Windows XP uploads the crash logs to Microsoft but does not save a local copy. You need to enable this option running a file contained in Windows Error Reporting.zip
If some application crashed and you think it is related to CFP please run drwtsn32.exe without any options or switches and look for a crash dump in the path listed in Dr.Watson dialog (Make sure it was created at the time the crash happened) please confirm that Dump symbol table, Dump all thread contexts, Append to existing log file and Create crash dump file checkboxes are enabled. “Create crash dump file” checkbox is the most important option to enable.
How to find crashdumps in Windows Vista
Windows Vista uploads the crash logs to Microsoft but does not save a local copy. You need to enable this option running a file contained in Windows Error Reporting.zip
You need to uncompress Windows Error Reporting.zip and then run Windows Error Reporting.reg
NOTE: in some cases you will only see the name Windows Error Reporting without the .zip or .reg part . You can right click and coose Properties to confirm the filetype.
When an application crashes you can find the required crash informations in %LOCALAPPDATA%\Microsoft\Windows\WER\ReportQueue
Just paste that bolded text in explorer and hit go
Be sure to include the following files in a compressed zip file:
WERxxxx.tmp.mdmp
This is the most important file. It contains the crash dump that can be opened inside Visual Studio or other Windows debuggers.
WERxxxx.tmp.version.txt
Contains the operating system version and other hardware information.
WERxxxx.tmp.appcompat.txt
Lists all of the DLLs loaded at the time of the crash with their version information.
If the windows error reporting (WER) dialog for the crash is still open
Do not answer the dialog (the devs have said that the info may not be valid if collected on second or subsequent dialogs). Go to Advanced Tasks ~ Monitor Activity and open Killswitch. Find the process that WER is saying has crashed or hung and right click to take a full dump.
If not you may be lucky and find the dump file (it will probably be a small dump file), zipped up with other files in:
%LOCALAPPDATA%\Microsoft\Windows\WER\ReportQueue
OR
C:\ProgramData\Microsoft\Windows\WER\ReportQueue
Just type the strings above into Windows explorer and hit to see if they are there. You can append the whole zip file.
Failing that, or if the WER dialog is not open and you want a full dump file (which the devs prefer) you need to set up local crash dump collection using the appended .reg file, and await another crash.
To do this just
a) make a restore point (not really needed but better to be safe)
b) download the appended file
c) extract it
d) double click on the .reg file on it
e) say OK when you get the usual warning regarding changes to the registry.
From then on you will find your dump files, as .dmp files, in:
%localappdata%\crashdumps
Just type the string above into the explorer address bar and press enter.
In Win7/8 & or Vista: CIS 5.x
Navigate to Defense plus ~ Computer Security Policy ~ Defense plus rules. Then select the CIS group. Choose Edit ~ Customise ~ Protection settings ~ Interprocess memory access ~ Modify ~ allowed applications ~ add taskmgr.exe. Save/apply all settings. Invoke the task manager using and right click on the process, then select “create dump”. (In win 8 you’ll need to choose ‘more details’ first). You’ll need to zip the resulting file, and upload it to the Cloud, as it will be large.
CIS 6.x
Navigate to Advanced tasks ~ Watch activity and open Killswitch. Do not attempt a dump of cmdagent. Right click on any other CIS process. Choose to create a full dump. You’ll need to zip the resulting file and upload it to the Cloud, as it will be large,
In Windows XP CIS 5.x 1. Install the latest version of process explorer and allow it in memory access to CIS
Download Process Explorer from here. Install and run it. Navigate to Defense plus ~ Computer Security Policy ~ Defense plus rules. Then select the CIS group. Choose Edit ~ Customise ~ Protection settings ~ Interprocess memory access ~ Modify ~ allowed applications ~ add procexp.exe. Save/apply all settings
2. Make the hang dump
When the hang/freeze occurs open process explorer and right click on cfp.exe and cmdagent.exe, choosing to create a mini memory dump. Zip this file before uploading it to the forum please.
CIS 6.x
Please follow instructions for Win 7/Vista
Where:
You’ll find these in the following directory:
XP
%AllUsersProfile%\Comodo\CISDumps
Vista and later
C:\ProgramData\Comodo\CisDumps
What to do
Don’t be confused by the % signs. Just type this path exactly as above into Windows Exlorer, or any windows file selection dialog box and you will go to the right place.
There should be zipped and unzipped versions of the crash file. The zipped version is the one you want and should be named after the file that crashed eg cfp.zip, cmdagent.zip.
Notes
You will probably have been prompted to submit a crash dump by email - this has not been working for a long time at time of posting 1 November 2011
The unzipped file name is crash.dmp, and it is created by Comodo crashrep.exe, not Drwtsn.exe.
