[Solved] Clean Endpoint / COMODO Cleaning Essential (CCE) is discontinued?

Greetings all,

I just chatted with a Geek Buddy representative regarding my Windows OS installation getting corrupted everytime I try to run CCE (as CCE downloads through CIS complete, it installs, asks for reboot and after rebooting, Windows would get corrupted beyond repair). The issue, I’ve been told by that representative, is that CCE is discontinued.

How come such a part in COMODO forums offers to post ideas for further development when core function of the anti-virus (CIS) such as anti-rootkit gets retired?

1. I’m wondering how we, as COMODO customers, can get COMODO to restore such an important functionality of our computer defense?

2. In the meantime… what alternatives (other company or product) do you guys suggest for anti-rootkit replacement? (As the Geek Buddy representative who serviced me told me that COMODO had no product to replace CCE; which is a very surprising “shopping” experience)…

Thanks in advance.

P.S. Are those changes to CCE linked to the release of Win11?

Hi burialfaith,

Thank you for reporting, could you please check your inbox for pm and respond ?

Thanks
C.O.M.O.D.O RT

Greetings,

Thanks for the reply! I did receive the designated pm.

I appreciate the clarifications that CCE simply have bugs instead of being discontinuated.

Thank you!

B

Hi burialfaith,

Thank you for responding, from your above post we understood that your windows OS getting corrupted every time when you try to run CCE isn’t ? if not kindly provide us the below details so that we will check the issue and update you.

1. Can you reproduce the problem & if so how reliably?
2. If you can, exact steps to reproduce. If not, exactly what you did & what happened.
3. CIS version ?
4. CCE version (Downloaded & using separately from the website or using CCE with CIS offers) ?
5. Win version along with system bit type ?
6. Do you have any other security software installed on your machine other than CIS ?
7. Any other information, eg your guess at the cause, how you tried to fix it etc.
8. If possible, any related screenshots ?

Thanks
C.O.M.O.D.O RT

I will need to make a backup image of the current C: drive first.

Hi burialfaith,

Thank you for responding.
May i know the problem(What the specific problem is and what you are seeing) ?

Thanks
C.O.M.O.D.O RT

Greetings,

To fully explain the problem:

I installed Windows 10 via USB key (with its .iso on it) on a mixed new parts PC (new motherboard, new cpu, new ram, new nvme 2.0 ssd, old psu, old gpu, old desktop tower, old mouse, old keyboard, old TV).

Then, once Windows is done installing, I’ll login to a new Windows session (as admin by default), download CIS complete, install it, reboot, enter my serial key into CIS complete, then go in advanced tabs of CIS complete and chose to run Clean Endpoint. CIS will then download CCE, CCE will install, ask which type of scan I want to run (I think), then ask for reboot to scan the PC. After rebooting, Windows OS would attempt to automatically repair itself, but wouldn’t succeed (and CCE scan wouldn’t run and I couldn’t reach the user login screen to a windows session). Then, everytime I try to boot the PC, Windows fails to auto-repair itself. I could only manage to boot in recovery mode (I think its called), (which is a GUI allowing: windows to auto-repair problems preventing it from starting, has troubleshooting options, allows to boot straight to windows, offers to reboot and allows access to cmd). From that recovery mode/GUI, I tried typing commands through cmd to fix windows, commands which I dont remember, but it wouldn’t fix Windows through cmd. (Probably fixmbr, sfc scannow and dism … /restorehealth).

I tried alternatives leading to the same problem. I installed Windows 10 through usb key, logged in as admin, created a non-admin user and only used that session from there to download and update CIS complete, fully update Windows 10, then download and run CCE (Clean Endpoint), but Windows would still get corrupted after rebooting in order to have CCE scan the PC (as descrived above). Also, upon my very 1st Windows install on this new mixed parts PC, through usb key again, I did login as admin, created a non-admin user and from that new user session only I did fully update Windows, then installed safe softwares such as Steam, Origin, Battle.net and had them scan and retrieve games installation on another internal HDD and when I was done installing my PC setup, I tried running CCE with the same method as previously mentionned which resulted in corrupting Windows OS.

Also, within my last 10 Geek Buddy tickets, the 7-8 older ones are all related to this issue (with maybe more details) and are all one after the other.

I’m done running Windows MRT, Avast’s boot scan and deep scan and CIS complete full scan and everything looks fine on this installation. I’ll make an image backup of the OS during the night so tomorrow I’ll be able to test and download CCE again on the PC which experienced the issue.

Thank you for the follow up.

