Vista_x64_SP2. cfp.exe needs to be restarted twice a day

I have a Vista Ultimate x64 with SP2 (SP2 installed when it was first released (post RTM) on Technet).

Clean install of CIS v3.9 Build 508 updated to build 509. CIS in proactive mode. Defense+ and AV in Safe mode.

Other security software installed: Avira Free v9 in On-Demand scan only mode (Guard disabled).
Windows Defender.

Ever since I installed CIS, the GUI (cfp.exe) needs to be restarted twice a day - not sure if both occurrences coincide with av updates. Also, not sure if it needs to be restarted any more frequently than twice - I happen to notice it and restart it twice a day. The symptoms are one of the two below:
1. On the Help → About page, the Virus Signature Database Version = 0.
2. The tray icon and the summary page say that Defense+ is not active.

In both cases, running “Diagnostics” says everything is OK.

In both cases any action that requires a Defense+ training or prompt (if I run an app that I have never run before, or, attempt to install some software) silently fails. This, I think, is because I have checked/enabled the “Block all unknown requests if the application is closed” checkbox on the Defense+ Advanced Settings page.

Virus Signature database updates just fine. Once I restart cfp.exe, it shows the correct version and Defense+ runs and works like it should.

No errors logged in Windows even logs or the CIS logs (the only CIS logs that I know of are the event viewers in each module - firewall, av and d+).

Any ideas on why this is happening, or, where I can look for more diagnostic help? Should I log this as a bug?

Thanks,
MediocreFred.

Do the D+ logs bring anything to light that may help us? Can you post a screenshot of them?

There’s nothing in the D+ logs - other than an entry when I change modes (Safe to CleanPC and back, Safe to Training and back). The only errors are when I try to run apps while cfp.exe is in this weird (GUI appears responsive, but, doesn’t show D+ popups) state; as an example, I tried running Process Explorer from Sysinternals for the first time and it would crash every time; once I restarted cfp.exe (since I guessed that Process Explorer would’ve triggered D+ popups which I couldn’t see), I got the expeced popup and then Process Explorer worked fine.

What screen shots would you like to see? The symptoms are exactly as I described. Virus database version says “0” and/or the summary screen has the red X icon for System Status.

Thanks.

try going to mic tab and click diagnostics. It sounds like you have a bad install of comodo.

I have run Diagnostics multiple times - it always comes back with the “did not find any problems” message.

Any other thoughts?

try using these tools in the order I have set them out:

1. Revo Uninstaller (use to uninstall CIS) Download Revo Uninstaller Freeware - Free and Full Download

2. Reboot

3. CCleaner (clean and check registry repair anything it finds) Download

4. Comodo system cleaner (do a power clean and do anything it says) http://download.comodo.com/csc/download/setups/CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe

5. Reboot

6. Eusing registry cleaner ( do a cleaning and reboot) Eusing Free Registry Cleaner: Safely scan and repair registry problems - Spyware FREE.

Once again try installing comodo and see if error is still there, something is corrupted in the registry or maybe a file. Get the latest comodo here Free Firewall - Download the Best Firewall Protection and Anti-Virus Scan Software from Comodo

Since I have Vista x64, I downloaded the 64 bit version of Comodo System Cleaner. CCleaner looks like it should work OK. However, Revo Uninstaller’s page says that 64 bit operating systems are not supported. Can you please confirm if it will still work (even if it is not supported) on 64 bit Vista?

Wow I missed you were on 64 bit, try this one http://download.cnet.com/MyUninstaller/3000-2094_4-10944404.html instead

When I run MyUninstaller, it doesn’t even list CIS in the list of installed programs. Could it be because CIS is blocking/hiding its own registry keys? Do I need to disable CIS and reboot in order to have it show up in MyUninstaller?

Incidentally, I can see it in the Control Panel → Programs & Features and can begin to uninstall it from there (I chose to exit after establishing that it could find and launch the uninstaller).

