Why Does My ConsignPro Settings File Keep Getting Deleted?

ConsignPro Settings File Not Found

This is one of the most common ConsignPro support calls we receive.  The ConsignPro settings file (cp.ini) is the second-most important file that you should be backing-up on a daily basis.  If this file “goes missing,” ConsignPro will not load.

Why did this file go missing?

The most common reasons are:


  • ConsignPro stopped responding at the end of the day
  • Antivirus software
  • Automatic backup software (specifically, Carbonite)


This file is manipulated by ConsignPro (cp.exe) when you close at the end of the day.  The ConsignPro executable tries to rename that file to cp2.ini and then make a backup of that file named cpini.bak.

That activity can seem suspicious to antivirus programs and while ConsignPro is not a malicious program, some of the actions it takes can make it appear as though it is.  When ConsignPro goes to rename that file and “work with it,” antivirus programs can see that as malicious behavior and they can delete/quarantine the cp.ini file.  This is why it’s very important to select the right antivirus program and to properly configure it.  The Computer Peeps recommend ESET Nod32 Antivirus.

This tends to happen more often after you update, because the file has a different signature than before AND it’s being manipulated by an executable program.  So for those of you who just updated to the latest version of ConsignPro and your antivirus program has been going nuts all week, now you know why.

What we do NOT recommend doing, is installing the “New Ini” file from the ConsignPro website.  All you’re doing is sweeping the issue under the rug by installing that and asking for another unlock code.  Why waste your settings with a blank file, when you can restore your previous backup?  Your cpini.bak file can be restored, even if it’s not the one from *yesterday*.  Your cp.ini file could possibly still be in the ConsignPro directory, named cp2.ini.

It’s also very important to implement the most-appropriate backup solution as well.  For ConsignPro users, The Computer Peeps recommend:


  • ConsignPro daily Shutdown backups to an external USB hard drive.
  • Nightly automatic script copies all critical ConsignPro files – e.g. .mdb, .ini, .bak, .00n, .txt, etc. – to external hard drive.
  • CrashPlan, properly configured, to backup ConsignPro backup copies to external USB hard drive + off-site.
  • Acronis True Image nightly system backups to an external USB hard drive.


If you just throw on a program such as Carbonite and tell it to backup your entire ConsignPro folder, you are going to generate collisions.  Automatic backup programs can try to work with the files as soon as there’s an update/change to them.  If ConsignPro is trying to work with the file at the same time, a collision occurs and this can result in file deletion or incomplete file names/renames.

If you would like The Computer Peeps to setup a solid, reliable, compatible, and straight-forward backup system WITH email notifications AND automatic end-of-year ConsignPro backups, give us a call at (888) 374-5422 or send us a message via our Contact Us page!





Update 11/24/2017

I wanted to post a follow-up to this, because it’s not just antivirus that’s causing this, nor does the change Brian made @ moving settings in to the database prevent this.

ConsignPro tends to ‘crash’ at the end of the day, when you’re closing the program.  The program will show Not Responding, which is usually when the person closing will click with their mouse again, which only makes it look even *more* frozen:




The following morning when the store opens, is when the person opening for the day will run into the ConsignPro settings file was not found error:




This happens because ConsignPro crashes (not doing a Try/Catch?) when renaming cp.ini to cp2.ini:




Which, I’m not sure why Brian chose to rename this file before copying it — it’s too many extra steps.  VB can copy a file and rename it in one swoop:




We’ve written our own application that checks our clients’ cp.ini file every morning and alerts if it’s not there, if cp2.ini exists, etc.


Peeps' Consignment Software ConsignPro Settings Checker
Peeps’ cp.ini Checker | Click to Enlarge


Stunnel Vulnerability | Remove or Patch Immediately


Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin.  There is a known flaw that could be utilized to inject arbitrary code and ultimately control where the connection goes.  Imagine the emails you’re trying to send to consignors and/or customers being intercepted.

That wouldn't be good...

If you think this is being hyper-sensitive, you don’t internets enough.

Any applications installed on your systems must be justified, as per the PCI DSS v2.0:

[hr size=’big’]

2.2.2 Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system.

2.2.2.b Identify any enabled insecure services, daemons, or protocols. Verify they are justified and that security features are documented and implemented.

2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.

2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers.  Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.

[hr size=’big’]

If someone is going to install 3rd party software on your computer, be sure to ask them if they are going to maintain and patch that software on a daily basis.  As a business bound by PCI DSS, applications must be patched on at least a monthly basis.  For systems storing/processing/connected-to sensitive data, applications should be patched more-frequently – i.e. daily.

Without even considering PCI DSS, it’s common sense.  An application installed with good intentions, can easily backfire on you if not properly maintained.

Days Since Last Known Java 0-day Exploit

Days Since Last Known Java Exploit

A handy website to let you know how many days its been since the last-known Java 0-day exploit.

