Slowdown and BSOD using Shockwave Flash in Kiosk [M379] [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.- Can U reproduce the problem & if so how reliably?:I have not reinstall in order to test whether this problem can be reproduced over. Flash does slow down the virtual kiosk regardless, so this problem is probably likely to be reproduced over.

• If U can, exact steps to reproduce. If not, exactly what U did & what happened:a. Play a game in a shockwave website in the firefox browser(For this one, I have used redline rumble)
  b. Allow the flash to be updated to the latest version.
  c. Play the game again which will results in lags into starting games.
  d. Then, uninstall the latest flash from firefox.
  e. Install oldversion (yes, that website) installer Adobe Shockwave Flash 10.5 after uninstalling the latest flash.
  f. Restart the computer
  g. Load URL of the game
  h. BSOD will occur.
  Note: I am not sure if it reproduced this way, but one of the thing to note is that shockwave flash 11.6 should still be there after uninstalling and restarting.
• If not obvious, what U expected to happen: I expected there would be a error message inside the virtual kiosk browser after noticing the shockwave 11.6 is still there.
• If a software compatibility problem have U tried the conflict FAQ?: No and I doubt it’s a software compatibility problem.
• Any software except CIS/OS involved? If so - name, & exact version: Mozilla Firefox v.18.0.2 & Adobe Shockwave Player 12.0.2.122 & Oldversion shockwave flash 10.1…
• Any other information, eg your guess at the cause, how U tried to fix it etc:Possibly due to conflict at the kernal level and yet incomplete kiosk capability of virtualizing.
• Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
  [/ol]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.0.264710.2708

• Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:

A.Antivirus
A.Antivirus.Realtimescan- {Enable Real time Scan is on, Enable scanning optimizations is on}
A.Antivirus.Realtimescan.Detection- {Run Cache builder is on, Scan computer memory after computer starts is on, Do not show antivirus alert is on, Decompress is on, time settings is off, use heuristic setting is set to high}
The rest of Antivirus setting is default

B.HIPS
B.HIPS.HIPS Settings-{HIPS is enabled, Do not show popup alert is off, Set popup alerts to verbose mode is off, create new rules for safe applications is off, set on-screen alert screen timeout is set to 120 secs.
B.HIPS.HIPS Settings.Advanced-{Adaptive mode is off, Block unknown request is off, Enhanced protection is on}
B.HIPS.HIP Rules-Custom setting
B.HIPS.Rulesets-Have not been changed
B.HIPS.File protection to COM Protection have not been changed since reinstall
B.HIPS.Behavior Blocker-{Autosandbox is on to partially limited, Detect installer is on, Define exceptions is off}
B.HIPS.Behavior Blocker.Advanced-{Do heuristic command-line analysis for certain applications is on, Detect Shellcode injections is on with no exceptions}
B.HIPS.Sandbox-{Do not virtualize access to the specified files/folder is off, do not virtualize access to the specified registry keys/values is off, Enable automatic startup for services installed in the Sandbox is on, Show highlight frame for virtualized programs is on}
B.HIPS.Sandbox.Virtual Kiosk-{Password protection is on}

C.Firewall
C.Firewall.Firewall settings-Enabled
C.Firewall.Firewall settings.Alert settings-{Do NOT show popup alerts is off, Auto-network detection is enabled, Trustconnect alert is off, turn traffic animations effects on, create rules for safe applications, alert frequency settings high, On-screen alert timeout is disabled}
C.Firewall.Firewall settings.Advanced-{IPv6 filter is on, loopback traffic filter is on, fragmented IP traffic is on, protocol analysis is on, Anti-ARP spoofing is on.
C.Firewall.Applications rules-Custom setting
C.Firewall.Global rules-Default
C.Firewall.Rulesets-Default
C.Firewall.Network Zones-Default
C.Firewall.Portsets-Default

D.File Rating settings-All enabled

• Have U made any other changes to the default config? (egs here.): I could have possibly altered the default setting. Changes is minimal
• Have U updated (without uninstall) from a CIS 5?:Yes
  [li]if so, have U tried a a clean reinstall - if not please do?: I have not tried nor am I willing to test to see what causes the bluescreen
  [/li]- Have U imported a config from a previous version of CIS:Yes and it caused my computer to slow down to less than 1 frames in 3 hours. But not a issue now. I could send the .cgfx from that version if you want.
  [li]if so, have U tried a standard config - if not please do: No.
  [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Windows 7 x64, UAC is off, account is adminstrator, Acer Aspire U3022-X3950, VM is not used
• Other security/s’box software a) currently installed b) installed since OS: a=Threatfire b=Default OS security box are uninstalled
  [/ol]

[attachment deleted by admin]

Thank you very much for your issue report.

We would very much appreciate it if you would be kind enough to edit your report to put it in the standard format and add any additional information requested, as this will make it much easier for the developers to diagnose and fix the problem.

