Some (new) D+ Rules not saved in 3.5?


After upgrading to the latest version of Comodo Firewall (3.5.54375.427) I have a lot of new D+ messages coming up which is quite ok. However, certain applications (e.g. PSPad) ask every time i start them, although I’ve allowed the rule and its saved in the “Comodo D+ database”. After allowing again (and saving) I have the same entry twice (in the D+ “Computer security policy” under “Protected Files/Folders”.

The dlls mentioned are allways the same: C:\Windows\System32\cscui.dll and C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll.

Using Vista 32-bit.

Thanks for any ideas how to solve the problem.
kind regards

Hello WotC,

Are you running normal user account or admin with UAC ?

I have the same problem but only with Catalyst driver, I’m on an admin account with no UAC.

Sorry for the delay. Admin account without UAC. Any suggestions?


Same here too. I updated to the same release (3.5.54375.427) this morning and Defense now pops up with warnings about modifying DLL’s like audiodev.dll, shdocvw.dll and PhotoMetaDataHandler.dll.
I use CircleDock and Pan which spawns these pop ups. And yes, I know CircleDock is alpha.
UAC, AERO is off. OP mentioned cscui.dll. I had that as well but not as frequent as the ones above.
I don’t mind the extra messages but it seems Defense is not learning.

BTW, Defense is running in Paranoid mode.

I’m running D+ in paranoid mode, too. And to describe it a little bit more specific: D+ IS learning - whenever i say “Yes” and “Save rule” a new entry stating exactly the same dll is added to the respective entries. After starting one and the same application several times i have a lot of identical entries.

Update: It looks like as for me this problem only arises after UPGRADING to the newest version (I removed the firewall and installed CIS) - when CIS is installed an a clean system, everything looks fine for me.

I am running Windows Vista Ultimate 32-bit with UAC enabled.
In the Defense+ tab, under Computer Security Policy, I have Minefield\Firefox.exe listed. When editing this entry, if Application System Activity Control\Access Rights\Protected Files\Folders is set to ‘Ask’, cscui.dll will be added every time Minefield starts, because Defense+ asks me for permission every time I start Minefield, even though I have ‘Remember this action’ checked. The only way I found to get Defense+ to stop asking me when I start Minefield, and to stop adding another instance of cscui.dll, was to change the Protected Files/Folders setting under Process Access Rights to ‘Allow’ from ‘Ask’ for Minefield\Firefox.exe. Minefield is the only program that I have this problem with. Defense+ remembers all other actions when it opens a popup and asks for permission, just not this one when Minefield starts. I thought it might have something to do with the fact that Minefield is just in pre-Beta.


I am testing CIS 3.5.55810.432 right now and I have the same problem described here.
Below are the information requested in the “how to submit”.

  • CPU 64bits
  • Vista SP1 32bits
  • used concurrently with Kaspersky Internet Security 2009 (only file/mail/web components, no Proactive Defense)
    • Specific symptoms : some file paths accesses are asked every time I start some applications, file paths are duplicated in the Defense+ “Protected File/Folder” access right of the application.
    • Specific steps you have taken to try to resolve it : I purged thunderbird files access list allowances, I deleted completly thunderbird from the rules, to no avail (thunderbird is just one example, Firefox does the same for instance).
    • Brief description of your Defense+ and Firewall+ mode : D+ is in paranoid mode, everything checked in Defense+ Settings.
    • no BSOD
    • Administrator account with UAC enabled, with Norton UAC (

Hope this helps.

[attachment deleted by admin]

Could you attach that configuration with multiple same entries please?

I have the same problem:

Change the path for the file from:
C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL
C?\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL

There is a problem with the : char in the paths with checking .dll files

See also my screenshot, i’m running Vista SP1, x32, Normal Users, Modified ProActive Security.

[attachment deleted by admin]

are the registry entries for that file completely the same?

Yes, the [at] stuff is from the forum script.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy\129\Rules\8\Allowed\1]
“Filename”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”
“DeviceName”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy\129\Rules\8\Allowed\10]
“Filename”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”
“DeviceName”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy\129\Rules\8\Allowed\7]
“Filename”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”
“DeviceName”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy\129\Rules\8\Allowed\8]
“Filename”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”
“DeviceName”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy\129\Rules\8\Allowed\9]
“Filename”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”
“DeviceName”=“C:\Program Files\Mozilla Thunderbird\extensions\\components\FULLSOFT.DLL”

Hi Guys,

This has been fixed and the fix will be available shortly with 3.9 release(april 2009).

Sorry for the inconvenience.