Advice Request COMODO blocks Windows Updates with error 0x80070005

[the1stbazza]

Removed the windir rule from protected objects as shown here: Advice Request - COMODO blocks Windows Updates with error 0x80070005 ... Hopefully it will not disrupt the security of COMODO... If the issue arrives again, I will switch to Bitdefender free...

One year guys, and nobody from COMODO has looked at this issue. It seems the problem does not exist at all for them

As far as I can see Bitdefender Free does not include a firewall, only Bitdefender's paid for top of the range Total Security option includes a firewall. See the table not far from the top at Cybernews Bitdefender review 2026

I've not found anything that gives me what Comodo FW does. I've looked at TinyWall, SimpleWall, Fort, Portmaster, Windows Firewall Control, ZoneAlarm Free. The failure of anything to come near to Comodo is why I've persevered with Comodo. I'm considering leaving either %windir%\*| out altogether OR, as I have been doing, temporarily removing Important Files/Folders (at HIPS, Protected Objects, Protected Files) AND in either case doing a full Windows Defender and a full MalwareBytes scan after the updates.

The one thing that sways me towards an alternative (maybe TinyWall or SimpleWall) is not wanting to leave my wife in the lurch with PCs that won't update if I suddenly pop my clogs (I'm well into my 70s). I'd then just have to live without the extra protections that Comodo affords. But as it stands I'm not quite finished with Comodo yet (see my next post that folllows this).

 

[the1stbazza]

Well March's Patch Tuesday brought a slightly different variation of events.

PC-1 (Zoo Tower, about 13 years old with a Gigabyte mobo)
This is an old PC that I mainly use for trying things out. I'd used it for a few things since the Macrium Reflect image that I'd taken just after the February Patch Tuesday and was intending to do a restore anyhow at some point. But I though I'd try the Windows Update just beforehand (nothing to lose).

2026-03 Security Update (KB5079473) (26200.8037) failed twice then went through on the 3rd attempt. I'd seen this happen before during the testing that I carried out (that eventually led to the discovery of removing the %windir%\*| entry as a workaround). However, I was never happy with the outcome as the Windows Update logs had copious failures, even for the apparently successful 3rd attempt.

So I restored the disk image and thought I'd try again, The update went straight through first time (without needing to doctor Comodo)!

PC-2 (DELL Inspiron 3670 Tower, about 6 years or so old )
In effect, was really a re-run of PC-1. Made Macrium Reflect image. Then the update went through on third attempt. So I restored the image and removed Important Files/Folders from the HIPS Protected Objects. The Windows Update went through 1st try. So I went to re-insert Important Files/Folders in HIPS Protected Objects and found that it was already there. I checked the Comodo logs and it had not been removed (I guess I must have hit Cancel when coming out of Comodo Advanced Settings screen rather than OK - a not uncommon occurrence on my part). So, as I said, in effect, a re-run of PC-1.

PC-3 (DELL Inspiron 3580 lappie about 7 years old)
I just went straight in with removing Important Files/Folders from HIPS Protected Objects and the update sailed through (not surprising).

---

I have to say I find the apparent inconsistency that occurred with both PC-1 & PC-2 perplexing to say the least. It fails twice (with two different errors reported) and then succeeds. Then after a restore it goes through without a hitch. Is it some sort of timing issue that has crept in (since 24H2?)?

BTW, a bit of background info. that may or may not be pertinent:-

All the PCs were upgraded from W10 to W11 24H2 towards the latter part of last year. In all cases I used RUFUS to create two bootable W11 installers (based an MS ISO). With RUFUS, for all 3 PCs I disabled data collection & skipped the MS online account requirement, plus for PC-1 I skipped the hardware checks (Min 4GB ram, Secure Boot & TPM 2.0).

Also after upgrading to W11 I ensured that Device Encryption was disabled.

All 3 PCs have a multitude of other tweaks (for example through WinAero Tweaker).

Also installed on all on all 3 PCs are:
- Macrium Reflect 8.0.7783 (the last free version released)
- Open-Shell
- ExplorerPatcher

And a multitude of other utilities (but the ones above are possibly ones that bind more tightly with the Windows environment).

So does any of that give anyone a brainwave as to what might be going on? All a bit 'shot in the dark', I know. But is there some thread of commonality (that we can identify) to the systems that are suffering this issue?

 

[TheMalwareMaster]

As far as I can see Bitdefender Free does not include a firewall, only Bitdefender's paid for top of the range Total Security option includes a firewall. See the table not far from the top at Cybernews Bitdefender review 2026

I've not found anything that gives me what Comodo FW does. I've looked at TinyWall, SimpleWall, Fort, Portmaster, Windows Firewall Control, ZoneAlarm Free. The failure of anything to come near to Comodo is why I've persevered with Comodo. I'm considering leaving either %windir%\*| out altogether OR, as I have been doing, temporarily removing Important Files/Folders (at HIPS, Protected Objects, Protected Files) AND in either case doing a full Windows Defender and a full MalwareBytes scan after the updates.

