Why did it happen?

A few days ago I had my system reformatted, so I still didn’t have all my usual apps installed, including my all-in-one printer’s software and other imaging software.

I had the need to install the printer software to scan a few documents. Nothing wrong here. I installed it and started to scan some of the documents, but since it was already late, I called it a day and turned off the system. The next morning (yesterday), I turned on the system and I no longer could enter my desktop in a proper way. The desktop resembled that of in Safe Mode (Windows Vista), but I could not see my usual folders, icons, etc., and couldn’t open one single application.

All I could see was a error message saying that C:\Windows\System32\config\systemprofile\Desktop didn’t exist or something like that. I was really freaking out.

I spent all morning and noon trying to figure out what could be wrong. I performed system checkups, to see if there were any corrupted files, etc. None, at all. Restore points wouldn’t do a ■■■■ thing about it.

The only way I had to access my folders and files, and applications was in Safe Mode. So, I started to performe backups of my documents to reinstall Windows system, but then I thought that if I could access everything in Safe Mode, that something was preventing me from doing it in normal mode.

So, I started to uninstall all my security apps while in Safe Mode, and came to the conclusion that D+ was blocking access to that folder, which allows the desktop to load in a proper way. Disabling D+ wouldn’t make it work, so I had to uninstall it.

Now, I didn’t block anything. And after I installed my imaging and printer software (which I treated as Trusted Applications), I rebooted my system, at least twice, for other operations I was performing. It booted just fine.

I don’t how the heck it happened, but D+, somehow, blocked access to that folder on it’s own.

I know have it all working, and reinstalled CIS, but I still haven’t rebooted, as I’m at the middle of important work, but as soon as I can, I will, and if the same situation happens, well, bye-bye Comodo.

Any thoughts on why D+ blocked that folder without any interaction with me? I would understand if I had blocked it my self. But, I did not block a ■■■■ thing.

Thanks.

Only know I could connect to the Internet.

I’m glad that this issue no longer happened again, but I still wonder why it happened in the first place.

May be you set Explorer as Isolated application?

No. I don’t even have it as a Trusted Application.

I always have D+ to ask me whenever Explorer.exe tries to access something.

Besides, D+ didn’t ask me anything related to Explorer.exe, after I installed my scanner and imaging software apps. So, that’s odd.

Where you in Install Mode during the scanner/imaging software ?

Yes, I was. As I always do it, when I install something. No reboot was necessary for the apps to work. But, after a while I did reboot, 'cos I had to temporarily disable UAC for something else. I had no problems with my desktop loading properly. But, the next morning, it just wouldn’t load. So, it couldn’t have been anything I could wrongly have answered. D+ didn’t ask me anything at all.

Maybe it got “blocked” by the lack of an Alert ? i sometimes have the feeling that there is some sort of situation that not all alerts are shown in some cases…

It could had been that. Only D+ could tell us, but I bet it won’t. Naughty HIPS, I tell ya.

If you have two D+ alerts on screen, one under the other, if you select “Trusted Application” in the uppermost alert while the underlying one times out (and subsequently blocks), the block action is never recorded as it is now trusted app.

A rare circumstance, but one that fits your suspicions.

Ewen

I apologize for the way I will write now, but I have no other way than this to express what I am feeling right now - I am getting sick and tired of CIS.

Why? The same ■■■■ happened again, but this time it was different. How different? I didn’t install anything. I didn’t do anything but to write a document. I turned off the system. Then, I wasn’t sure if I saved the document, so I turned the computer back on. What do I get? After the initial boot black screen with the bars loading, appears the normal Windows Vista background image saying Wait… (something like that in English. My system isn’t english. But translating as it is, it is Wait or Loading. Depends on what Microsoft chose.)

I waited like 10 minutes to see if I could see my Desktop, but eforthless. Result? Safe Mode and uninstall CIS. The Desktop loads fine again.

What the heck is happening with CIS? Is it just with me? Is D+ blocking something at it’s own will?

I will reinstall CIS one last time and if this keeps happening, I’ll wave Comodo goodbye as I’m not in a mood to constantly have to deal with this ■■■■.

Again, sorry for the way I wrote this, but I really am sick and tired of all this. It is the second time it happens, and without any apparent reason. I’ll give it a third chance and if it happens again, well, bye bye.

I am sorry you have had so many problems with CIS
I only had one with a early beta on Vista, but that said each computer is different and unless the devs. can reproduce the problems that you are having they will not be fixed.
I hope if you do leave you will come back and try it again.
Thank you
Dennis

I’m giving CIS one last chance, as I mentioned before, but if the same thing happens, I’ll have no choice but to ditch for once. I’m not in a will to have to uninstall it everytime something like this happens. I’m sure no one would be in such mood either.

I’m also moving to other OS for most of working, like Linux and Solaris, so I won’t be using CIS. But, I would like to leave it for other relatives to use, as according to what I’ve seen, the next version of CIS (Defense+) will be less intrusive and still offer maximum protection, and that’s something that would be extremely great for my relatives. But, if it keeps like this, well… I have to get other ways of protecting their systems.

What I don’t get is why is Defense+ blocking accesses without any interaction with me. I just don’t get it. I would understand if D+ was a behavior blocker, but it isn’t. My applications are the same as ever, so I really don’t understand. Anyway… I hope this situation won’t happen anymore.