A full dump in a file called Memory.dmp (a ‘full dump’) your %SystemRoot% directory, normally C:\Windows
A minidump in a file called .dmp or minidump.dmp in your %SystemRoot%\Minidump directory normally C:\Windows\Minidump
Check the time and date of the dump file against the incident you wish to report. If you have both a full and a minidump with the correct time and date, use the full dump if it’s not of inconvenient size. (Dump files shrink significantly when zipped, but full dumps are still normally better posted in the cloud with a link in the forum).
To access %SystemRoot% just type it into a Windows explorer address bar and hit
If there’s no dump in either of the locations please follow the more detailed guidance below:
The following guidance was compiled by Gibran, and has been reposted with edits by Mouse.
Setting up your machine to help you record BSOD error messages
Setting up your machine to record minidumps or fulldumps
Find your minidumps or full dumps
Paste the Small or Full dump directory string you found in Startup and Recovery Dialog (eg. %SystemRoot%\Minidump) in explorer and hit go
Virtual machine software allows you to run a virtual computer, running any operating system, in a window on your normal computer. The virtual computer is called a virtual machine.
It can be very helpful to install CIS on a virtual machine and use it to test CIS. The advantages are:
You can test CIS in a standard environment, and so determine what bugs are inherent to CIS and what issues are the result of interaction with other software
If testing a beta version of CIS you can test without much risk to your production machine, and without much risk to your main machine’s security
You can create a dedicated testing enviroment with all the tools at hand you need to test CIS
If you do please do NOT use VirtualBox as CIS does not work reliably when VirtualBox is installed. A free alternative is Vmware player. Vmware workstation works well too but is not free. You need to exclude the Vmware progrm directory from shellcode injections under D+ settings ~ Execution control ~ Exclusions.
Brief tips: I’ve installed mine on a XP machine with 3 GB of accessible memory & it runs OK - installation was smooth though - when creation of the Windows virtual machine is included - slow. You must start with a licensed version of Windows with a licence key - the key may be on the back of your computer or your OS disk. I find you need at least 10Gb of free disk space per Windows Virtual machine, if you include .NET, but its wiser to set a higher limit to the size of a given virtual machine when installing it. It’s important to keep the virtual disk file (the largest file) defragmented, and don’t use the sequence in the virtual machine.
EXAMPLES OF CONFIGURATION CHANGES CONSIDERED MAJOR:
AV
Cloud disabled
Heuristics Medium or High
Firewall
Any level apart from ‘safe’
Removed any preset rules
Added any global rules or safe zones manually
Not using Comodo DNS servers
TrustConnect set to encrypt all public connections
HIPS
‘Block all unknown requests if the application is closed’ ticked.
Enhanced mode turned on or off
Any level apart from safe
Any preset (eg operating system or CIS) rules deleted
File rating
Trusted Software Vendors list deleted
Cloud disabled
Behavior Blocker
Registry hack in place to virtualise unrecognised files
‘Treat unrecognised files as’ changed
Detect installers off
Heuristics Off
Shellcode off
Sandbox
Do not virtualise access to files unticked
Do not virtualise access to registry keys ticked and keys defined
We ask for the the information in the bug reports because it helps developers fix bugs quickly. This is particularly important for free software, as the development teams a usually small.
To fix a bug quickly and efficiently developers need to:
Understand. Understand precisely what is happening and why you think it’s a problem
Replicate. Be able to make the bug/issue happen themselves, so they can fully diagnose it and tell when it is fixed
Find info. Have all the information in a standard format so they can find any specific peice of information quickly
Here’s why we ask for the information we do in specific sections of the bug report.
The bug/issue
This section is mainly about helping the developer to understand what is happening and why the user thinks it is a problem. One question asks whether the user can make the bug happen again - this helps the developers reproduce the issue on their computers.
A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- [b]Summary - Give a clear summary in the topic subject, NOT here.[/b]
- [b]Can U reproduce the problem & if so how reliably?[/b]:
?
- [b]If U can, exact steps to reproduce. If not, exactly what U did & what happened[/b]:
[b]1:[/b]?
[b]2:[/b]?
[b]3:[/b]?
- [b]If not obvious, what U expected to happen[/b]:
?
- [b]If a software compatibility problem have U tried the conflict FAQ?[/b]:
?
- [b]Any software except CIS/OS involved? If so - name, & exact version[/b]:
?
- [b]Any other information, eg your guess at the cause, how U tried to fix it etc[/b]:
?