The one thing that sways me towards an alternative (maybe TinyWall or SimpleWall) is not wanting to leave my wife in the lurch with PCs that won't update if I suddenly pop my clogs (I'm well into my 70s). I'd then just have to live without the extra protections that Comodo affords. But as it stands I'm not quite finished with Comodo yet (see my next post that folllows this).

I don't care about the firewall, I just want malware protection.
The only reason I used COMODO Firewall instead of the full suite is because Windows Defender signatures are better and I cared about COMODO just for the zero-day components. I know that BD Free provides a lower protection because it's not default deny.

Anyway right now I am fine with the windir rule removed, updates work again and that rule seems only specifically related to COMODO HIPS, which I really don't care about. I just need containment to work

 

[TheMalwareMaster]

Well March's Patch Tuesday brought a slightly different variation of events.

PC-1 (Zoo Tower, about 13 years old with a Gigabyte mobo)
This is an old PC that I mainly use for trying things out. I'd used it for a few things since the Macrium Reflect image that I'd taken just after the February Patch Tuesday and was intending to do a restore anyhow at some point. But I though I'd try the Windows Update just beforehand (nothing to lose).

2026-03 Security Update (KB5079473) (26200.8037) failed twice then went through on the 3rd attempt. I'd seen this happen before during the testing that I carried out (that eventually led to the discovery of removing the %windir%\*| entry as a workaround). However, I was never happy with the outcome as the Windows Update logs had copious failures, even for the apparently successful 3rd attempt.

So I restored the disk image and thought I'd try again, The update went straight through first time (without needing to doctor Comodo)!

PC-2 (DELL Inspiron 3670 Tower, about 6 years or so old )
In effect, was really a re-run of PC-1. Made Macrium Reflect image. Then the update went through on third attempt. So I restored the image and removed Important Files/Folders from the HIPS Protected Objects. The Windows Update went through 1st try. So I went to re-insert Important Files/Folders in HIPS Protected Objects and found that it was already there. I checked the Comodo logs and it had not been removed (I guess I must have hit Cancel when coming out of Comodo Advanced Settings screen rather than OK - a not uncommon occurrence on my part). So, as I said, in effect, a re-run of PC-1.

PC-3 (DELL Inspiron 3580 lappie about 7 years old)
I just went straight in with removing Important Files/Folders from HIPS Protected Objects and the update sailed through (not surprising).

---

I have to say I find the apparent inconsistency that occurred with both PC-1 & PC-2 perplexing to say the least. It fails twice (with two different errors reported) and then succeeds. Then after a restore it goes through without a hitch. Is it some sort of timing issue that has crept in (since 24H2?)?

BTW, a bit of background info. that may or may not be pertinent:-

All the PCs were upgraded from W10 to W11 24H2 towards the latter part of last year. In all cases I used RUFUS to create two bootable W11 installers (based an MS ISO). With RUFUS, for all 3 PCs I disabled data collection & skipped the MS online account requirement, plus for PC-1 I skipped the hardware checks (Min 4GB ram, Secure Boot & TPM 2.0).

Also after upgrading to W11 I ensured that Device Encryption was disabled.

All 3 PCs have a multitude of other tweaks (for example through WinAero Tweaker).

Also installed on all on all 3 PCs are:
- Macrium Reflect 8.0.7783 (the last free version released)
- Open-Shell
- ExplorerPatcher

And a multitude of other utilities (but the ones above are possibly ones that bind more tightly with the Windows environment).

So does any of that give anyone a brainwave as to what might be going on? All a bit 'shot in the dark', I know. But is there some thread of commonality (that we can identify) to the systems that are suffering this issue?

YES, issues started to arise with Windows 11 24H2, before everything was working fine.

Do you use Windows Defender + COMODO Firewall OR just COMODO Internet Security? Asking to understand if Windows Defender may generate a conflict with COMODO.
How did you actually discover that the windir rule was the issue?

Anyway it's not normal that this issue has been reported one year ago to COMODO team and nothing was fixed.
And it's not normal that we have either to remove a rule to make updates, or wait them to fail twice before installing

 

[the1stbazza]

YES, issues started to arise with Windows 11 24H2, before everything was working fine.

Do you use Windows Defender + COMODO Firewall OR just COMODO Internet Security? Asking to understand if Windows Defender may generate a conflict with COMODO.
How did you actually discover that the windir rule was the issue?

Anyway it's not normal that this issue has been reported one year ago to COMODO team and nothing was fixed.
And it's not normal that we have either to remove a rule to make updates, or wait them to fail twice before installing

I use Microsoft Defender AV, Windows FW + Comodo Free FW. Windows FW staying on when the likes of Comdo FW being installed is expected behaviour.

