Jump to content

Comodo Firewall and Mbam


Recommended Posts

Hello, I am new here. Please be gentle :)

I am running windows XP, service pack 3. I use Microsoft Security Essentials for AV.

So I have been using the paid full version of MBAM pro for a couple years now. I love it, its in my opinion the best anti-maware product you can get.

Never had an issue until a couple days ago.

I realized I was still using windows firewall, and have had it recommended to me by several knowledgeable sources to install a more robust replacement. I tried online armor, but my system took a really significant performance hit, even after I turned off the program guard and just used the firewall.

Comodo firewall was the strongest recommendation I got, so I installed it two days ago. I did not install the antivirus/antimalware portion of the application, only the firewall.

My system performance improved compared to Online Armor, but was still a bit slower than I would have expected. I run sysinternals process explorer pretty much all the time to see what is doing what with my system resources, and I noted that even when my system should normally have been completely idle, MBAM was suddenly for no apparent reason taking up between 3% to 20% of CPU utilization. I turned off website blocking to no effect. I turned off the protection module, also to no effect. Even with both features off, MBAM was still using up CPU cycles.

I scanned with MBAM and MSE. No infections found.

I turned off (exited) Comodo Firewall, and sure enough MBAM stopped eating CPU cycles. Turned it back on, and the issue returned. Ive tested this over 2 days now. Its repeatable every time.

I am looking for a way to make it so that MBAM leaves Comodo alone, for lack of better terms. I already have MBAM's associated files in the trusted settings for Comodo, just to cover that base. I am not sure what about Comodo's firewall is making MBAM so busy, but I am hoping maybe somebody will be able to tell me why it is and/or how to fix it.... maybe even if somebody is willing to test this on an XP SP3 system with MSE, to let me know if I am crazy or not :)

Any help is appreciated... and if anybody needs me to perform additional step or provide more info, I am more than happy to oblige.

Thanks :)

Link to post
Share on other sites

Hi -

Please try these items first

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

Thank You -

Link to post
Share on other sites

Hi -

Please try these items first

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

Thank You -

In specific I have added the following to Comodo as trusted applications:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

I have also now added the hostname:

data-cdn.mbamupdates.com

as explicity allowed for all TCP traffic both incoming and outgoing.

The issue persists. While Comodo is running, MBAM is using between 3% to 20% of CPU when the system should be idle. Turning off Comodo (exiting the program) causes MBAM to stop using CPU cycles and the system goes idle as it should.

Any other ideas?

Link to post
Share on other sites

There is currently a known compatibility problem between Malwarebytes' Anti-Malware's protection module and COMODO Firewall. The problem is being looked into by both the developers of COMODO Firewall as well as our own developers. They are working together to get this issue resolved as soon as possible.

For the time being, if the high CPU usage is causing problems for your system then it is recommended that you either disable Malwarebytes' Anti-Malware's protection module from starting with Windows or that you disable the COMODO Firewall and turn on the Windows Firewall until the problem is corrected.

Link to post
Share on other sites

There is currently a known compatibility problem between Malwarebytes' Anti-Malware's protection module and COMODO Firewall. The problem is being looked into by both the developers of COMODO Firewall as well as our own developers. They are working together to get this issue resolved as soon as possible.

For the time being, if the high CPU usage is causing problems for your system then it is recommended that you either disable Malwarebytes' Anti-Malware's protection module from starting with Windows or that you disable the COMODO Firewall and turn on the Windows Firewall until the problem is corrected.

Thank you SO much for this info. This may sound odd to you, but that is fantastic :)

It basically confirms that its not just an issue with my machine or OS, and I that the information my tools were giving me led me to the right conclusion.

I like both programs, but I love MBAM, so if one has to go for now, its gonna be Comodo. I got by with windows firewall for a long time, I can wait a bit longer.

If I might be so bold as to ask, has there been any progress on the issue? Does it looks like the cause has been partially identified? Any possible idea how long it might be before a fix is put out?

Link to post
Share on other sites

Hello again :)

You're most welcome, and yes I agree, it's always comforting when an issue like this does pop up, to discover that it's not an actual issue with your own system in particular, but a known bug.

As for the progress, I'm not sure as I don't have direct access to COMODO myself, another member of our staff is working directly with them to try and resolve the problem. I'm hopeful that it will be corrected soon, and I've no doubt that it will be since we're working together on the issue.

Link to post
Share on other sites

Hello again :)

You're most welcome, and yes I agree, it's always comforting when an issue like this does pop up, to discover that it's not an actual issue with your own system in particular, but a known bug.

As for the progress, I'm not sure as I don't have direct access to COMODO myself, another member of our staff is working directly with them to try and resolve the problem. I'm hopeful that it will be corrected soon, and I've no doubt that it will be since we're working together on the issue.

I just installed G DATA INTERNET SECURITY 2011 and am having the same or worse performance hit 5-34% CPU from the MBAM service during a G DATA virus scan.. Really odd.

