Advice Request COMODO blocks Windows Updates with error 0x80070005

[TheMalwareMaster]

Just wondering if you tried this (this GUI is the Lycia theme)View attachment 292592Before running an update, make sure that the Network Intrusion section is empty (you'll have to click on it to open), and both Blocked Applications and Unrecognized Files are at zero.

Now run an update, and if it fails note if anything shows up in any of those sections. If Comodo is indeed the culprit I would expect to notice which module flagged it (really hope this helps!!!).

I have tried this procedure on the other machine. I firstly whitelisted all blocked applications (they were all windows services), then run the update KB5067036:

Same error:

COMODO reports no new items blocked:

But how is it possible that removing COMODO makes update work again then? If nothing is reported to be blocked

 

[cruelsister]

That's very odd. I agree with you that this obviously is not a Windows issue as uninstalling C lets you update. it you will humor me, please use the settings that you have shown in your image EXCEPT this time set the Firewall to Disabled and see if the update issue persists.

(One other thing- do you have Windows firewall enabled or disabled? it Enabled. disable it and try again- I suggest this as a few years ago there was an issue with Updates+CF+WF; so it's easy and worth a try)

m

 

[TheMalwareMaster]

CFW disabled and Windows Firewall ON: update still failed with the same error

I will try now to disable also windows firewall to see if anything changes

 

[TheMalwareMaster]

Test n.2: both firewalls disabled... Failed again... Oddly the last update check hour remained the same, but I pressed on the "download and install" button to retry the installation and it started the download and install process again

 

[Pico]

Can you check C:\VTRoot ?
Is it really empty after failed Windows Update?

 

[TheMalwareMaster]

Can you check C:\VTRoot ?
Is it really empty after failed Windows Update?

I can confirm the folder is empty.

Maybe the issue could be my COMODO configuration? I use basically Cruelsister settings, but the containment is set on "block" instead of "run restricted" for unrecognized applications

 

[caleche]

Can you test it using the default configuration?

 

[TheMalwareMaster]

Can you test it using the default configuration?

My config was the problem, can't believe it.... The update went through with the default proactive config. But how is that possible? I did not made strange modifications

 

[TheMalwareMaster]

List of settings that I modified from the proactive config:

Turned off alerts and beeps apart from "notification messages"

Firewall: "do not show popup alerts" and set to block, turned off trustconnect

HIPS off

Containment: unchecked "do not virtualize access", set "do not show elevation alerts" to "block"

Auto-containment: set all 4 default to "block and quarantine"

File evaluation: I set COMODO to block and terminate malware detected from cloud scan automatically

Virusscope: set to process malware without showing alerts

 

[bazang]

But how is that possible?

+ =

¯\_(ツ)_/¯

 

[Andy Ful]

My config was the problem, can't believe it.... The update went through with the default proactive config. But how is that possible? I did not made strange modifications

You used a silent setup (Turned off alerts and beeps apart from "notification messages"). So, some processes could be blocked silently before the update, and rules for them were saved. If the rule is saved, you will not see the alert even if you turn on notifications. In this way, the update can be blocked without any alert.
Resetting the rules to the default ones and not using silent mode can solve the problem.

However, this will not fully solve the problem of issues on SUA.

 

[Pico]

My config was the problem, can't believe it.... The update went through with the default proactive config. But how is that possible? I did not made strange modifications

Did you get any Firewall / HIPS / Containment / etc. alerts while updating with default proactive config?

 

[cruelsister]

I believe that the issue is with the Containment setting- change from "Block" to "Run Virtually". and attempt update again.

m

 

[Pico]

He found out already.

 

[rashmi]

You used a silent setup (Turned off alerts and beeps apart from "notification messages"). So, some processes could be blocked silently before the update, and rules for them were saved.

I don't remember, but I believe "silent" mode shouldn't be a problem, as it simply blocks "unknown" file alerts. I never received a Comodo alert for Windows updates.

I believe that the issue is with the Containment setting- change from "Block" to "Run Virtually". and attempt update again.

It shouldn't be a problem, as I use "Block" on one system, which had no issues updating Windows.

My system hasn't received 25H2 yet. I'll confirm updating my system enabling the stated "Block" setting. Maybe I'll turn on "silent" mode too.

 

[rashmi]

My config was the problem, can't believe it.... The update went through with the default proactive config. But how is that possible? I did not made strange modifications

Did you enable any settings in the firewall besides the defaults?

 

[TheMalwareMaster]

I believe that the issue is with the Containment setting- change from "Block" to "Run Virtually". and attempt update again.

m

I guess so but in 23H2 I had no issue with the config and also in more than 10 years of Windows 10.

I will see what happens with the next windows update

 

[TheMalwareMaster]

You used a silent setup (Turned off alerts and beeps apart from "notification messages"). So, some processes could be blocked silently before the update, and rules for them were saved. If the rule is saved, you will not see the alert even if you turn on notifications. In this way, the update can be blocked without any alert.
Resetting the rules to the default ones and not using silent mode can solve the problem.

However, this will not fully solve the problem of issues on SUA.

Yeah but I whitelisted any blocked item/unrecognized item and updates were being blocked anyway even with 0 blocked items or unrecognized files

 

[Andy Ful]

Yeah but I whitelisted any blocked item/unrecognized item and updates were being blocked anyway even with 0 blocked items or unrecognized files

1. Did you disable Comodo notifications and then enable them after the update failed?
or
2. You installed Comodo and used the enabled notifications from the beginning, but the update failed anyway.

 

[TheMalwareMaster]

1. Did you disable Comodo notifications and then enable them after the update failed?
or
2. You installed Comodo and used the enabled notifications from the beginning, but the update failed anyway.

Notifications were always disabled from the beginning and the update failed, I'll keep you posted for the next one and I will try to deep dive and see what exactly blocks.

The update succeeded on both machines when I switched from my config to the default Proactive one