Advice Request COMODO blocks Windows Updates with error 0x80070005

[cruelsister]

@cruelsister and @caleche,

What Windows version do you use currently?

version 25H2

 

[caleche]

@cruelsister and @caleche,

What Windows version do you use currently?

Windows 11 25H2 26200.7019
Just updated to 26200.7171
I believe Comodo won't interfere with Windows updates, but misconfiguration might.

 

[TheMalwareMaster]

Back to the topic.
There is an important question for users who applied the config: Windows Defender + Comodo Firewall. Some people prefer it over CIS for good reasons.
Are the issues with Windows Updates serious problems or not?
The update KB5067036 is probably unimportant. What about other (past) updates on Windows 11?

I use this config and have the issue on 2 machines, each one with the same config. I don't know if a COMODO config contains sensitive info, but I can share it with you if you want to make further tests

 

[Andy Ful]

I use this config and have the issue on 2 machines, each one with the same config. I don't know if a COMODO config contains sensitive info, but I can share it with you if you want to make further tests

OK. Please, send me the link via Direct messages.
Comodo config can contain some paths that include your username or the names of some installed applications.

 

[TheMalwareMaster]

OK. Please, send me the link via Direct messages.
Comodo config can contain some paths that include your username or the names of some installed applications.

Update: latest security update. I used a COMODO installation where i configured it with my config without importing the file and the update was successful. HIPS ON.

Maybe it was a bugged configuration file?

 

[rashmi]

I don't know if a COMODO config contains sensitive info

The config contains your username, which you can replace in all places using Notepad. If you created a folder named after yourself and excluded it in Comodo, search for that name and replace it in all instances with Notepad.

 

[Andy Ful]

I use this config and have the issue on 2 machines, each one with the same config. I don't know if a COMODO config contains sensitive info, but I can share it with you if you want to make further tests

I imported your CFW config and disabled Microsoft Defender (just like @rashmi did). The updates were successful (on Admin account and SUA).

So far, nothing suggests that your issues with updates were caused by CFW misconfiguration. If I correctly recall, you used this config for a few years without problems. It may require some adjustments if you installed some new devices, drivers, etc.
I noticed that Comodo was smart enough to correct your user profile folder name to that used in my VM.
Your config also blocked the installation of Microsoft Store application (NanaZip). So I installed 7-Zip to unpack DefenderCotrol.

Edit.
The updates can sometimes fail due to hidden conflicts with installed software. In your case, this could happen if different software is installed on the Admin account and SUA.

 

[Zero Knowledge]

Just an observation, looking at screenshots the people who don't get WU errors or problems with Comodo with certain updates have 25H2.

I had so many problems with WU lately on 24H2, updated to 25H2 and update issues fixed. Maybe time to do a in place upgrade?

 

[Andy Ful]

I had so many problems with WU lately on 24H2, updated to 25H2 and update issues fixed. Maybe time to do a in place upgrade?

You are an optimist.

 

[Zero Knowledge]

You are an optimist.

Yeah maybe, but it's MS in all it's glory. I couldn't even update to 25H2 online, updates stuck @ 46% for hours, had to discount the internet and do an offline install.

TLDR: Usual MS ##### show.

 

[TheMalwareMaster]

I imported your CFW config and disabled Microsoft Defender (just like @rashmi did). The updates were successful (on Admin account and SUA).

View attachment 292939

So far, nothing suggests that your issues with updates were caused by CFW misconfiguration. If I correctly recall, you used this config for a few years without problems. It may require some adjustments if you installed some new devices, drivers, etc.
I noticed that Comodo was smart enough to correct your user profile folder name to that used in my VM.
Your config also blocked the installation of Microsoft Store application (NanaZip). So I installed 7-Zip to unpack DefenderCotrol.

Edit.
The updates can sometimes fail due to hidden conflicts with installed software. In your case, this could happen if different software is installed on the Admin account and SUA.

I honestly have no particular software installed. Anyway, now that I configured comodo from zero it seems to work again... Anyway on those machines Windows Defender was always enabled

 

[TheMalwareMaster]

Just an observation, looking at screenshots the people who don't get WU errors or problems with Comodo with certain updates have 25H2.

I had so many problems with WU lately on 24H2, updated to 25H2 and update issues fixed. Maybe time to do a in place upgrade?

I had the issue also on 24H2

 

[Andy Ful]

Finally, the issue has been identified. It was not Firewall but AV. I ran the test twice with the same result (Install error - 0x80070005).
The reported tests show that enabling/disabling other modules (HIPS, Auto-containment, VirusScope, Firewall, Script Analysis, Website Filtering) did not cause the KB5067036 update error. But whenever one of the disabled modules was the Antivirus module, the update failed.

