this problem was very severe on Comodo firewall.
I have also experienced that guard32.dll ( Or CIS some partof it)were causing apps to break when exiting leaving orphaned windows on desktop.
after lot of hit and miss trial disabling the sandbox solved the problem of hitting breakpoint when application was about to exit in Dev environement while debugging.
however you can minimise the Impact by disabling the sandbox,while keeping D+ enabled.
guard32 will still load. breakpoint problem will be solved.
( suggestion )if you are dev it will be nice to disable d+ permanently
If you still have the guard32.dll problem… (maybe you solved it in the meantime)
I was playing a bit and discovered that guard32.dll was creating some holes in my very customized config
(because it overrides some registry writes rules for driver installation with services.exe),
so I I’ve disabled guard32.dll globally. It did that on CIS 3.14.
How : just renaming to ‘_guard32.dll’ (with a leading underscore) these two files :
programfiles\Comodo\COMODO Internet Security\repair\guard32.dll
ProcessExplorer will show that guard32.dll is no more loaded in any app, and everything seems fine.
(CIS works normally as far as I can see and does not complain about missing guard32.dll)
However, if you want guard32.dll to be loaded by the System Process and other Core Processes
(because guard32.dll makes some Comodo alerts be more simple),
but NOT by programs starting after the boot has completed, here what I would do:
create a program that rename guard32.dll to _guard32.dll on each boot (or ‘logon’)
create a program that rename back _guard32.dll to guard32.dll on each shutdown (or ‘logoff’)
these 2 programs can be set as ‘boot script’ and ‘shutdown script’, or ‘logon script’ and ‘logoff script’,
in the Windows Group Policy :
(these ‘scripts’ can be any executable, not only .vbs scripts)
Of course you must give these 2 programs the right to rename guard32.dll in CIS rules.
This won't help you to delete/disable guard32dll but it will help you understand that this dll is apart of CIS and if you turn it off you will turn CIS off as well
Are you sure of what you say ?
I did some tests with CLT (Comodo Leak Test) and botester (Comodo Buffer Overflow tester), under CIS 3.14 (I can’t speak for CIS v4 and v5), paranoid mode, WinXP SP3, without guard32.dll loaded (I renamed it to _guard32.dll and rebooted, and checked it was not in memory)
HIPS and Firewall seem to work (success in all CLT tests, and for internet connection attempts)
Buffer overflow protection does NOT seem to work (however you can install the discontinued Comodo Memory Firewall, at least over CIS 3.14, and succeed in the buffer overflow tests, also you could activate Windows DEP protection for all programs)
Some people report the Comodo Antivirus and automatic SandBoxing will NOT work without guard32.dll (I can not test since I don’t use or have them under CIS 3.14)
Alerts concerning driver installation are less comprehensive without guard32.dll (but an experienced user should recognize registry writes to registry root : hklm\system\controlset???\services[servicename] as part of a driver/service installation)
The two links you provide give no proof that CIS will not really protect you without guard32.dll (with the limitation given above)
If you have any link to some comment of a Comodo developper/expert saying that CIS (v3 or v4 or v5) will not effectively protect you without guard32.dll, I would nevertheless be interested (since this dll is still a problem for me and many people)
Guard32.dll may be related to the firewall, but it is also related to the way Defense+ will alert you.
Especially concerning driver installs with Services.exe, through the Services control manager : \RPC Control\ntsvcs (with guard32.dll disabled you get multiple alerts for a single drive install, which is less user friendly).
a quick hexadecimal look inside guard32.dll file (this might be related) :