B

Greetings,

I just tried again to download and run CCE through CIS and still Windows OS would get “corrupted”. Here is the information you requested.

1. I believe my previous Geek Buddy logs (all one after the other) provides the best information regarding past events. Basicly, no matter how fresh the Windows install was when I downloaded CCE (always through CIS), Windows would always get corrupted just after the reboot offered by CCE.

2. I believe my previous reply to this topic contains the answer.

3. I don’t remember which CIS version I was using when this happened, but it was after february 2022. Right now I’m using CIS complete v12.2.2.8012 database version 34807.

4. CCE was always downloaded through CIS complete and the diwnloads were after february 2022. The version of CCE I just used is: 12.2.2.8012.

5. 21H2 (OS Build 19044.1826) Win10 home 64-bit. I don’t remember which windows 10 version I used when the problem occured in the past, but it was an .iso downloaded from Microsoft website after close to or after february 2022.

6. No. At the time the issues occured, Windows Defender was even off by default.

7. (I) Maybe CCE was downloaded (through CIS) before CIS complete did fully update.

(II) Maybe the new hardware I purchased wasn’t compatible with the CIS/CCE code that was used at that time (requiring an update from COMODO). More precisely, I’m speaking of a WD Black 500 Gb SN750 running on UEFI install (which I never used with the previous PC due to motherboard restriction).

(III) Also, In my previous post where I mentionned the physical PC components that were carried over from previous PC installation, I did forget to add a very important component: 2x 3.5 inches HDD containing personal files and softwares (installed through Steam, Origin, Battle.net and a few other softwares like these even some being unofficial for BF2 servers). I also carried a Kingston 240 Gb A400 which had been 0 formated! Since the previous Windows installation (which was a win 7 upgrade to Windows 10 (that you guys helped me to carry all these years!!!) was dating from at least 2012 and was running on a non UEFI capable mobo, I wonder if some fictives rootkits could of been carried over through one of these 3 HDDs.

(IV) I didnt try to fix the issue as I don’t know how to diagnose the precise cause, but I reported it asap to Geek Buddy which told me in the first place the issue was being sent to the devs to work on a fix. A month or so later I did knock again at Geek Buddy’s door to ask for update to being told the confusing statement now untrue that CCE was discontinued.

8. I have a Dynex WX-WKBD keyboard and a Razer Viper 8KHz ambidextrous mice; not 3 keyboards and 2 mice as shown on the BIOS picture. A previous Geek Buddy representative told me years ago that the Dynex keyboard would explain “2 mice and 1 keyboard” status which was at that time with another mouse; now with the Razer one, maybe: (1 physical mouse + 1 physical keyboard) = (3 keyboards + 2 mice) under the BIOS.

Following are URL links for the images describing at 100% and chronologically the reproducible problem:

At one moment, I think just after the BIOS shows up a second time (after the 13th picture 7-D05300-C-9-E8-C-4235-BCE4-A89-F07-E3-FB96 hosted at ImgBB — ImgBB ), some white english text appeared (4-5 words / 25 characters) in the upper left corner of the screen (which was all black) which I could not capture.

Thanks in advance,

B

I have some more details to share about the issue which I hope will help toward it’s resolution.

The following two paragraphs are maybe just a worry (so may contain extra info), but it also contains the most detailed steps and information possible.

From the last picture I posted ( D673-EA1-B-C673-4377-80-D4-C1-B4-DAC08-F2-F hosted at ImgBB — ImgBB ), I did click on “Advanced Options” (the next window that follows this click is what I refered to in one of my previous reply as “recovery mode”). Then I launched recovery from a system image. It asked for my admin password which I prompted and then it automatically found 1 backup (but would not let me browse through devices). I then plugged in my external HDD with the Windows system image on it (that I made within the last 24h right before installing CCE through CIS complete today). Then I could not browse for a system image location through the Windows utility which is maybe normal, but since its the first time doing that, I depict it here (maybe its due to UEFI installation or Windows autorepair failing leading to this type of system image recovery (instead of fresh OS install then system image recovery through stable Windows). I then shut down the PC, unpluged the external HDD, and launched again the recovery for system image from the picture I just refered to) and still Windows would detect the same backup (even though the external HDD was unplugged). When selecting that backup, Windows would say the source is not connected. I shut down the PC, reached the blue screen shown on the picture mentionned in this post, launched recovery through system image, prompted admin password, still see the same backup (and no option to browse location), plug in the external HDD mentionned above into the motherboard, still I couldnt select locations and only 1 backup (the same as earlier) was listed, I clicked it (and now that the external HDD was being plugged in), the recovery proceeded.