In fact, the issue is quite similar to that from the OP (the same update KB5067036 and the same error). In my case (last two tests), I used CIS Proactive config with disabled HIPS and AV modules, which is almost the same setup as the Comodo Firewall config in the OP. However, I did not use the silent setup, and all tests were run on the default Admin account.

I also ran two additional tests with the installed Comodo Firewall application (Proactive config with disabled HIPS), and the KB5067036 failed as in the OP.

It is strange, but all of this suggests that the active AV component's absence may be the cause of the issue in both CIS and Comodo Firewall.

I am unsure how prevalent this issue can be. It may or may not be related to VirtualBox limitations. The problem was also present on the tested Virtual Machines with Comodo Firewall (CFW) installed (predefined configurations, HIPS ON or OFF). I installed CFW via the newest CIS Premium installer by disabling the AV module in the installation options.
The next update (KB5068861) has also been affected.
The problem can be related to the hidden conflict with Microsoft Defender. The updates were installed flawlessly when one of the following conditions was true:

1. Microsoft Defender was disabled (tested with DefenderControl, not recommended on the real machine).
2. Microsoft was enabled, but "Dev drive protection" was OFF and the system drive (usually C: ) was temporarily added to the Exclusions.

Of course, those updates installed flawlessly on the tested machines with no Comodo (Microsoft Defender default settings).

 

[Andy Ful]

Post failure repair - KB5068861.

1. CFW + MD ---> the update KB5068861 failed with error 0x80070005.
2. I temporarily changed the MD settings as in the previous post and retried the update. It failed with error 0x800f0991.
3. I completed a standard repair by using the Admin PowerShell console:
   

   net stop wuauserv
   net stop cryptSvc
   net stop bits
   net stop msiserver
   
   ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
   ren C:\Windows\System32\catroot2 catroot2.old
   
   net start wuauserv
   net start cryptSvc
   net start bits
   net start msiserver
   
   netsh winsock reset

4. After rebooting, the update was installed with no issues.
5. Finally, I restored the initial MD settings.

 

[cruelsister]

The problem can be related to the hidden conflict with Microsoft Defender

Not on my CF systems (WD and WF enabled):

 

[rashmi]

The problem can be related to the hidden conflict with Microsoft Defender. The updates were installed flawlessly when one of the following conditions was true:

1. Microsoft Defender was disabled (tested with DefenderControl, not recommended on the real machine).
2. Microsoft was enabled, but "Dev drive protection" was OFF and the system drive (usually C: ) was temporarily added to the Exclusions.

I've KB5068861 (26200.7171) installed on my real system, but I might uninstall and reinstall it to confirm failure/success with the Comodo + Defender combo. For the test, I'll use my settings in #Post69 and enable Defender.

 

[Andy Ful]

Not on my CF systems (WD and WF enabled):
View attachment 292995

I hope that the issue can only happen on some systems.
Without many additional tests, there is no way to confirm whether this is an artificial issue limited to my testing machine or if it can also occur on some real machines.
However, in the case of encountering error 0x80070005, one can try the repair actions included in my previous post.

 

[Andy Ful]

I've KB5068861 (26200.7171) installed on my real system, but I might uninstall and reinstall it to confirm failure/success with the Comodo + Defender combo. For the test, I'll use my settings in #Post69 and enable Defender.

The error 0x80070005 was reported several times on the Comodo forum. However, it is unclear if the reported errors were caused by the same (unknown) factors in relation to CIS/CFW + MD.
A possible link can be confirmed only when the failure can be healed in the way explained in my post.

 

[cruelsister]

This error has also been reported in non-Comodo systems (to the extent that MSFT has posted a Fix. Couple this with the fact that it does not happen to many systems with Comodo installed.
Logic dictates that the issue resides elsewhere.

 

[Andy Ful]

This error has also been reported in non-Comodo systems (to the extent that MSFT has posted a Fix. Couple this with the fact that it does not happen to many systems with Comodo installed.
Logic dictates that the issue resides elsewhere.

Yes. Your posts show that the relation is not a simple causation.
The core of the issue can reside elsewhere, and still, the update failure can sometimes be related to CIS/CFW and MD (as in my tests).
As an example, the death of Achilles was related to Paris, but the core of this was the beautiful Helen. In many parallel worlds where Helen would not be so beautiful, Achilles might be killed by someone else or live much longer.