~Shy

Link to post
Share on other sites

@Shy

I did just find this:

http://www.gdata-software.com/support/customer-service/faq/details/question/816-why-do-some-applications-run-s.html?tx_irfaq_pi1[back]=c3VwcG9ydC9mYXEuaHRtbA%3D%3D&cHash=ebfc125ad6a61147939d28a558f9eb23

Not sure if that will help or not, though.

Link to post
Share on other sites

@Shy

http://www.gdata-software.com/support/customer-service/faq/details/question/816-why-do-some-applications-run-s.html?tx_irfaq_pi1[back]=c3VwcG9ydC9mYXEuaHRtbA%3D%3D&cHash=ebfc125ad6a61147939d28a558f9eb23

Not sure if that will help or not, though.

I read it.. THREE times.. :) I can't be sure they are talking about the same problem as I have or not. What I did earlier today was burn a bootable CD off their G DATA antivirus .ISO (Their program won't run in safe mode either) and it boots the system into LINUX and then runs JUST their antivirus program on the WindowsNTFS files on both partitions. I'm safe so I just won't run FULL scans in WindowsVista and just ignore the problem for the time being.

Thanks for looking for the info; appreciate it.

~Shy

Link to post
Share on other sites

Thank you SO much for this info. This may sound odd to you, but that is fantastic :)

It basically confirms that its not just an issue with my machine or OS, and I that the information my tools were giving me led me to the right conclusion.

I like both programs, but I love MBAM, so if one has to go for now, its gonna be Comodo. I got by with windows firewall for a long time, I can wait a bit longer.

If I might be so bold as to ask, has there been any progress on the issue? Does it looks like the cause has been partially identified? Any possible idea how long it might be before a fix is put out?

Hello lomax327:

I have recently gone down the same path as you. For now, the trouble is not with the COMODO Firewall but with their "Defense+" component(s) within COMODO Internet Security (CIS).

An excellent workaround you may consider, before entering any exclusions in MBAM, is reinstalling COMODO CIS 5.0, and during the installation process, do NOT use the default install choices but instead choose "Firewall Only".

This will forbid the "Defense+" components from activating that presently seem to have unfavorable interaction with mbamservice.exe and consume excessive CPU usage.

One of the COMODO moderators suggests this warrants a bug report with COMODO and this has been done:

COMODO Bug Report

Best wishes to you.

Link to post
Share on other sites

Well.... I'll be danged.

I coulda sworn I had only installed the firewall, but following 1PW's instructions worked.

I of course uninstalled COMODO and rebooted.

Then I redownloaded andreinstalled being certain to select the Firewall Only button just like in the above screenshot.

I now have COMODO running along side MBAM, and my system goes idle when it should.

:):(:)

Thanks to everybody, especially 1PW, for all your help!!

Link to post
Share on other sites

Well.... I'll be danged.

I coulda sworn I had only installed the firewall, but following 1PW's instructions worked.

I of course uninstalled COMODO and rebooted.

Then I redownloaded and reinstalled being certain to select the Firewall Only button just like in the above screenshot.

I now have COMODO running along side MBAM, and my system goes idle when it should.

:):(:)

Thanks to everybody, especially 1PW, for all your help!!

We all stand on the shoulders of our fine experts here and some friendly and knowledgeable moderators at COMODO's forum.

Pay it forward lomax327...

Link to post
Share on other sites

I was able to verify your findings, thanks for the additional info 1pw :(

I've now created basic instructions for a temporary workaround to make CIS version 5 work with MBAM's protection module in the paid version until the issue is resolved:

Make CIS v5 Work with Malwarebytes' Anti-Malware's Protection Module:

  • Open Malwarebytes' Anti-Malware and click on the Protection tab
  • Uncheck Start protection module with Windows.
  • Restart your computer
  • Open COMODO Internet Security and click on the Defense+ button
  • Click on Defense+ Settings
  • Check the box next to Deactivate the Defense+ permanently (Requires a system restart)
  • Click Yes when prompted to restart your computer
  • After your computer restarts, open Malwarebytes' Anti-Malware and click on the Protection tab
  • Check the box next to Enable protection module.
  • Check the box next to Start protection module with Windows.
  • Restart your computer to verify that mbamservice.exe is now running without using excessive amounts of CPU when the system is idle

Link to post
Share on other sites

Hi 1PW,

If you're allowed, could you post the info here as users without COMODO Forum access can't read it?

Thank you :)

Quoted from COMODO Bug Reports forum:

"Although it's probably abundantly clear to most COMODO staffers, the problem outlined in the original post, now extends to COMODO CIS V5.0.163652.1142 and I have verified that normalcy returns if Defense+ is "Disabled" as was the case with the previous version of CIS.

With COMODO's permission, I have altered the "Subject" line accordingly.

HTH"

Link to post
Share on other sites

  • 4 weeks later...

I have been on COMODO's Forum to talk about a possible solution to this problem.

https://forums.comodo.com/format-verified-i...-t62437.15.html

Someone else tried the same thing I tried myself and got the same success I had myself.

The solution seems to unactivate "ctfmon.exe" and prevent it from reinstalling itself in the boot sequence and by unactivating the Text Services.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.