sXe Injected Compatitbility

For some strange reason, Comodo is apparently making the anti cheat program sXe injected not work. How can this be? I’ve talked with the sXe injected people on there forums and they said that i should uninstall Comodo. But i love your firewall, i just cant give it up. Can you please find out whats making Comodo mess with sXe injected?

Please try the workarounds as described in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if that brings a solution.

I tried adding it to exceptions and gave it a special rule under security policy and it still crashes. How can i completely disable defense+. Im only interested in the firewall anyway. I unchecked everything under monitoring and also disabled everything under defense+ settings. Is there some registry string i can change to just completely disable Defense+ and use firewall only? I installed with firewall only so i dont no why defense+ is even on here. Maybe you could move my post to defense+ forum section.

You need to select Deactivate Defense+ permanently(Requires a system restart).

Ive done this already but i still think some things are left on. Execution Control Level is set to enabled (ive disabled it before and sxe injected still doesnt work) and all options under monitor settings are checked and i beleive are running. And they must be because i doubt the reason sxe injected doesnt work properly because of the firewall (i already set it to tcp/udp in and out). and thing sxe injected error logs talk about “hooks” and i see theres an option there to enable monitoring of winevent hooks. so some options for defense+ must be still active. Ive already tried to uncheck everything and disable everything but i think its still running. Is there like a registry key i can change so off officially?

When D+ is permanently disabled then Image Execution Control is also disabled

And they must be because i doubt the reason sxe injected doesnt work properly because of the firewall (i already set it to tcp/udp in and out). and thing sxe injected error logs talk about "hooks" and i see theres an option there to enable monitoring of winevent hooks. so some options for defense+ must be still active.
Can you show a screenshot of these logs? Are these logs by CIS of by sXe Injected?

Can you double check that you selected Deactivate Defense+ permanently(Requires a system restart)?

The Deactivate Defense+ permanently is definitely checked. But i still get an error message in the sXe injected logs. Here it is:

2011/09/06 16:26:16 - Unknown (6.1.7601 Service Pack 1)
2011/09/06 16:26:16 - version: 12.0
2011/09/06 16:26:16 - [ The master of the soup ]
2011/09/06 16:26:16 - open [75567E48]
2011/09/06 16:26:16 - [27E48][_open] has an inline hook
2011/09/06 16:26:16 - [27E48] has been cleaned

2011/09/06 16:26:16 - Platform: x64 detected
2011/09/06 16:26:16 - Waiting for game…
2011/09/06 16:26:25 - Intercepting pid [3172]
2011/09/06 16:26:25 - Injecting: [C:\Program Files (x86)\sXe Injected\sxe.dll]
2011/09/06 16:26:25 - Injected OK
2011/09/06 16:28:02 - sXe Injected closed

Its just very coincidental that theres a option under monitoring settings named WinEvent Hooks. Ive unchecked all those options under monitoring settings and it still crashes. Its makes me think that comodo is still using defense+ in some way. Does the firewall need cfp.exe and cmdagent.exe both running to function or is one of those exe’s for defense+?

I am not convinced the logs report an error. What logged event(s)do you think describe(s) the error?

What i put in bold should not be there. There should be no “inline hooks” that need cleaned. And i see that comodo monitors winevent hooks. So comodo must be interfering with sxe injected hooks. Does the firewall need cfp.exe and cmdagent.exe both running to function or is one of those exe’s for defense+?

2011/09/06 16:26:16 - Platform: x64 detected 2011/09/06 16:26:16 - Waiting for game... 2011/09/06 16:26:25 - Intercepting pid [3172] 2011/09/06 16:26:25 - Injecting: [C:\Program Files (x86)\sXe Injected\sxe.dll] 2011/09/06 16:26:25 - Injected OK Looks like success to me 2011/09/06 16:28:02 - sXe Injected closed I read this as that this procedure is now closed
I think looking at these logs is a bit of red herring.

That being said. If D+ completely disabled is not helping and if only uninstalling is the solution then there is a compatibility issue going on that begs for a bug report.

If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will be seen by Comodo staff.