Windows could not connect to the System Event Notification Service service

center]A. THE BUG/ISSUE: SENS stops working properly on boot after install[/center]

Can you reproduce the problem & if so how reliably?:
Yes, by installing the latest CIS.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:Install
2:Reboot
3:Watch popup error event
(4.Unable to find event in event log (running admin), unable to produce boot log mentioning the error (admin status overwriting the issue).)

One or two sentences explaining what actually happened:
"Failed to connect to a windows service.

Windows could not connect to the System Event Notification Service service. This problem prevents limited users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn’t respond."

Notification in the corner on boot.

One or two sentences explaining what you expected to happen:
For it to start properly, implement delay for services (?).

If a software compatibility problem have you tried the advice to make programs work with CIS?:
N/A

Any software except CIS/OS involved? If so - name, & exact version:
Windows 7 x64 up-to-date

Any other information, eg your guess at the cause, how you tried to fix it etc:

Had to delay start certain services (e.g. win audio) to make them work after boot.
After install I have an increased boot time 1 1/2 min exactly.

Revo uninstalled, registry cleaned, uninstall tool used, reinstalled fresh offline copy, issue still occurs. Uninstalled, problem went away, reinstalled 8.x, no issues, clean installed 10 again, issue came back.

I did a quick search and noticed a few people uninstalled for this reason, I’m running admin so it doesn’t bother me but it’s a big issue for people that don’t.

2 .cav’s seem to fail to install, no errors are given other then in diagnostics.
OS is clean, no errors/corruption.

On one install instance (previous) update notification pass-through stopped entirely, CIS thought I didn’t update for 14 hours while I updated 9 times to test this. can not reproduce, might be related to service issue.

B. YOUR SETUP
Exact CIS version & configuration:
10.0.1.6258

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
AV, FW, Sandbox, HIPS, Virusscope, Web Filter.

Have you made any other changes to the default config? (egs here.):
Imported previous setup. Happens with both fresh and imported settings.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
I tried both.

if so, have you tried a a a clean reinstall - if not please do?:
Yes, twice.

Have you imported a config from a previous version of CIS:
Yes and No.

if so, have you tried a standard config - if not please do:
Yes

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win 7 Home Premium 6.1.7601 SP 1 Build 7601, x64, UAC off, Admin, No VM.

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
MBAM

C. ATTACH REQUIRED FILES (delete this section (section C) after attaching required files)
Added.


Great work with v10, better then expected, a shame I had to fill a bug report for this, no other issues.

Hi Saintj,

Thanks for taking your time to file bug in format verified report.It’a known bug.
We are not able to reproduce the issue. We need Procmon Bootlog to investigate further.

Download the latest ProcMon and extract the archive
https://download.sysinternals.com/files/ProcessMonitor.zip

Please follow this steps:

  1. Login using an account with administrative privilege (Administrator is recommended)
  2. Navigate to the folder that ProcessMonitor.zip was extracted to.
  3. Double Click on the file “Procmon.exe”
  4. Click on the “Capture” icon to stop the capture process.
  5. The Capture icon will now have a red X over it, meaning that the program is no longer capturing events.
  6. Now go in to the “Options” menu and select “Enable Boot Logging”
  7. The following dialog box will open.
  8. “Process monitor” is configured to log activity during the next boot. Select the “OK” button to close the program.
  9. Reboot the system
  10. Login with the previously chosen account (e.g. Administrator)
  11. Allow the system to fully load windows and any associated startup programs.
  12. Navigate to the folder that contains Procmon.exe
  13. Double Click on the file “Procmon.exe”
  14. This will open the dialog box.
  15. Click “Yes” to save the collected data.
  16. This will open the Save As dialog box.
  17. Insert in the “File name” field the desired name for the output and select the “Save” button.

Note: bootlog will be useful only if the issue was reproduced during the boot.

Kind Regards,
PremJK

I was afraid of that, I tried creating a bootlog before creating the thread but it doesn’t seem to get noticed on my end either.
I even manually went through all the boot events in the default windows logger but it doesn’t mention it crashing or even the connection error. It just says it started and that’s where any mention of SENS ends.