[/ol]
Your set-up
This section is mainly about helping the developers to reproduce the problem on their computers. Users often think that bugs they experience are happening to everyone using the sofware. In fact most bugs occur only:
in a specific CIS version or with specific CIS settings
in conjunction with other security or utility software
on specific operating systems or with specific OS settings
So developers really do need to know ALL this information if they are to reproduce a bug.
B. YOUR SETUP
[ol]- [b]Exact CIS version & configuration[/b]:
?
- [b]Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV[/b]:
?
- [b]Have U made any other changes to the default config? (egs here.)[/b]:
?
- [b]Have U updated (without uninstall) from CIS 5 or CIS6?[/b]:
?
[li][b]if so, have U tried a a clean reinstall - if not please do?[/b]:
?
[/li]- [b]Have U imported a config from a previous version of CIS[/b]:
?
[li][b]if so, have U tried a standard config - if not please do[/b]:
?
[/li]- [b]OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used[/b]:
?
- [b]Other security/s'box software a) currently installed b) installed since OS, including initial trial security software included with system[/b]:
a=? b=?
[/ol]
Appended files
These serve to illustrate or add information to the above sections.
Screenshots are often worth a thousand words in helping devs to understand a bug.
The Killswitch Process List shows what software your machine is running, and how CIS may be restricting it
Random BSODS, crashes & hangs cannot be diagnosed at all without dump files
CIS configuration files make it easy to give detailed information about settings to devs.
C. ATTACH REQUIRED FILES
[ol][li][b]Always attach - [url=http://help.comodo.com/topic-72-1-451-4702-The-Home-Screen.html#title_bar_controls]Diagnostics file[/url], Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m'ware)[/b]
Application crash dump files can be created by CIS or by the operating system - you can tell which by whether the message informing you of the crash is a Windows or an CIS message. OS crash dumps are always created by the operating system. Hang dumps have to be specially requested using the OS or a third party utility.
If you have CIS 6.x you probably won’t have to worry about finding crash dumps for CIS processes, they should already be in your Diagnostics file which you always have to append to bug reports. However please do check that the right dump file is there. If it isn’t or if you need to find crash dumps for other applications, hang dumps or OS crash dumps, please see the guidelines below.
Option 1 - Append a file (better for small files)
When you create a topic or reply to one you will find a little arrow and the red words ‘Additional options’ just below the text box. Just click on this and use the attach sub-option. You’ll need to zip the files, unless they are in common image or text formats. If you have any problems please PM an active mod.
Option 2 - Upload to the Cloud (better for bigger files)
Upload to your favorite Cloud drive provider, and post the public shortcut to the file. You can get a Comodo Cloud account for free.
Virtual machine software is software that allows you to run multiple ‘guest’ computers on a host computer. The computers can use the same operating system as the host computer or a different one.
It can be very helpful to use a virtual machine to test CIS. If you do please do NOT use VirtualBox as CIS does not work reliably when VirtualBox is installed. A free alternative is VMware player. More info here.
If you are happy to install additional software, Faststone is a very good free program. It allows to to take screenshots of a whole window scrolling down aromatically - very useful for Killswitch process lists. Also you can capture any part of your screen. (Depending on the version used you may need to make it a Defense plus trusted file and restart it). This post here explains how to use Faststone.
Without installing additional software the easiest way is to:
In Windows XP and Vista Take a copy of the whole screen (you cannot select parts) using the key. This places the image in your cut and paste buffer. Paste it into any program that allows you to save images (eg Microsoft Paint), and save it as an PNG (.png), GIF (.gif) or JPEG (.jpg) file. The first two are higher quality so text will be more readable, the third lower quality but smaller (size limit is 12.5Mb)
In Windows 7 and 8 and some Vista versions Use the Windows snipping tool to take a copy of the area of interest. Under Start ~ All Programs ~ Accessories in Windows 7. You can append the default .png file
Note that image formats other than JPEG, GIF or PNG may need to be archived (eg placed in a zip file) before posting.
Use the appended adapted Microsoft sysinternals software to do signature checks
How to do this:
[ol]- Just unpack appended zip archive to C:\program files\SysInternalsSuite (Spelling - note double S - and location of directory must be exact)
Make a system restore point just in case
Navigate to the directory and double click on the sigcheck.REG file - this adds a registry key. You may be told that the publisher is unrecognised, asked to grant the files admin privs, and/or asked to confirm the addition of a key to the registry. Please say yes to all these.
That’s it! Now if you right click on any file. You should now see a menu item ‘signature’. Choose this to check the file’s signature, and make a screenshot of the results. You may get a ‘run’ alert for installers - just say yes, it will not run the installer.[/ol]
This is better then using Windows signature tabs because it covers catalogue signed files (eg Windows files) as well as normal signed files, and checks for certificate revocation. The formal signer name can be checked against the CIS trusted vendor list.
