I’ve got a fresh windows xp sp2 install with updates. I’ve only installed 1)windows critical updates, comodo 3.0, and Mcafee AV on another HD (backed up with an image–verified working). Everything seemed to be working fine for the couple of hours I’ve played around with 3.0 mostly reading the “help-section” (which imo is the best help tutorial I’ve seen installed on any program). It was time to take everything out of the learn mode and add some ‘basic net rules’ and some ‘net rule groups’ and then bump-up the defense + settings which I did. I played around with the settings some and decided to open notepad to record some of what I did. All of a sudden I get that notepad is “not a valid system 32 program”, same with wordpad, and the clipboard viewer. I could open control panel and ‘My Computer’ from the Desktop but that’s about it (obviously there’s not much on the desktop yet). So I decided to reboot, and even though I’m in logged on as an admin, it said I didn’t have the privileges to shutdown this computer or log-off this account. So I did a hard shut-down and restart, same exact-thing but Comodo 3.0 didn’t load in the taskbar (bottom right) and Mcafee came up in the taskbar as an all black Icon instead of the red-M symbol. Hard-shutdown and restart in safe-mode, and everything is OK in the safe-mode (system restore was off). While in the safe-mode I did a Mcafee virus-scan on the Cdrive–nothing. Shutdown/boot to xp----same thing-- nothing was a valid system32 application and didn’t have privileges to shutdown/log-off the administrator’s account. I’m guessing it was some of the changes I made to the HIPS, but I’m not sure, and I hadn’t exported my settings to file yet. Does anyone know what could’ve caused this “this is not a valid system32 program” and “not having the privileges to log-off/shutdown from an admin account”? --and what I should do/or where should I look in the logs for problems if this happens again? I reinstalled the C-drive image before the Comodo 3.0 changes and everything appears to work fine with no problems. I’m getting ready to set up comodo again and this time I’ll export my settings to file on another partition before exiting 3.0 as well as make a note of the changes I did before exiting Comodo 3.0. BTW just a minor suggestion, it would be nice if you had the option to access “network activity and logs” for viewing only (bypassing the password and opening the 3.0 GUI), from another icon next to the regular 3.0 Shield Icon in the taskbar. Also defense + means the Comodo Application Behavior analysis (2.4) on 3.0 as I’m back on the drive with 2.4) Sorry if the nomenclature was not correct as I’ve been playing around with several AVs loaded with Version 3, each backed up on a separate fresh xp/sp2 image install).
Hi Jrx,
Yes the “not a valid 32 bits program” is an error message commonly seen when Defense+ blocks something unintended. Along with the other error it seems Defense+ was blocking core Windows functionality. If it was working fine until you changed the configuration then of course installing again should do the trick. It would be helpful for us if you remembered something about what you changed because more people may be doing the same.
Yes the "not a valid 32 bits program" is an error message commonly seen when Defense+ blocks something unintended. Along with the other error it seems Defense+ was blocking core Windows functionality. If it was working fine until you changed the configuration then of course installing again should do the trick. It would be helpful for us if you remembered something about what you changed because more people may be doing the same.I will reconfigure the settings from memory as close as I can as there weren't that many. Also: 1) Is there anything you can do from the xp safe-made to reset defense-plus to baseline 2) If I start xp system-restore and create a restore point before reconfiguring defense-plus, and then if this happens again, will a restore reset the defense-plus to baseline? 3) If I export the settings and send these settings to Comodo, will this be helpful, 4) what should I look for in event logs (other-logs) from the safe mode?
To be honest I can’t answer all your questions with total confidence, maybe someone else can. I think CFP stores the settings in the registry so Windows’ System Restore should restore CFP’s settings as well; also I think I’ve seen some of this happen, but I’m not sure. You can try yourself. Before you start changing the configuration again it would be good if you exported the current working settings. Then if something went wrong you could import that back and start again, or if terribly wrong you could always start in safe mode and make a system restore.
It has something to do with the paranoid mode. I dropped it down a level and it was better, but I still had a problem logging off to another account. The windows account screen will pop-up ok, but sometimes I can’t type in the log-on password, and I have to shut down and restart, and sometimes it’s very slow. After dropping it down from the paranoid mode, it responded better but still sluggish, especially logging in/out from an already open account. Logging on at boot appears to fine. Other than the paranoid mode, and configuring some 'net control rules, I haven’t/didn’t configured anything. One thing I do like about 2.4 over 3.0 is that it’s easier to get to the “activity connections” window, as well as the “FW activity logs” window and it sure was easier in 2.4 to clear the logs. That “view connections” window in 3.0 is a pain compared 2.4 imo. However, the “event explanations” and defense + in 3.0 are light-years ahead of 2.4. I’m running 2.4 with KAV right now on this fully configured HD one this old 'net computer, and it’s still somewhat sluggish but I’ve got some of the KAV functions turned off. 2.4 with Mcafee was never any problem except for Mcafee’s constant connection attempts to contact their servers every surfing moment . (which I’ve dealt with with the FW). 3.0 and KAV just wouldn’t work for me on the new drive,(even installing KAV 1st) so I’ve got 3.0 on with Mcafee and basically no other programs loaded and it’s sluggish and eating up a lot of memory (over 200 MB for Windows/Mcafee/Comodo 3.0 but I guess this is normal.
Maybe it could be sorted if you granted enough permissions to some Windows core app, winlogon.exe, userinit.exe or something. You can’t be wrong if you allow all kind of activities for Windows system apps. I saw tons of popups from wmiadap.exe also before I added to the windows system app group which has windows system app permissions (allow all) and is exluded from CFP’s self protection against memory accesses and terminations, because otherwise there’s trouble. Besides a conflict with Windows itself, it may also be with your AV as you say. Again you can’t be wrong if you define its apps as trusted ones.
Even if you’re a power user and like to have full control, with D+ it’s always better to start at default levels and move from there carefully one step at a time. (I would never recommend the paranoid level, unless perhaps temporarily if you think you’re attacked, plus the clean pc mode would defend you against it all right anyway… But of course you decide.)
Yes a lot of people including me think that there’s too much cliking to be done to clear the logs, to move between them and the rules, etc. But yes it’s true that the popups are phrased in a helpful way and besides they come in three colour depending on how suspicious the activity seems to CFP.