System is trying to modify ...

I wanted to go to bed and switch the PC when in the middle of the sutting dowm Difense+ popped upsomething about that system is traying to modufy/creat folder… then PC went off.
I was curious and suspicious and started PC again. Then Defense+ popped up again (see screenshots).
I didnt take any action in Comodo.
Since then my Wifi is crashing every minute (it looses connectivity) after it connets again

whats is going on???

PC: the last popup System2 is coming every 10min

[attachment deleted by admin]

I had a similar problem, getting a protect file popup for shutdown.etl even when I had automatically create rules of safe applications checked. I manually had to edit the auto generated rule and gave it access to the entire LogFile/* directory.

yes exactly, when I shotdown Comodo pops up something about shutdown.etl. Then it pops up every 10min that system is trying to modify the conteds of C:\Windows

I dont know why all this popups are coming suddenlly, nothing has changed yesterday ???

I manually had to edit the auto generated rule and gave it access to the entire LogFile/* directory.
How you did this?

PS: I tried to repair Comodo via Control Panel, but the option for repair is greyed out and not active ??? ??? ??? Is this normal???

I’ll check my defense+ rules when I get home, at my university at the moment.

the popup is coming every 10min.
Dont know to allow or to block? If I create rule where should I find this rule for editing or removing it later?

In defense +, computer security settings.

But wait.
If you control the allready existing list, you may notice the entry “system” under “windows system applications” as a predefined rule. This rule would allow the real system “file” to modify folders and so on. You should not get that question!

Thats why i would say: Click on the file name on top in the question window that you get all ten minutes, to verify where the file is located.
And until this situation is cleared up, its very suspicious that you get a question about a system “file”, which would have been covered by an existing rule for the original allready!

If you run Defense+ in paranoid mode you will get this popup, even with automatically create rules for trusted applications checked. My guess is the shutdown action changes the state of CIS and rules cannot be created during the shutdown process, hence this popup occurs and the rule can’t be automatically learned.

Although I never got the popup for \System, just for a few .etl files windows tries to update with during the shutdown event.

I run Defense+ in Safe mode.

Thats why i would say: Click on the file name on top in the question window that you get all ten minutes, to verify where the file is located.
I know that. Look on the 3rd screenshot in my first post. When I clicked on System there I thing it came the properties windows pointing to C:\Windows. I am not sure, have to look again when I am home later. On the second icon on the popup I can not click.

It is strange because as I alredy asked in https://forums.comodo.com/install-setup-configuration-help-cis/how-can-i-repair-cis-t82802.0.html my Repair option is greayed out and can not be repaired

As you use safe mode, you should not get a question about the REAL system “file”.
Can you verify that you have the predefined rule section for windows applications in the defense+ list? There are greyed things listed, like system, %windir%\system32\svchost.exe, …

Take a look at this…

if anyone would like to ‘translate’ this into simple english that would be nice.

Also, take a look a my thread from last Oct.

https://forums.comodo.com/defense-sandbox-help-cis/system-could-not-be-recognized-t78016.0.html;msg557902#msg557902

I think he’s just trying to illustrate the mechanism behind data collection for etl files, which are a standard part of the OS performance and reliability ecosystem. I think the reason D+ has a problem with these, sometimes, is when a a trace file is created with a new name, but that would need further investigation…

Can you verify that you have the predefined rule section for windows applications in the defense+ list? There are greyed things listed, like system, %windir%\system32\svchost.exe
where exactly do I have to look, could you please explain (maybe with Screenshot better)

thanks

Defense+ rules list
There are your games, programs ect listed with notification about what kind of rules they got (custom, trusted, blocked).
Scroll down until you see the entry tree “windows system applications”. Its a collapseable tree entry. It contains:
system
%windir%\system32\svchost.exe
%windir%\system32\services.exe
%windir%\system32\smss.exe
and so on

Do you have it?

The predefined policy “windows system applications” which these entries under the same name tree in the defense+ list have, allows to modify, allows everything apart from starting other files without question under safe mode.
Thats why i have doubts, that your question is about the real system “file”, when you have that tree in the defense+ rule list (default).

Sorry to jump in here but since I have been getting the same “System can not be recognized” warning.

Please take a look at these screen shots…I no longer have any Predefined Policies since the latest
update…(5.10)

[attachment deleted by admin]

Does anyone else with this problem have no predefined policies?

If so its probably some form of update problem.

I’d suggest a bare metal re-installation as per Chiron’s FAQ: Most effective way to re-install.

Best wishes

Mouse

Sometimes when cfp.exe of cmdagent.exe crash you can loose rules. Best thing is to make back ups from your configuration from time to time.

At cska133. Does the problem also occur when you import and activate a factory default configuration? They can be found in the CIS installation folder.

first of all I do not have the last version of Comodo , since I have some issues with the Comodo driver which has been set back from CIS 5.4 —> but this is another story, I am in contact with Rick ■■■■ who is working on that and reported that the driver will be “fixed” in CIS 6. So I am still using CIS 5.3.xxxxx. But maybe I will update to the llast version to see if the problem with the system popups stil occurs.

Scroll down until you see the entry tree "windows system applications". Its a collapseable tree entry. It contains: system %windir%\system32\svchost.exe %windir%\system32\services.exe %windir%\system32\smss.exe and so on

Do you have it?

I was not at home , so I will check this out soon and will report.

Sometimes when cfp.exe of cmdagent.exe crash you can loose rules. Best thing is to make back ups from your configuration from time to time.

I remember that on that day when these popups came I had a Comodo crash. So maybe this is the case

Defense+ rules list There are your games, programs ect listed with notification about what kind of rules they got (custom, trusted, blocked). Scroll down until you see the entry tree "windows system applications". Its a collapseable tree entry. It contains: system %windir%\system32\svchost.exe %windir%\system32\services.exe %windir%\system32\smss.exe and so on

sorry, I really dont understand what CIS entry do you mean with D+ rules list? I dont find this, maybe because I have version 5.3
Please clarify in D+ modul what do I have to open Events, active process list or computer security policy? I think it should be in the security policies, but is it unter rules list or predefined policies … BUT nowhere I do have collaseable tree entries???

Look at screenshots, whitch is relevant?

thanks

[attachment deleted by admin]

Could you try this and tell if the problem persists or not?

yes, activating the defaut settings solve the problem