The hard drive containing Windows OS that was used to copy from when creating the system image occupied roughly 410 Gb / 465 Gb (of the WD Black 500 Gb SN750 SE). The destination disk, external HDD is a Seagate GoFlex Desk 2 Tb USB 3.0 (cant find the rpm in specs) and has been plugged in a usb 2.0 port of the motherboard. The restore process using this system image restore process said it wouldnt touch personal files if I remember correctly and lasted less than 5 minutes to my surprise (and not 3-4 hours like it took to make the backup. (Maybe its UEFI installation related so only faulty file would be restored or it could it be due to the possible lightweight system image restore from “Automatic Repair” rather than the possible full option when launched from a windows session through file history)?

Upon the system image restore process being successfully completed (process accessed through the picture mentionned at the start of this post) only 5 minutes had elapsed (for the “full” restore process to complete and not 3-4h as I would of expected). Then I shut down the PC, unplug the external HDD and boot into Windows through my usual non-admin session only to see the CCE scan now starting (after the system image restore process had completed)!

I’m not sure to understand why a CCE scan launched before a system image restore would persit upon “next?” session login on the “restored system”. Also, I dont quite understand what might be causing the issue in the first place.

Here’s a new picture of CCE scan running after booting in my first session following the “system image restore”:

Thanks in advance,

B

Some more info. The problem returned after the CCE scan completed.

CCE scan finished without finding a threat. Then CCE said: “The system needs a restart to complete the scan” and I clicked on “finish” button. Then the PC rebooted and Windows went in “Preparing Automatic Repair” mode, then “Diagnosing your PC” mode only to show the same blue screen mentionned in my previous post apparently named “Automatic Repair”.

Here’s some URL links of images showing what I just described chronologically:

B

More info still:

Following my last post, I did another system image restore (same process as 2 posts earlier) with the very same backup itself and same method I mentionned and it succeeded in fixing Windows again, but upon rebooting I logged on straight to my usual non-admin session and this time CCE scan report window wouldnt display (as it used to at this step of the scan to say either something like: “no hidden rootkit/services detected” or list the one founds).

Even if that CCE result window would of appeared with no treaths detected, I would of been a bit suspicious about a negative scan result (under the conditions this scan was “fully run” on which I depicted in this thread).

URL links for images related to current post in chronological order:

Thanks in advance for the follow up.

B

Hi burialfaith,

Thank you for providing the requested information, we will check and report this to the team.

Thanks
C.O.M.O.D.O RT

Could you please contact me when the fix will be released? I’d greatly appreciate it!

Thank you!

B

Hi burialfaith,

We are checking on this, we will update you.

Thanks
C.O.M.O.D.O RT

Hi burialfaith,

Could you please check your inbox for pm and respond ?

Thanks
C.O.M.O.D.O RT

Greetings,

Thanks for the message in PM and I apologize for the delay in answering (I unfortunately had to reinstall my PC).

I followed all steps suggested in the PM and still windows OS would get corrupted after rebooting (in order to run CCE). I contacted Geek Buddy and we tried disabling the Windows error message through CMD (to boot straight into Windows), but the corruption of the OS (seemed to or did) prevent Windows from booting still.

Thanks in advance,

B

Hi burialfaith,

Thank you for reporting, we have checked and found no issues on this.
However we will take this to the team notice and update you.

Thanks
C.O.M.O.D.O RT

Greetings,

I reinstalled Windows 10 through USB key about 2 weeks ago, with only 1 HDD connected (nvme) this time and after patching Windows, I tried to run CCE and the issue still occurs.

I had the opportunity to chat with a Microsoft representative until my last reply and told him about the issue. The representative then told me that Microsoft could deny the use of that technology in order to prevent OS integrity as a scan running under the OS could be used to inject treaths in the OS he told me.

Would that simply be the issue here? Is CCE supposed to work fine on current Win10 and Win11 or is it only working on Win8 and previous OS? (Or would the issue be more targeted around UEFI installs which could maybe prevent the use of CCE through Windows policies)?

I cant wait to run an anti-rootkit scan on the PC that I purchased 8 months ago.

Thanks in advance,

B

Hi burialfaith,

Sorry for the inconvenience.
We have reported this issue to the concerned team and they are working on it.
We will keep you posted.

Thanks
C.O.M.O.D.O RT

Any news?

I’m now noticing that guard64.dll has corrupted hash, but I’ve been told that there is no help option currently available for that issue.

I don’t know if guard64.dll hash corruption could be linked with the current issue that Windows is being corrupted when I try to run CCE?