If you wish the latest version of the executable in the zip file can be downloaded from Microsoft here but the version in the zip file work perfectly well.
In 6.x navigate to Advanced Settings ~ General Settings ~ Configuration. In 5.x go to More ~ Manage Configurations ~ Export
Export your current settings to a .cfgx file with a distinct name of your choosing, in a folder outside the Comodo directories, saving if asked
Go to Program files/Comodo/Comodo internet security/Database, copy the files named Trusted.db, Vendor.h and Vendor.n
To restore
Go to More ~ Manage Configurations ~ Export
Import the configuration, highlight it, and then choose ‘activate’
Copy the Trusted.db, Vendor.h and Vendor.n files back to their original location over writing existing. If this causes an access error, try the same in safe mode if you know how, or PM a currently active mod for help
Reboot to ensure all software is running under the imported rules
NB if asked to test for a bug after a clean re-install of CIS please do not import your settings before testing.
If you have been asked to do a clean reinstall to see if it solves your problem please do not restore you settings until you have done the test. Clean re-installs also clear CIS log, so please make sure you have created any log screenshots you need before doing this.
FOR MODS ONLY - Needs updating when Comodo tracker is introduced
Mods enter bugs into the mod’s issue tracking system - Bugzilla - at their discretion. However mods may, if they wish, use the following criteria to determine which user-reported issues are tracked.
These are in addition to the normal criteria given for issue reports in the format and guide.
[ol]- BSODS and crash reports with dumps normally get a Bugzilla entry with a cc to Head of Development
Other issues should meet the following criteria:
[li]Importance. Be likely to have have a significant impact on a significant proportion of users, or a substantial effect on a smaller number, or a small effect on a substantial proportion of users. This means that they will enter Bugzilla with a severity of ‘normal’ or above.
Replicability. Be reported by at least 2 users, or be replicable on a mods/devs computer, or be accepted by devs as a valid issue, or be from a user whose expertise the mod is familar with
Resistance. [list][li]be unlikely to be resolvable by trying further, more advanced, settings changes [1].- Has continued despite trying disabling or uninstalling potentially conflicting security software from other vendors. This test is relevant even if the problem, does not seem to involve security software from other vendors. Such conflicts can cause complex and indirect effects.[/li]
Persistance. Not solved by a clean reinstall of CIS - ie not a transient version update/import problem. Not solved by a new AV database, TVL, whitelist update.
[/list][/li][/ol]
Bugs that do not fulfill these criteria may be marked [NBZ] if the mod feels they are never likely to, or be left flagged [WBZ] if they may given further information, user tests or user reports.
Footnote:
[1] Only the standard settings changes will have been tried by the time the bug reaches format verified - so others may be tried before the issue enters Bugzilla. But these changes should of course be without significant side effects. Issues with work-arounds are still bugs.
CIS stores your current customised configuration in your currently active configuration, which may (confusingly!) bear then name of a standard configuration. So to be sure to load a clean configuration you need to do the following:
[ol]- In 6.x Navigate to Advanced Settings ~ General Settings ~ Configuration. In 5.x Navigate to More ~ Manage My Configurations
Backup your current configuration to a non-comodo directory by choosing export, navigating to the directory, agreeing to save if asked, and naming the resulting export file with say your name and the date. To avoid confusion do not give the file the name of a standard configuration.
Choose import and navigate to the Program Files\Comodo\Comodo Internet Security directory
Choose Comodo Internet Security configuration (the default - use to test a problem under default settings) OR the Comodo Proactive Security configuration (slightly higher security) OR Comodo Firewall Security configuration (same as IS config but no AV). To be double sure choose the details view on the import dialog and check that the file date is the date of the last CIS update - if not ask for help.
Make this configuration your active configuration by selecting it then pressing the activate button
Reboot to make the configuration fully effective
Test to see if your prefer this configuration - for example test to see if any bug has disappeared?
If you want to go back to your backup configuration simply import it and activate it as above then reboot.[/ol]
FOR MODS ONLY: How to distinguish an ‘issue’ from a ‘wish list item’
A report refers to a valid issue if:
a) it would be a perceived as a problem by the average user
AND
b) a possible remedy would fall within a notional design specification for the CIS product, given the CIS product’s current requirements scope (what sorts of security it tries to address) and design philosophy (the approach it takes in addressing it).
If it falls outside b) then it’s a wish list item. If it falls outside a) then it’s a design feature
The problem is we have no design documentation for CIS. The closest we have is an out of date help file. So this is always a matter of judgement.
