Simple Questions Go Unanwsered?

Hello Forum:
First i have a question about a file called GUARD32.dll, is that a comodo file and why does it have to load up in memory so early in boot-up sequence, hi-jackthis has it as O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll .

The Description of item 020- O20 - Files specified in the AppInit Registry value are loaded very early in Windows Start-up and stay in memory untilsystem shutdown. This way of loading a .dll is hardly ever used, except by Trojans.
The Winlogon notify registry subkeys load dll files into memory at about the same point in the Boot Process, keeping them loaded into memory until the session ends.Apart from several Windows components,the programVX2,ABETTERInternet and Look2Me use this registry key,Since both methods ensure the dll stays loaded in memory the entire time, fixing this wont help if the dll puts back the Key or Value immediately. In such cases, the use of the ‘Delete on Reboot’ Function or 'Killbox is recommended to first delete the file.

Secondly i have a Question about how Comodo loads up where it has to have the Windows Terminal Service going, i have been experimenting with this program and if you turn Terminal Service of in Windows Services, you get a initiation problem on start up off Comodo, i have got 5 minute initiation start-ups under those conditons, does this service have to be on for the proper operation of Comodo, and why do you have to have the Service on in the first place when the service only controls Fast-user Switching and Remote Desktop.

Description of Fast User Switching-Fast User Switching is a feature in Windows that allows you to switch to a different computer user account without closing programs and files first. This makes it easier to share a computer with others.
Description of Remote Dektop-A way to control a computer from another location using another computer.
So this begs to be asked as i said previously as why Terminal Service is needed to Start Comodo Properly,and why does the firewall have to have access to a Remote Service which should be turned of by default on most machines.
Anyway if there is a qualified tech to anwser my questions, not part-timers that dont know what they are talking about, i would appreciate it , thank you!! Cheers Bazza3000!! (:NRD) (:AGY) (:AGY)

Sorry for the late reply.

Please submit a support ticket for your question.

This is a forum that has primarily volunteers(Moderators, also other users of the comodo firewall) that help people out. If you want someone who officially represents the technical department of Comodo then you need to do as I stated above. Some moderators(Volunteers) are qualified in the Information Technology field. I have formal qualifications and experiance and I know of at least one other moderator(Volunteer) that has experiance and/or formal qualifications in the information technology field. Please do not assume that just because we are volunteers, we do not know what we are talking about.

In my opinion all moderators(Volunteers) here have a decent working knowledge of the Comodo Firewall.

Side Note: I have also found some people that occasionally to frequently help out at this forum(People that do not have “Moderator” status, again DO NOT work for Comodo) work and/or have formal qualifications in the IT industry.

The internet rules!!!

Regards. Rotty.

Thank you Rotty: I may have been a bit over the top with Part-timers, i do realise that this forum is run by mostly volunteers, and they do a great job to the best of there ability, and i did guess that noboby wanted to answer me, because it was out of there technical expertise, and i posted on the forum without a reply for quite a while.
But there are Comodo employees that peruse this forum, ie: The CEO,one prime example, that one would think have the smarts to answer a relatively simple question, its seems to me that the CEO is selective on what he answers, getting more into the politics of selling the product than explaining to people what actually is the faults in the product and how they are going to be solved, and if the person enquiring about a problem has a technical background, you know that some of us out here in the big old world aint that stupid you know, it would be nice to get a technical explaination, that doesnt have to go for pages, and we out here might be able to help you, with suggested actions.

Actually Some of us are in Software Development ourselves, and its been interesting to see the development of this product, not a bad product, but still a long way to go , and i did think that it was a bit premature to release the product when they did, anyway its up to them. I will give this product another go in 6 months to see if they have made any progress!!

Ps: Im not putting the product down in any way, its actually a innovative yet to be completed experiment!! Cheers Bazza3000

Hey bazza,

I believe guard32.dll is the 32 bit module that prevents the other firewall components being unloaded/tampered with. I see if I can confirm this and report back here.

Ewen :slight_smile:

The AppInit_DLLs value is found in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

All the DLLs that are specified in this value are loaded by each Microsoft Windows-based application that is running in the current log on session.

That’s why some trokans use it but this time a legit applicuation use this MS provided function in order to protect the host pc.
guard32.dll should be obviously a comodo support dll

Terminal services is used also by remote desktop and terminal server services. You may close these services withous issues as CFP don’t need them. This mean that this sentence below is not correct.

Windows has many users other than the real ones (eg. SYSTEM, NETWORK SERVICE, LOCAL SERVICE) if you disabled terminal service I guess you won’t be able to see any windowss-fake user in Task manager.
I guess that these fake users are needed for privilege separation so exploiting one service don’t always mean gaining admin privileges.