In my case it might be the fact that I’m running as Admin by default that is causing it to not be mentioned because it’s an issue for people with User rights, not Admin rights so I’m afraid I can’t reproduce it either, I hope someone else is able to though, I’ve seen mention of other AV/IS programs having issues with SENS in the past but none very recent so I’m not sure how to pinpoint it either.

Next to the fact that my diagnostics of comodo fails (see attached files) and that I see a little popup on start I have no issues with it that can help me pinpoint an issue, comodo works fine as far as I can see and I see no other issues.

I also would like to add that Windows-Audio service crashes at start as well. This event can be found in the logs, it simply crashes on start and I have to manually restart it after booting to fix it, this issue is gone after uninstalling CIS v10, it doesn’t matter what kind of settings I use.

I’m adding this because I think the execution of one of the CIS modules at startup might be interfering with certain windows (7) services.
Issue is solved after a manual restart.

Try registering ProcDump as postmortem debugger:

  1. Get ProcDump: ProcDump - Sysinternals | Microsoft Learn
  2. Use following command: procdump.exe -ma -i c:\dumps

Check if any dumps are created under c:\dumps path after experiencing crash.

Try adding all applications file group to the exclusions of detect shellcode injections to see if that helps with either the service start error and/or audio service crashing.

Also try uninstalling all other security software MBAM, peerblock,etc.

Done already but did it again, same result, none that is of any use what so ever unforunately :frowning:
The only thing worth mentioning is the audio-service which simply loads to soon, even delayed it conflicts with the load up of comodo but nothing concrete I can share to help fix it.

Done, doesn’t help with the issue. MBAM is pretty unstable with CIS 10, it wasn’t with CIS 8 but unfortunately didn’t help at all.

I’m sorry guys I can’t seem to reproduce the problem, I tried everything I can think of already, the only thing I can reproduce every single boot is the popup window.

It is most likely because I run as Admin and therefore don’t really have a huge issue with it which causes the dumps and logs to ignore them as major issues and classify them as minor issues or non-issues.

If anyone with a user profile running as guest or user is able to make a procdump or upload an event log the issue will certainly show up (or try running it in a VM with a similar setup to mine, I’d do it but unfortunately work has left me with very little time for the upcoming months).

Thanks for all the hard work, I hope this gets fixed soon.

I doubt that it’s caused by CIS. Are you using drivers provided by manufacturer? Please use official drivers (eg official notebook drivers if the case) in your tests.
(I experienced similar issues.)

Not a driver issue, all drivers are official, signed and up-to-date.

Had same error after update 8.2-10.0 on laptop K72J with Win7 Home Basic x64 (up to date).
CIS10 uninstall was interrupted with reason “ISE uninstall problems”, but ISE didn’t present on system (and never have been installed).
Because laptop was needed for work, I rolled back via system restore point and installed 8.4.

I am glad to see that I am not the only one having the trouble. Since the last couple updates to remove 10 from two computers that I look after which are still running 7. I get the exact same behaviours. Can not connect to the system event notifications and the audio is disabled. I look at the system log and it reports that the network drivers have not responded in enough time. Uninstall and reinstall does not help.

Both win7 systems are older laptops, being about 5 to 7 years old. I still use CIS10 on my Win 10 systems, but I must say, CIS10 is starting to resemble bloat were with all the extras it now wants to install.

For now, I have had to stop using CIS10 on window 7 systems.

Please check with Comodo Internet Security v10.0.1.6294 thank you.

Same with CIS 10.0.1.6294, Windows 7 x64: Windows could not connect to the System Event Notification Service service occurring randomly, without any obvious pattern, might happen 3 times in a row on one day and then give you a break for a week. Aero theme also won’t start and Windows Audio would start after significant delay. Logging off and shutting down seems like taking forever, so the only choice remaining is hard shutdown by holding the power button. Absolutely positive that it is CIS to blame here, I’ve observed this on several machines only after upgrade to v10 - on one of them right at the next reboot after upgrading, on others it would manifest itself later.

I’ve read somewhere else that netsh winsock reset can help sometimes - well, not the case here.

is there any progress yet on this bug? i’m in the same boat with not being able to connect to SENS, Themes, and possibly some other services that i’m not aware of, but it seems that simply restarting the affected services makes them work again. it’s still kind of annoying, though.