[hr size=’big’]

[button link=”http://java-0day.com/” size=”bigger” open_new_tab=”true”]java-0day.com[/button]

[hr size=’big’]

With Java 0-day exploits appearing at the rate of one per day, it will probably come in handy.  🙂

Evernote Hacked, Change Your Password Immediately

Evernote Hacked

Heads-up, Evernote users.  Evernote is reporting they have been hacked and have issued a Security Notice.  As a safety measure, they have initiated password resets for all accounts.  Evernote has stated that no user content appears to have been compromised.

I know it’s a very common thing for people to use the same password and email address across multiple sites.  Do not do that.  Think about it, if your Evernote account was compromised and your email + password were the same for Gmail, Amazon, eBay, iTunes, etc. you would risk losing access to everything and even incurring some real expenses or data loss.

Stay safe and if you have any questions or comments, feel free to post below!

Dropbox User Emails Apparently Leaked

Dropbox Spam

Is there an echo in here?  On Dropbox’s user support forum, multiple users have reported that email addresses completely unique and intentionally obfuscated, received spam email.

Dropbox User Post
Dropbox User Post | Click to Enlarge

As users have pointed out, spammers would have to get very lucky to guess such an email address, or the user email list was compromised.

Dropbox and users have suggested this might be part of last year’s breach, but users who registered after said breach have reported receiving messages.

This is as good a time as ever to mention security and online awareness.  If you were utilizing an email address that you use for your consignment store and you signed-up for Dropbox with it, a spam email with a phishing link or other attack could find its way into your business systems.

Just be vigilant when it comes to the messages you receive and always think twice before opening messages or clicking links.

ConsignPro and Liberty Are Incompatible with Gmail

Secure Email

ConsignPro and Liberty are incompatible with Gmail or any secure email service.

Liberty4 Consignment Incompatible with Gmail
Liberty4 Consignment Incompatible with Gmail


ConsignPro Incompatible with Gmail
ConsignPro Incompatible with Gmail

Although Liberty made attempts to partially support it, it is not compatible with secure connections to Gmail today.

Why is it that free software has had built-in SSL/TLS support for years, but consignment software vendors who sell their software for $1,000 on up, haven’t added this most-basic of features?  It truly is a few lines of code, literally.  We’ve seen a lot of crappy “workarounds” which only break systems.

ConsignmentTill offers support for SSL, but in our testing the application locked-up when attempting to Test settings.

ConsignmentTill Incompatible with Gmail?
ConsignmentTill Incompatible with Gmail?

We’ll follow-up again with additional details.

ConsignmentTill supports TLS on port 587…

ConsignmentTill Supports Gmail
ConsignmentTill Supports Gmail

SBS’ The Consignment Shop supports SSL…

SBS' The Consignment Shop Software Supports SSL
SBS’ The Consignment Shop Software Supports SSL

There’s just no excuse for not supporting secure email connections and we’d like to see the consignment software vendors step up to the plate here and address this issue.  Too busy?  Too many other features to add?

By all means, if you’re a software vendor and have any feedback as to why this hasn’t been added or available for years, feel free to post your comment below.

Updated 2/18/2013 @ 3:11 PM EST – Added SBS SSL info.

Updated 2/18/2013 @ 5:35 PM EST – Added ConsignmentTill TLS info.

How To Install AdBlock Plus for Firefox [Video]

AdBlock Plus

Here is a quick video tutorial on how to download the free AdBlock Plus add-on for Firefox…

You can install the AdBlock Plus add-on, or any add-on, via your Firefox Button, then Add-ons

Firefox Add-on

The very first result is for AdBlock Plus – click Install

AdBlock Plus Add-on
AdBlock Plus Add-on | Click to Enlarge

We strongly recommend utilizing ABP not just to hide annoying ads, but as another layer of security for your system.  Many legitimate websites can have their 3rd party ads compromised, so just by using ABP, you are reducing some of the potential attack vectors you may encounter.

Speedtest.net Recently Compromised


The most popular internet speedtest site, Speedtest.net, was recently compromised.  They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.

Invincea has a fantastic dissection of the payload the infected site was delivering.  This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system.  It doesn’t have to be a *questionable* website or suspicious email that leads to infection.  Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.

There is no single solution to security.  Security is a multi-layered approach.  With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start.  By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system.  Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible.  A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.

So keep your wits about ya, folks.  Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.

For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.

Malwarebytes Update, New Look


This week, Malwarebytes released v1.70 which brings with it a slightly updated look.  The interface and program are still the same, but they’ve implemented their new logo/color palette throughout the application.



Malwarebytes' Anti-Malware Pro (Old Icon)
Malwarebytes’ Anti-Malware Pro (Old Icon)



Malwarebytes' Anti-Malware Pro (New Icon)
Malwarebytes’ Anti-Malware Pro (New Icon)

We just wanted to point this out so everyone running Malwarbytes’ Anti-Malware Pro knows MBAM is still running and protecting your system; it’s just no longer using the traditional red ‘M’ icon.

Back To Top