Since some time I find my comodo Firewall suddenly stopping without notice. Then I have to run the diagnosis and reboot. The temp file in the C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\comodo shows nothing.
It is very nasty to see that a security tool stops without any warning! I find no log and have no idea what is wrong. The message comes that Comodo found some problems with my installation. But what?
I am not familiar with Threatfire. How does it work? Is it a Behaviour Blocker program or a HIPS based program like Defense +? Make sure Threatfire is not blocking anything related to Comodo.
Threatfire is a behaviour blocker, which is a subset of a classical HIPS (Defense+), so I wouldn’t be surprised of trouble if both are presently active. Its driver can conflict even if there aren’t any apparent blocking rules in Threatfire. The fact that you rebooted after the Diagnostics leads me to believe that it detected something. What happens if you run the CIS Diagnostics again?
yes, the threadfire (free) I use as an addition to the anti virus. A threat is detected by it’s behaviour.
For the time being it is like this that 95% of the time, there is no problem with comodo Firewall. Then suddenly I find it switched off.
The threadfire is configured such that it asks if there seems to be a threat. It doesn’t stop anything.
I added now Comodo as a reliable process to the threadfire list. Will see what happens.
If I run the diagnostics when no error is reported and the FW is running then the message comes that Comodo didn’t find any errors.
It surprises me that there is no warning from Comodo that it has switched off itself and there is no log.
I just had again the problem with the turned off firewall. After the reboot there was a window ‘initializing Comodo CIS’. Then I saw an updater window. Seconds later I find Comodo turned off.
By the way, which file is the log? I cannot find any file which has been updated just after the crash. (I checked for date modified)
IIRC (I like using the acronym tags :P), it’s called crash.dmp. If you couldn’t find it by Date Modified, and as the filename is evident, I’m sure it didn’t generate the report.
Just because ThreatFire doesn’t block CIS in its GUI doesn’t mean its driver can’t conflict with CIS’ driver. Some things aren’t always visible to the naked eye ;). Try uninstalling ThreatFire for a certain period and then see if the crashes persists. The two overlap security-wise anyway. It’s like CIS is a bucket of water and Threatfire represents a few water drops in it. It’s an exaggerated example, but you get the idea.
to avoid a misunderstanding: the time being I only use Comodo firewall. No Antivirus or something else. The antivir is avira. So is it with this configuration still possible to cause that conflict?
On an other machine I have installed CIS (everything this time) and parallel to it the Threadfire. (W7 home premium; installed 2 weeks ago). Until no I haven’t observed any crash so far. I will continue to keep an eye on it.
Maybe it is not the threadfire which causes the conflict.
It might be different for Windows 7, but I’ve seen reports of conflicts with Threatfire and Defense+ in the past on XP. As for Avira Antvir, it is an antivirus, not a behaviour blocker or HIPS, so there’s no conflict with Comodo Firewall & Defense+.
so what the security is concerned the Comodo replaces the threadfire completly?
(I usually take programs which have been recommended and tested in good computer magazines) Comodo firewall was one of them as threadfire, too. I haven’t seen any test results on Comodo Antivirus or defense+
First, you must recognize the difference between a classical HIPS (defense+) that monitors all system changes and behaviour blocker (Threatfire) that monitors only suspicious behaviour. As I mentioned a couple of times already, there is no point in having both running at the same time. If anything, it can cause stability issues like you have experienced because the two might be fighting each other to see who takes control first.
You can find reviews from languy99 on youtube as well as matousec.com
So I unsinstalled Avira Antivir and Threadfire and installed CIS completly. All went well until the next update came. Installed it and Comodo stopped. Diagnosis fixed it and I had to reboot.
What kind of update, the antivirus signature database or CIS itself?
If it’s the former, then I have no idea because I don’t use the antivirus. If it’s the latter, instead going through the update, what if you uninstall then reinstall with the latest version instead? It’s a longer way but might prevent the problem.