Comodo Free FW is a bit of a misnomer as it includes FW, HIPS, Containment, VirusScope and Website Filtering (plus, seemigly, some other odss & sods that are listed in Advanced Settings, Advanced Protection). Must say that I've only ever seem Comodo pick-up and report on anything for FW, HIPS & Containment.

I used to use ZoneAlarm Free many, many, many moons ago; but went off it for some reason (lost in the mists of time) and ended up with Comodo Free FW. I really like the way I am able to control and monitor inbound and outbound traffic with varying degrees of granularity. Windows FW does not lend itself in the same way at all.

I guess nothing has been fixed as Comodo FW (that we are using) is no longer a supported product.

How did I discover about windir? The short answer is trial and error by a process of elimination.

The longer answer:

I had previously (under W10) had issues installing Intel VGA drivers (both as standalone install or via Windows Update). I found that turning off HIPS and Containment overcame that issue. So I started from there. But thar didn't work.

I can't remember exactly what happended next, but I probably uninstalled Comodo and the Windows Updates worked. So it was a matter of elimination. Turning off chunks of Comodo until I found the culprit area and then drilling down further and turining off chunks within the culprit area. This lead me to the Important Files/Folders within HIPS Protected Groups and then drilled down into the makeup of Important Files/Folders. So, as I say, a process of elimination really.

 

[Behold Eck]

I use Microsoft Defender AV, Windows FW + Comodo Free FW. Windows FW staying on when the likes of Comdo FW being installed is expected behaviour.

Comodo Free FW is a bit of a misnomer as it includes FW, HIPS, Containment, VirusScope and Website Filtering (plus, seemigly, some other odss & sods that are listed in Advanced Settings, Advanced Protection). Must say that I've only ever seem Comodo pick-up and report on anything for FW, HIPS & Containment.

I used to use ZoneAlarm Free many, many, many moons ago; but went off it for some reason (lost in the mists of time) and ended up with Comodo Free FW. I really like the way I am able to control and monitor inbound and outbound traffic with varying degrees of granularity. Windows FW does not lend itself in the same way at all.

I guess nothing has been fixed as Comodo FW (that we are using) is no longer a supported product.

How did I discover about windir? The short answer is trial and error by a process of elimination.

The longer answer:

I had previously (under W10) had issues installing Intel VGA drivers (both as standalone install or via Windows Update). I found that turning off HIPS and Containment overcame that issue. So I started from there. But thar didn't work.

I can't remember exactly what happended next, but I probably uninstalled Comodo and the Windows Updates worked. So it was a matter of elimination. Turning off chunks of Comodo until I found the culprit area and then drilling down further and turining off chunks within the culprit area. This lead me to the Important Files/Folders within HIPS Protected Groups and then drilled down into the makeup of Important Files/Folders. So, as I say, a process of elimination really.

Oh is that all you have to do then ? What a run around but well done for figuring it out

I`ve still got CFW on a couple of Windows 7 PCs but for my Win 11 laptop Cyberlock is the zeroday protection component so no such hassles.

Regards Eck

 

[TheMalwareMaster]

I use Microsoft Defender AV, Windows FW + Comodo Free FW. Windows FW staying on when the likes of Comdo FW being installed is expected behaviour.

Comodo Free FW is a bit of a misnomer as it includes FW, HIPS, Containment, VirusScope and Website Filtering (plus, seemigly, some other odss & sods that are listed in Advanced Settings, Advanced Protection). Must say that I've only ever seem Comodo pick-up and report on anything for FW, HIPS & Containment.

I used to use ZoneAlarm Free many, many, many moons ago; but went off it for some reason (lost in the mists of time) and ended up with Comodo Free FW. I really like the way I am able to control and monitor inbound and outbound traffic with varying degrees of granularity. Windows FW does not lend itself in the same way at all.

I guess nothing has been fixed as Comodo FW (that we are using) is no longer a supported product.

How did I discover about windir? The short answer is trial and error by a process of elimination.

The longer answer:

I had previously (under W10) had issues installing Intel VGA drivers (both as standalone install or via Windows Update). I found that turning off HIPS and Containment overcame that issue. So I started from there. But thar didn't work.

I can't remember exactly what happended next, but I probably uninstalled Comodo and the Windows Updates worked. So it was a matter of elimination. Turning off chunks of Comodo until I found the culprit area and then drilling down further and turining off chunks within the culprit area. This lead me to the Important Files/Folders within HIPS Protected Groups and then drilled down into the makeup of Important Files/Folders. So, as I say, a process of elimination really.

CFW is still supported but you need to download CIS premium from COMODO forums and then select the customized installation to install the firewall component only