rundll32.exe and ctfmon.exe keep getting sandboxed after boot up

Hi I do have one niggle with V4 to 4.1. Every time I boot up my com I get a sandbox alert saying it has put rundll32.exe and then ctfmon.exe into the sandbox. I tick on run outside the sandbox and also tick trust vendor but the next time I boot up it comes up with the same thing. It doesn’t seem to be remembering my preferencies. Any ideas why these two things keep flagging up in the first place? and also why isn’t CIS remembering my instuctions?
It doesn’t affect the overall running of my com but it’s annoying to see these everytime I boot up.

The target for rundll32 in D+ events is nvapps.xml in sys32 folder
here is D+ log for today 10/6/10
COMODO Internet Security Premium - Log Viewer Logs
Table : Defense+ Events
Date Created : 2010-06-10 21:28:58
Records count : 74
Date Application Action Target
2010-06-10 06:35:31 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 06:35:31 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 06:35:31 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 06:35:31 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 06:35:38 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 06:35:38 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 06:35:47 C:\WINDOWS\system32\RUNDLL32.EXE Sandboxed As Limited
2010-06-10 06:35:47 C:\WINDOWS\system32\ctfmon.exe Modify Key HKUS\S-1-5-21-299502267-926492609-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
2010-06-10 06:35:47 C:\WINDOWS\system32\rundll32.exe Modify File C:\WINDOWS\system32\nvapps.xml
2010-06-10 06:36:08 C:\WINDOWS\system32\ctfmon.exe Sandboxed As Limited
2010-06-10 16:04:57 C:\WINDOWS\system32\RUNDLL32.EXE Sandboxed As Limited
2010-06-10 16:04:57 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 16:04:57 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 16:05:01 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 16:05:01 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 16:05:01 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 16:05:01 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 16:05:14 C:\WINDOWS\system32\ctfmon.exe Sandboxed As Limited
2010-06-10 16:05:14 C:\WINDOWS\system32\ctfmon.exe Modify Key HKUS\S-1-5-21-299502267-926492609-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
2010-06-10 16:05:14 C:\WINDOWS\system32\rundll32.exe Modify File C:\WINDOWS\system32\nvapps.xml
2010-06-10 20:10:17 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 20:10:17 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 20:10:17 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 20:10:17 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 20:10:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 20:10:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 20:10:34 C:\WINDOWS\system32\RUNDLL32.EXE Sandboxed As Limited
2010-06-10 20:10:35 C:\WINDOWS\system32\ctfmon.exe Modify Key HKUS\S-1-5-21-299502267-926492609-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
2010-06-10 20:10:35 C:\WINDOWS\system32\rundll32.exe Modify File C:\WINDOWS\system32\nvapps.xml
2010-06-10 20:10:56 C:\WINDOWS\system32\ctfmon.exe Sandboxed As Limited
2010-06-10 20:57:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 20:57:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 20:57:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 20:57:22 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 20:57:30 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 20:57:30 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 20:57:35 C:\WINDOWS\system32\RUNDLL32.EXE Sandboxed As Limited
2010-06-10 20:57:36 C:\WINDOWS\system32\ctfmon.exe Modify Key HKUS\S-1-5-21-299502267-926492609-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
2010-06-10 20:57:36 C:\WINDOWS\system32\rundll32.exe Modify File C:\WINDOWS\system32\nvapps.xml
2010-06-10 20:57:56 C:\WINDOWS\system32\ctfmon.exe Sandboxed As Limited
2010-06-10 21:12:08 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:12:08 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:12:08 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:12:08 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:12:16 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:12:16 C:\WINDOWS\system32\services.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:12:25 C:\WINDOWS\system32\RUNDLL32.EXE Sandboxed As Limited
2010-06-10 21:12:25 C:\WINDOWS\system32\ctfmon.exe Modify Key HKUS\S-1-5-21-299502267-926492609-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
2010-06-10 21:12:25 C:\WINDOWS\system32\rundll32.exe Modify File C:\WINDOWS\system32\nvapps.xml
2010-06-10 21:12:39 C:\WINDOWS\system32\ctfmon.exe Sandboxed As Limited
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:14:39 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Google\Update\GoogleUpdate.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Java\jre6\bin\jqs.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2010-06-10 21:28:21 C:\Program Files\Comodo\COMODO Internet Security\cfplogvw.exe Block File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
End of The Report

Hello,

I also had this problem to (only on Win XP SP 3) and I could solve this by moving those files from “My pending files” to “My Own Safe Files”.

Ovid

Hi I too run XP sp3 32bit…I tried adding them to my own safe files but still didn’t work. I will however try again just for the hell of it :slight_smile:

I just tried again and both are in my own safe files list but on reboot the sandbox warning appears again :frowning:
Ideas anybody??
:slight_smile:

It is very strange wy that does not work (to me it was the only way it worked). Hopefully others users will come with other solutions. :slight_smile:

Yep something similar has been happening to me as Sandbox keeps isolating sidebar.exe and runonce.exe at startup.

https://forums.comodo.com/bug-report-cis/sandbox-isolates-microsoft-sidebarexe-t57119.0.html

I never tried this, but then again I never installed ask toolbar either

try this

I hope it works for you :slight_smile:

(Temporary Solution)

Why don’t you just disable it?

This may be pure coincidence but my windows updater just d/l some security updates etc and I rebooted and the sandbox remained silent…no pop ups about rundll32 or ctfmon ;D
Fingers crossed my system has somehow righted itself :slight_smile:

Ignore last statement,booted this morning and both warnings are back >:(

if you’re ■■■■■■ off and sooo angry >:( :frowning:
http://www.rhapdog.com/Smilies/Mean/crybaby2.gif

http://www.rhapdog.com/Smilies/Mean/th_frusty.gif
about sandbox… then try disabling them while we find solutions…

(only try to follow my instructions if you’re ■■■■■■ off and sooo angry >:( :frowning:
http://www.rhapdog.com/Smilies/Mean/crybaby2.gif

http://www.rhapdog.com/Smilies/Mean/th_frusty.gif
about sandbox…

@ JoshuaLangit123 for your info I’m not so ■■■■■■ off and angry as you so elequently put it. For your info I have solved that problem by completely uninstalling and reinstalling CIS 4.1. I was merely updating the situation (trying to be of asistance). So as a final word from me on this particular topic YOU may be ■■■■■■ off and angry to know that I wont be commenting again.
On another note…now I have reinstalled CIS I no longer pass CLT test with stock set up ;D but I’ll keep that for another topic to ■■■■ you off and make you angry :stuck_out_tongue: ;D
Regards
Nick

!ot! Whatever…
http://www.rhapdog.com/Smilies/Mean/fighting61.gif

http://www.rhapdog.com/Smilies/Mean/fishslap.gif

http://www.rhapdog.com/Smilies/Mean/tongue2.gif

http://www.rhapdog.com/Smilies/Mean/nahnah.gif