Thanks for your help.

run it form control panel then, just make sure after rebooting to do a good registry cleaning. I am not a big fan of myuninstaller and this is the reason why but because you are on 64 bit you have limited choices.

Thanks very much for sticking with me languy99!

I will do all the steps in your list and will post an update when I get back online (or sooner if I get stuck!).

Thanks again.

Here’s a detailed update.

I followed all of LanGuy’s steps - uninstalled CIS, cleaned registry and file system using 3 different cleaners, scoured through the registry and filesystem and removed all traces of Comodo that I could find.

I installed CIS3.9 build 509 from a freshly downloaded copy of the installation file. Before rebooting, I set the profile to Proactive, AV to Custom Policy and D+ to Training mode. Rebooted. Created a LAN zone, had D+ and the firewall learn a few of my commonly used apps, updated the AV, set D+ to Safe mode and rebooted again. Scheduled nightly full-system av scan and called it a night.

This morning, there was a popup that said that cfp.exe had experienced an error and had crashed. I was prompted to email the crash.dmp file to Comodo, but, the email bounced back. The timestamp on the crash.dmp file was 1:08 am this morning. I’ve attached the crash.dmp (zipped) to this post.

HOWEVER, the full-system scan that was scheduled for 2:30 am ran fine and had a popup with one file that I know is a false positive. Also, the CIS GUI (cfp.exe) “appeared” responsive - I could click around and change/save settings, but, when I tried to launch a “new” (previously unlaunched) application and expected the D+ prompt, the app just failed - did not start. This behavior occurs whenever the GUI gets in the funky state.

I restarted the GUI (cfp.exe) and everything looked and behaved OK. I started the “new” (previously unlaunched) app and the D+ prompt popped up and the app worked fine. This was at about 6:30 am (Pacific Time).

At about 9:30 am, I RDPd in to my PC from work and checked out CIS’s About page. The Virus Signature Database version was 0! I restarted cpf.exe and checked the About page again. This time it had the correct version number (1215) - with a last updated time of 9:15 am.

From my observations over the last two weeks, it seems as if every time the virus signature database is updated, it kills part of the GUI. The virus signatures do update successfully - as soon as restart cpf.exe, the About page has the most recent version and an update timestamp that is within a few hours back. I say “kills part of the GUI” because, I can still clikc around and change and save settings; it just does not show any D+ prompts. I also cannot update the AV manually once it gets to this state. If I try, I get a “Update Failed: Error Code 0x80004002. No such interface.” popup. If I restart cpf.exe, I can run the update manually multiple times (it just says that I have the latest version).

Can anybody tell me what might be causing CIS to go into this funky state? Is there any setting in CIS that may be clobbering part of it whenever the AV updates? There are absolutely no errors logged in any of the CIS event logs or the Windows event logs.

The only other security seoftware I have are Avira 9 free version in standby only mode (Guard disabled) and Windows Defender that is a part of Vista.

Thanks.

[attachment deleted by admin]

I would say try turning off windows defender it has been known to interfere sometimes with other av programs, I know it does with symantec products. To turn it off, go to control panel → admin tools → services → find entry Windows defender → right click stop → right click properties → set start up type disabled → apply → ok → reboot. Does that help anything?

Thanks for the suggestion LanGuy.

I will try it and let you know. After I reboot, I will need to wait for the next CIS av database update.

Thanks.

I searched for Windows Defender on these forums and found that most people had no interoperability issues.

So, I wanted to try one additional thing first. I disabled Comodo’s automatic AV database updates yesterday morning. Over the course of 24 hours, I manually updated the AV database (by clicking on “Update Virus Database” on the AV tab) from 1215 to 1220 and then to 1224.

This works perfectly and I have not had any CIS funkiness over the last 24 hours.

I am now fairly certain that the automatic AV updates somehow crash part of CIS. The automatic AV updates do something different than the manual AV updates. Based on this, does anybody have any further insight/suggestions?

I would really like to keep Windows Defender running since it is a good second layer of defense and many people on these forums have experienced no issues running them both together.

Thanks.