WARNING: I think something in the recent WIN 10 update Borked the Comodo Firewall.
BACKGROUND:
I have a virtual PC running Win 10 pro. It is on the ITARIAN RMM and Comodo security. It received a major update and I rebooted it late yesterday. After coming back up, it would not connect to the internet.
PROBLEM:
In troubleshooting, I noticed it had no default gateway. But setting it manually did not work. It set back to blank every time I closed the window. I tried a winsock reset and reboot several times, looked for driver updates for the hyper-V NIC, even tried the old svr 2008r3 trick of setting it to DHCP and back. No joy.
SOLUTION:
Then I noticed the “COMODO Internet Security Firewall Driver” checked enabled in the properties of the NIC. So I disabled it and it let me reset the IP settings and everything is working OK now.
There is a link posted about this… error with the latest version of CCS you have to uninstall 11.2 and role back to 11.1. Disabling the firewall will also stop the error as a temporary fix.
If the agents on your endpoints have been updated to the latest version and then your customers started to experience these problems, I suggest you to downgrade them and check the environment. You can follow the steps in this wiki
Sad you found out about this problem from personal experience and not from a notice that Comodo sent out.
Cant understand why Comodo refuse to notify its clients about this kind of major issues.
Just had this happen on another client machine. So annoying. Comodo needs to PUSH out an update ASAP. not just make it available, but actively push it out to all available clients.
Various people have already informed you that 11.2 has a recall. I imagine you’d already pushed out 11.2 for an upgrade and the machine has been off until now… What you need to do is monitor your dashboard for any instances of 11.2 and immediately remove them. Not really Comodos fault as you’re fully aware of the problem.
I have had this problem many times, even with older versions. I am also having to disable it on many systems, as it seems to also cause sporadic issues with many 3rd party software applications, and even connecting to different networks. I had to disable it, just so a user could connect to a WiFi!! I also noticed, that with the last release, when you disable it, it puts an X on your AV icon, and says that the driver has been disabled. Horrible in my opinion.
In my opinion, it is Comodos fault, it is their software that is acting up. I was not aware of the issue, because I do not get on the forum much, due to the horrid response times. So I might ask, if the issue is not comodo’s fault, then who’s is it?? I can believe it could be a Microsoft issue, as their updates break a lot of stuff, but do not really see how you can blame it on the technician. Like I said, I have had this problem many times, starting a year or so back, and I would be inclined to think that Comodo would have the issue fixed. I am not saying that it is the same issue, as it did work for some time, but the issue is software related!!
We deeply understand its impact on MSPs across and our Developers are putting more additional information as well, via status page, this forum community and the portal’s news and notifications. Our Product Management Team are working on all efforts making new information and notification available by all means. You can rest assured that these inputs are very much appreciated and forwarded transparently to all areas concerned.
First of all, we are sorry for the inconvenience that caused by the latest CCS update. Even though each CCS version is tested extensively before the releases, such cases can show up on production. In such cases, we do everything to help our customers to remediate any further problems and to recover the issue as soon as possible. You are right about that the issue is not caused by the same defect, but the symptom looks similar on the endpoints. Engineering team is on the issue from the very first moment of its detection.
As mean of communication in such cases, we mainly rely on Forum and C1/ITarian Notifications. However, we have received yours and many other customers’ feedback and have already started to discuss how we can improve this process for future incidents.
Starting from the announcement of the CCS hotfix that our teams are working, you will be notified through additional channels.
Thank you for your understanding,
-Can
Product Manager
Comodo Cybersecurity Team
When I said it wasnt Comodos fault… what I meant was that once the notification had gone out via the forum AND within the Endpoint platform, any further problems are more likely down to lack of monitoring by the user. Itarian is an endpoint monitoring platform… If you are providing an endpoint monitoring service to clients and not even bothering to read the warning notifications within the platform, how can you be offering any kind of decent service?
I would agree with this statement, but the origin of the issue was in the comodo software. I understand that there will be issues, but this is a pretty major issue that was not detected until it hit production. It is done, and we are cleaning up after the problem, and I guess we can always delay deployment, but if everyone done that, no one would ever move up to the next release. I might add that we only had a small fraction of systems impacted.
Yeah… I have to agree on that… and admit that I spend a vast amount of my time since putting Comodo products on some of my clients, attempting to fix problems caused by CCS. Far too many to risk rolling it out to our less understanding clients. Just today I was requested to remove CCS by another IT company who had come in to install new Printers. They blamed the CCS firewall for interfering with their software. To prove that was not the case… I simply removed CCS via the comodo local removal tool and left them to continue… when I tried to reinstall CCS I got an error that the firewall wasnt functioning… a repair install failed to fix the problem and the error kept saying it couldnt replace newer files… This is a device thats never had 11.2 installed to my knowledge and was working fine with 11.1 until I unistalled it and reinstalled. I really wanted CCS to work for us but in 30 years I’ve never had so many problems with a security program.
Delayed Updates I think needs to be implemented just like MS W2, whenever they issue an update something goes wrong, so there should be a way to delay any update until fully tested. For example create on our side like many Virtual Test OS Machines and set them all into a group on ITSM then let them update to the latest Comodo Release and test it, if no error then deploy to all customer for production by just having an option to flag the update as trusty on our Environment. (Just an idea)
I have done all the above and when I reinstall the rollback version and the system reboots to startup repair screen I’ve tried everything, restore points, etc but nothing works. This has happened to two of my machine so far and one I have had to reinstall Windows 10 Pro. Has anyone else experienced the issue this bad?
Yep… on three of my clients systems the reboot after the rollback killed the os… one of them was rescued via sys restore… the other two had to be wiped… Not great.
I confirm this issue: on some Windows 10 computers, after uninstalling Comodo Client Security version 11.2.0.7313, the OS is unable to boot and the Startup Repair screen is shown. In our case, we have had this issue on four computers (out of about 600 with the 11.2 installed) so, fortunately, looks like the occurrence is minimal… But this is a major issue when happens, as the Startup Repair has been unable to repair the system in all cases so we have had to fully reinstall and configure the OS. we haven’t been able to find a common cause that may trigger that system corruption that kills the boot, so any advice will be welcome.
Best regards,
– Javier Llorente
Devoteam Endpoint Security Team