (same as IS config but no AV). To be double sure choose the details view on the import dialog and check that the file date is the date of the last CIS update - if not ask for help.
  • Make this configuration your active configuration by selecting it then pressing the activate button
  • Reboot to make the configuration fully effective
  • Test to see if your prefer this configuration - for example test to see if any bug has disappeared?
  • If you want to go back to your backup configuration simply import it and activate it as above then reboot.[/ol]

FOR MODS ONLY: How to distinguish an ‘issue’ from a ‘wish list item’

A report refers to a valid issue if:
a) it would be a perceived as a problem by the average user
b) a possible remedy would fall within a notional design specification for the CIS product, given the CIS product’s current requirements scope (what sorts of security it tries to address) and design philosophy (the approach it takes in addressing it).

If it falls outside b) then it’s a wish list item. If it falls outside a) then it’s a design feature :slight_smile:

The problem is we have no design documentation for CIS. The closest we have is an out of date help file. So this is always a matter of judgement.