Hi all,

This issue between CIS 10 and Windows 7 SP1 has happened also on several of my company network computers, right after the first CIS 10 version was released and proposed to CIS 8.4.0.5165 installations as an automatic update.

The issue affects admin and non-admin users and has three symptoms, one like SaintJ and the others report, a popup in the Windows notification area that says (I put it in Spanish for other Spanish people googling this issue):
"No se pudo conectar a un servicio de windows

Windows no puede conectarse al servicio Servicio de notificacion de eventos de sistema. Este problema impide a los usuarios estándar iniciar sesion en el sistema.

Como usuario administrativo, puede revisar el registro de eventos del sistema para obtener i".

I suppose that last orphan “i” means “información”, but there is no way to know as clicking on the popup does not bring any other window that could extend the information on the issue.

The second symptom I see in my case is that the Citrix Online plugin and the Skype applications do start, but they don’t connect to their respective servers and therefore don’t start automatically their sessions. Trying to start the Citrix or Skype sessions manually does not work.

To add some weight to the service start interference hypothesis, in many situations I have found that a logoff and immediate login usually solves the problem of Citrix and Skype better than a full restart. Because a full restart could be affected again by the service start interference, while a re-login normally find interferent services already started, and then the interference does not happen again (usually, in very seldom cases it was necessary a second re-login).

The third symptom I have seen in some computers is that the user login session gets stuck at “Espere…” (Wait in Spanish) some seconds after password input, never reaching the desktop and being fully unresponsive, even Control-Alt-Delete does not work. In these cases a forced power-off is the only workaround, and the subsequent start could reach the desktop, or it may get stuck again after password input.

In several computers I have surrendered and reverted back to CIS 8.4.0.5165, disabling the options “Check for program updates” and “Automatically download program updates”.

My install procedure/options in all my computers are like this:

Installer package used: Updater from 8.4.0.5165 to initial 10.0.1.XXXX or cispremium_only_installer_10.0.1.6XXX, the issue happens on systems installed with both packages.
Language: Spanish (With previous releases the OS language was detected automatically, with 10.0.1.6294 English is pre-selected and I have to select Spanish manually)
Change my DNS provider to Comodo Secure DNS: disabled
Enable “Cloud Based Behavior Analysis” of untrusted files: Enabled (Disabled on some computers, did not solve the issues)
Send anonymous program usage statistics to COMODO: Disabled (Enabled on some computers, does not seem to matter to the issue occurrence)
Components:
Antivirus: Enabled by default, no option to disable
Firewall: Enabled by default, I disable its installation in all computers.

I normally leave all computers at default configuration, which means Antivirus, auto-containment (Sandbox) and VirusScope enabled, HIPS disabled.

Now that I see that this is affecting other people apart from my company computers, I will try to assign some time to tests you could propose us.

I hope this helps, looking forward to some administrator or engineer response on this bug.

Best regards,

Oscar Gil

I don’t really have anything to add but just to say that I’m experiencing the exact same behavior here as well.
Windows 7 Pro 32 bit
CIS 10.0.1.6294

Prolonged lack of any official response makes me believe that this ‘bug’ is just a way of pushing windows 7 users to embrace (the hideous) windows 10. No conspiracy theory, just practice.

hi,
today I updated CS from v8 to the latest CIS version.
After reboot I also got this popup in the info area. Should be because of CIS10 for sure.
But ar first I searched in goolge and found thas this misbehaviour is now and there is a Windows hotfix The desktop does not load and only displays a black or blue background after you log on to a computer that is running Windows 7 or Windows Server 2008 R2 - Microsoft Support.
I got the hotfix and installed the KnowledgeBase.

Now after Windows reboot there is no error popup, the login process after reboot is as earlier, no stucking on blue screen. And when I get CIS popup there is the usual audio prompt, therefor the audio service is also working.

does this help you?

Hi there, cska133!
Well, no, I tried installing KB2590550 and it did not fix the problem…

What exactly is your problem? Do You still get the lock symbol next to the clock in the notification area after install the fix?