The reasons we need all the information in the format, though they may not seem directly relevant to the issue are explained here.

If you are able to do this we will forward this post to the format verified board, where it is more likely to get looked at by developers. You can find assistance using red links in the format and here. If you need further help please ask a mod. If you do not add the information after a day or two we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report in standard format or not. However we may remind you if we think a bug of particular importance.

Many thanks again

Mouse

Edited, is that good enough? I am sure I am missing some few things.

How do you get the .dmp files and .xml files in the CIS report?

That’s a good report, thanks

I would certainly try a re-install. CIS 6.0 is not really upgrade friendly yet (hence no auto-update version).

If that fixes it, no real need to take this further unless you want to.

If it does not then we’ll need a diagnostics report and your watch activity process list. Info on how to obtain these can be got by following the red links in the format. The process list would need to be take with the software running and exhibiting the symptoms and include CPU and RAM columns. Performance bugs are notoriously difficult to track down, hence all the required information.

Best wishes

Mouse

PM sent

I attached the cfpupdat.zip and I will reinstall in order to get you the watch activity list, but I’m not going to replicate the BSOD as I don’t really want to decrease the lifespan of my computer and the computer wouldn’t restart at BSOD. I do however have a extra notebook that I wouldn’t mind BSODing, would it be alright to use that if I had to replicate the BSOD. I’m going to wait for your response so that I can know whether it’d be alright to test it in another computer and whether you want to go as far as fixing the performance issue rather than the BSOD. If the performance, then I will re-install on this desktop computer.

[attachment deleted by admin]

[s]Yes a dump from another computer will be fine, so long as you complete a part B of the bug report for that computer, and append the dump to that post

Many thanks for going to that trouble by the way

Best wishes

Mouse[/s]

I will replicate the issue by tomorrow or two days if all tests goes well. Looks like I’m going to need to clean up malwares from that computer first before moving on. MBR scans, rootkits scan, and you know the drills. If all goes well, then I’ll show reports soon. If not; be patient. Turns out I only have a extra laptop since my mother gave the notebook away and my family does not give a shit about computer security which puts the burden on me. Sigh…

[s]THat’s fine reptilian, thanks very much for your help.

Could you add a link to a game that shows this behavior and give an exact navigation path in that game that will cause the BSOD. The next best thing to a dump is to give the certain, or closer to certain, ability to replicate the BSOD.[/s]

Sorry reptilian, now realise that you appended a dump

Having sorted my mistake - sorry - see above.

What I still need possible is the Watch Activity process list and CIS diagnostics. The Watch activity pocess is is best taken when the slowdown is occurring (wCPU and RAM showing) if you can do that without causing a BSOD. If not one taken at another time will do.

CIS diagnostics can be taken at any time.

PM reminder sent

Well, I can’t replicate the issue on the other computer because the CPU is frying and my parents don’t want to fix it and it’s extremely slow. Great… This leads me to try to replicate the BSOD on the virtual machine, but the OS in there is basically experience version of windows 7. Yeah, AV works there. I’m going to reinstall CIS since the slowdown issue isn’t what caused the BSOD. What caused the BSOD is changing the shockwave flash into the virtual kiosk and then uninstalling it and then try playing the game again. I will start compiling a report at 4/26/2013. Sorry for the delays.

OK that’s fine, thanks for doing this. Happy to wait till tomorrow for the Watch Activity process list and CIS diagnostics etc

Best wishes

Mouse

Hi Reptillian,
I can not reproduced your problem.
Please upgrade CIS to 6.1.275152.2801 and to see if this problem still exists.

BTW: Would you like to send me the dmp file and the shock wave 10.5 installer? My email is jackwang##comodo.com, thanks a lot.

Best Regards.

Well, I reinstalled to the latest version and it seems to work for the most part. Loading flash games still take a little longer than the usual setup. I’m sure that more has to do with the fact that it’s a kiosk setup than any actual bugs. The BSOD issue does not appear. I don’t know if I can it resolved although I can get along just fine by waiting at least 6-10 seconds before game start to load which is ok for me. Also, I suspended threatfire to try to test flash games.

Oh and these files are generated in the same computer when I generated my reports.

[attachment deleted by admin]

OK assuming that’s the one with the BSOD, on which you’ve installed 2801, I’ll forward to format verified

Thanks very much for the detailed feedback

Mouse

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

No problem. Unrelated question though, why can I not edit posts here?

Here’s fixed version of a sentence I typed before.

That’s just to make things clear.

Thanks Reptilian

Look up at the stickies

https://forums.comodo.com/format-verified-issue-reports-cis/why-cant-i-edit-my-bug-report-now-its-in-verified-t65873.0.html

Is this fixed for you in 2813 Reptilian? Not marking up until consulted