One other thing I noticed, is that I now can run Lavasoft Ad-aware (I’ve been testing it). I couldn’t run it at all. The GUI wouldn’t show. I thought it was a bug, being a beta version and all. But, out of curiosity, I tried to open it and I could. D+ was blocking it too. Who knows what the heck happens with D+.

Edit: I’m not sure if this will not help solving anything or if it has anything to do with anything, but, sometimes D+ will alert me to allow or block Explorer.exe accessing SpywareBlaster, when I open it. Sometimes, after a clean install ,for example, it won’t. This time, it didn’t. Sometimes, it does. The same goes for my cd/dvd recording software ImgBurn.

Best regards

Make sure not only to uninstall CIS in safe mode but also clean out the registry with a thorough cleaner like Comodo Registry Cleaner (or Glary utilities). I hope that helps to get rid of things for you.

There was no need to clean the registry, as after reinstalling, once again, I could access my desktop.

It would be interesting to know why does it prevent me from accessing the destkop, though. But, I guess Defense+ acts just crazy.

Anyway, I’m giving it a last chance and if Defense+ prevents me from accessing the desktop again, well, time to change for something else.

And if you change to something else does that mean you’ll leave the forum?

(Well, of course if all the helpful people leave, that means I’d have most of the helping job. But I like all these other smart people to help me. ;D)

I will still be using Windows on the other system, just not as the main one. I will still need security for it. I will, for sure, also use CIS (except the AV, for now). I just hope that it won’t mess with my system as well.

And, of course, I would also like to keep CIS in this system.

What I don’t get is why this is happening now. It is the same version as before. So, why? Is D+ on a personal agenda against me?

But, I must tell ya, I’m weeping to start using Fedora/OpenSuse and OpenSolaris in full power. I’m just waiting for the new AMD Phenom II to come out, and then pick between this CPU and Intel’s Core i7.

Anyway, I just thought of something now. I’m too lazy to check it out on the web, so I ask to the very smart people here :D, in which folder are the system files that make the system load the desktop? Maybe I could place it under the trusted files/folders. Of course, that would leave a open door for possible damage from malware, I guess.

I’m also having this problem!!!

The error is also related to the C:\Windows\System32\config\systemprofile\Desktop path.

Now, the question needs to be answered: How heck does a classical HIPS block something, unless the user tells it to do it so? Does it have a will of it’s own?

How can I prevent Defense+ from blocking it? Is it the only way to uninstall it?

I also had to enter in Safe Mode, so that I could uninstall CIS. I could do nothing in normal mode. Not even opening any application.

Now, I would expect something like that coming from a virus, not from Defense+.

Will any Comodo staff (I know they do come here) care to explain how it happens and what one can do to prevent it from happening again?

This was the first time it happened with me, but, I do not wish it to happen any more!!!

Otherwise, I’ll just dump CIS for good.

With all due respect, you have turned a once great firewall into a ■■■■ mess. The more code there is, the harder it gets to optimise it. CIS is way too buggy. And I’ve seen in one other thread that you guys are planning a new beta release any time soon, with more components integrated to it. Meaning, more code!

The existing code is not yet optimised, and you’re already integrating more code?

I believe that you guys (Comodo people) are aware that the more code one has to look through for bugs, the harder the mission gets, right? Also, why not stopping all those apps like registry cleaner, etc., and place those developers on the CIS team? The more people working around an app, the better that app will become.

You cannot and will never be the greatest company in all fields. Sorry to say this, but you’re dreaming to high and expecting too much. The end result? You turned a great firewall into a bloody mess.

The tools you’re making, such as the registry clean, system tweaker, etc., there are plenty out there and free, and by sign great tools. You guys have no place here.

Why don’t you stick with what you know best? The firewall. Make it great once again.

D+ will block a application or suspend it unless you click allow if set to custom policy “normal” mode.

You check your settings under Defense+ > Advanced > computer Security Policy. And tries to find the application that is blocked.

Agreed.

The firewall is great. I never experienced those bugs you are talking about, maby you simply don’t know how to handle a HIPS. Maby you should stick to SAFE MODE. And the AV is set to be among the top notch according to melih, but he says it will take some time, I trust that guy, the AV will be awesome.
The BufferOverflow protection is great too. I think you are a bit unfair in your judging.

I agree somewhat that focus should be on security and not registry cleaner(s) and system tweaker(s)

I’ve always had CIS in Safe Mode. Defense+ will not block a ■■■■ thing, unless the user tells it to. At least, that’s the idea behind a classical HIPS. Maybe Defense+ likes to be an out of law.

Please, don’t tell me how to work with an app I’ve worked since first 3.0 version.

I’m glad you agree.

The bugs I mention, such as, for example, Defense+ asking all over the same questions when I wish to save a file with my browser, or open a file within one other application, etc. For what I could find in the forum, the work around was to place a ? instead of the :, so that the path would go something like C?\Program Files\etc\etc…

That happens with every app that isn’t set as trusted, or if you don’t have Defense+ to Clean PC Mode, for example.

Have you ever seen me mentioning in any of the text I wrote in my post that the protection provided by SafeSurf sucks? I never even mentioned SafeSurf. But, if you wish to go there - is there any real proof that it protects buffer overflow attacks? Are you willing to invite everyone to go to your home and give us a real great time showing SafeSurf protecting buffer overflow attacks, by entering known sites that will cause just that?

Once again, I’m glad we agree.

Regards

If you question SafeSurf (which you are fully entitled to do, of course), I think you should do it in the proper board and in this case even more importantly with some proper arguments.