System unusable when iZ3D 64bit service is running and CIS is installed

HI,

I don’t know if this is a bug or some general incompatibility. Here is the problem:

When I install the 3D Drivers from here: http://www.iz3d.com/driver the system becomes unstable.

System:
Windows 7 x64
CIS 5

Steps to reproduce:

  1. Install driver
  2. Allow all Alerts/create rules in Defense+
  3. make sure the service S3D Service (Win64) usually in C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe is running
    The 32bit service does not seem to cause problems.

Problems:

Some programs refuse to start/hang. Process is suspended. Example Chrome Browser, Catalyst Control Center
Some programs crash at unpredictable times.
Upon reboot you cannot login to your system/Black Screen after login with password.

Steps taken to resolve problem:
Tried disabling Antivirus, Defense+, Firewall and Sandbox from Comodo Tray Icon. → no effect
Tried adding C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.EXE to shellcode injection exclusions → no effect
Tried adding C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjector.dll to shellcode injection exclusions → no effect
Tried adding C:\Program Files (x86)\iZ3D Driver* including subfolders to Trusted Files → no effect
Tried unchecking detect shellcode injections → no effect
Tried setting Image Execution Control slider to disabled → no effect
Tried unchecking all checkboxes on the Monitoring Settings tab → no effect

Stopped the S3D Service → everything back to nomal (with CIS 5)
Tried uninstalling CIS 5 → everything back to nomal (with iZ3D)

Strange Observation:
When the driver is running Google Chrome does not display anything on its tabs and spawns a process AppData\Local\Google\Chrome\Application\wow_helper.exe while the chrome.exe process is suspended. This does not seem to happen when the S3D Service is not running.

Is there any way to have both: CIS 5 and the iZ3D Driver? Does anyone have similar experiences?

I just figured this also might be helpful:
There is nothing in the Comodo event logs about this. Not in D+ or Alerts displayed, nowhere. However upon login you might get this in Windows Event Log:

The following boot-start or system-start driver(s) failed to load:
AFD
cmdGuard
cmdHlp
CSC
DfsC
discache
inspect
iZ3DInjectionDriver
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vpcnfltr
vpcvmm
Wanarpv6
WfpLwf

Were you booting in Safe Mode in the above?

Yes, booting in Safe mode and disabling or uninstalling the service fixed the login issues.

Try the suggestions in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if they fix it for you or not.

I think I tried all of these suggestions. I have set the files to Windows System Application but I think when all Comodo modules are disabled the only thing that might still be active is the Shellcode Injection Prevention.

In my opinion this has to do with how the drivers inject their code into applications.

EDIT: I have just tried something else, without success:

  1. uninstall driver
  2. set to disabled: D+ Security Level, Image Execution Control Level, Detect Shellcode Injections, Sandbox security level
  3. reboot
  4. install driver again (no CIS 5 prompts appeared)

did not work either.

I will try the deactivate d+ permanently checkbox next, when I find the time. But basically that is not what I want.
Can this issue be reproduced/analyzed by Comodo somehow? If you look into iZ3D’s forums there seem to be more people with this issue. Keeping in mind that iZ3D is the recommended 3D solution for AMD/ATI graphics cards it would be great if there was a solution (other than uninstalling Comodo).

Cheers, Joe

Try renaming guard64.dll to guard64.dll.bak and reboot. This is to see if the injection of this dll plays a role. The file is in the x64 equivalent of the system32 folder (not on x64 so I don’t know its name).

i am having similar problem…
in 32 bit win 7
i first installed comodo internet security,
then iz3d.
and then whenever i double-click a app nothing happens…
i reboot and get a black screen after login.
i try disabling every option in defense+ setting…
guard64.dll to guard64.dll.bak now i get desktop but no application can run.

Try the suggestions in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if they fix it for you or not.

HI,

the latest beta of the iz3d driver depends on its 64bit injector component. Whenever the iz3d services are active and comodo is installed you cannot open any 64bit process on the system.
Please whitelist the drivers or give us a way to define an exception for it.

Did you try the trick with disabling the guard64.dll?

I think this problem is a bug and needs to be examined by the Comodo devs. Please consider filing a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Thanks for the reply,

I have tried renaming guard32.dll in the 64bit system32 directory, then launching the iz3d services and then trying to start the windows mixer (via the volume icon in the tray) but the window did not appear (the process got stuck like before).
I will try it again with a reboot when I get the time and report back.

Just happened to notice you said guard32 Joe? Should it be there at all on a 64 bit system Eric? Don’t have one so don’t know. Certainly should not be live? So it should be guard64.dll you are renaming, in whatever the live windows system directory is?

Alcohol works with a very deep set of BO & D+ exemptions. It may be worth trying something similar. See here. However agree with Eric this is worth reporting.

Best wishes

Mouse

HI,

I am sorry, there is a guard32.dll in my 32bit system32 directory (SysWOW64)
and a guard64.dll in my 64bit system32 directory (Sysnative).

I have not tried with a reboot yet as I think windows hooks those appinit dlls at system boot up.

I will report back.