Author Topic: RE: CIS Virus Database Will Not Update On Windows 10 PC  (Read 2412 times)

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #15 on: May 13, 2018, 08:51:06 AM »
Update.

As per your PM PremJK, I have tried again (after rebooting and making sure proxy settings are unchecked) and here are the results. It's a mixed bag as you can see....
* First update (2 or 3 days ago) started but got stuck on the second bases file it was downloading. Eventually timed out normally (after about 5 or 10mins) so no problems there
* Second update ran fine and updated more than 2 weeks of updates. Was this just coincidence or did you guys modify the server response so CIS behaved differently?
* Third time it timed out
* Fourth update (yesterday) was, and still is, a bit of a disaster as you can see from the attached pic. The update window has been sitting there for half a day
> I've never experienced this particular situation before in the more than 5 years I've been using CIS
> Hitting 'Pause' then 'Resume' works
> Hitting 'Stop' once stopped the rotation of the percentage display. Hitting it a second time closed the update window
> Initiating update from CIS' main window or hitting 'Send to background' then hitting 'Update' results in the update window reapearing but it's stuck in the same position as it was (same as attached pic)....basically the same probem as in my original post

If you need more logs let me know.



Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3758
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #16 on: May 13, 2018, 11:02:24 AM »
Update.

As per your PM PremJK, I have tried again (after rebooting and making sure proxy settings are unchecked) and here are the results. It's a mixed bag as you can see....
* First update (2 or 3 days ago) started but got stuck on the second bases file it was downloading. Eventually timed out normally (after about 5 or 10mins) so no problems there
* Second update ran fine and updated more than 2 weeks of updates. Was this just coincidence or did you guys modify the server response so CIS behaved differently?
* Third time it timed out
* Fourth update (yesterday) was, and still is, a bit of a disaster as you can see from the attached pic. The update window has been sitting there for half a day
> I've never experienced this particular situation before in the more than 5 years I've been using CIS
> Hitting 'Pause' then 'Resume' works
> Hitting 'Stop' once stopped the rotation of the percentage display. Hitting it a second time closed the update window
> Initiating update from CIS' main window or hitting 'Send to background' then hitting 'Update' results in the update window reapearing but it's stuck in the same position as it was (same as attached pic)....basically the same probem as in my original post

If you need more logs let me know.
How many .cav files are found in C:\ProgramData\Comodo\Cis\signatures folder? You could try deleting all .cav files and either do an import of a database to see if it completes or just run the update task normally. Do this without the proxy enabled.

Offline Radar5k

  • Newbie
  • *
  • Posts: 1
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #17 on: May 13, 2018, 01:17:40 PM »
Having a similar problem here... Virus definitions are now 5 days old...

Attempting to manually download the definitions by browsing to https://www.comodo.com/home/internet-security/updates/vdp/database.php and following the link to http://download.comodo.com/av/updates58/sigs/bases/bases.cav?track=6137v times out.

Ping and traceroute to download.comodo.com work fine, but attempts to connect via HTTP from two machines (one Windows 10, the other a QNAP NAS with Debian Linux) will time-out.

Have fun!

Radarr  =8^)

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #18 on: May 13, 2018, 02:00:49 PM »
How many .cav files are found in C:\ProgramData\Comodo\Cis\signatures folder? You could try deleting all .cav files and either do an import of a database to see if it completes or just run the update task normally. Do this without the proxy enabled.

As I mentioned in my first post I can update the .CAV file manually when it's not hanging. And as for when it's hanging, from my post at the bottom of the first page I said "I just tried it now by using the latest update from another PC (Comodo main screen - About - Import Virus Database) and I can select the file but then the Explorer window closes and nothing happens." It doesn't work.
As for how many .CAV files there are; only 1. Deleting the only one there when it's stuck unfortunately makes zero difference.

Offline PremJK

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 470
  • Live and Let Live
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #19 on: May 14, 2018, 06:17:09 AM »
Hi MedNz,

Thanks for checking.
Can you also please check C:\ProgramData\Comodo\Cis\wpTemp\cavsedb folder. Are there any files? If yes, delete them and check again updates.

Kind Regards,
PremJK

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3758
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #20 on: May 14, 2018, 08:58:58 AM »
Why are you trying to import the database in the middle of an already in progress update? Of course it won't work, and you also shouldn't try deleting the databases either while it is attempting to update either. You are supposed to delete files then run the update to see if it completes while not using a proxy.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #21 on: May 14, 2018, 11:57:43 AM »
Why are you trying to import the database in the middle of an already in progress update? Of course it won't work, and you also shouldn't try deleting the databases either while it is attempting to update either. You are supposed to delete files then run the update to see if it completes while not using a proxy.

Good debugging involves doing as much as possible pre-emptively in order to help techs assess behaviour, eliminate possibilites and track bugs down. You'd expect it to come up with a message saying something like "Sorry, the update process is currently running. Please wait until it is finished before trying to import a virus database." but it didn't. I didn't code the software so I don't know if there is such a popup or not, nevertheless I did it and reported the result. Maybe it would have crashed. Maybe something else would have happened. No-one knows. Although a small thing, it may help in the debug.

and you also shouldn't try deleting the databases either while it is attempting to update either. You are supposed to delete files then run the update to see if it completes while not using a proxy.

It was someone else who tried to delete the database while it was being used.  88)

I am not a n00b (as you can clearly see from my detailed posts) so no need to assume I am one. Thank you.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #22 on: May 14, 2018, 12:01:16 PM »
Can you also please check C:\ProgramData\Comodo\Cis\wpTemp\cavsedb folder. Are there any files? If yes, delete them and check again updates.

No files in that folder. Will reboot soon and try updating again.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #23 on: May 15, 2018, 06:57:09 AM »
Rebooted and updated successfully. 9 hours later updated OK. Checked again a few minutes after that update. No new updates were available and reported as such and window closed normally. Will report back if there are any more issues. Did you do anything server-side?

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #24 on: May 16, 2018, 02:15:54 AM »
Updated manually again after another 9 hours. Current DB was v29014, started updating to v29015 and got stuck after downloading not even one byte of data. This time progress reads 2%. Went to bed and looked at it after 10hrs had elapsed and it's still stuck and hasn't timed out. Pic attached. 'Pause' works. 'Stop' closed the window but only after the second press (as mentioned in a previous post). 'Send to background' works but, as usual, the thing is stuck and same window comes up whenever I try and update.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #25 on: June 13, 2018, 03:27:06 AM »
As I predicted, the deletion and subsequent re-download of the full .CAV file has failed to fix the issue. Subsequent updates all successful until after reboot. Not sure whether this failure (on the auto, not manual update) was at the first update after reboot or subsequent update. Pic is attached.

Look forward to another remote session, Sergey!  :P
« Last Edit: June 13, 2018, 01:49:27 PM by MedNz »

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #26 on: July 07, 2018, 01:13:37 PM »
OK, here we are basically a month later and no progress. After some remote sessions with Sergey where he/we analyzed the situation, deleted the sigs file and re-downloaded it, uninstalled CIS then cleaned it up with the cleanup tool then reinstalled it, used Fiddler to analyze traffic to & from the PC etc, he was unable to rectify or find the problem. As I have mentioned to him (and maybe in my posts here too), I have a laptop on the same internet connection that does not stick like this PC does. Sergey resigned himself to the presumption that it is packet loss, but this is not the reason.
To prove this I even updated both computers simultaneously from the same sig version on more than one occasion just to see what happened and what do you know, eventually the friggin thing stuck again whilst the laptop updated without issue. The laptop will come up with the correct error(s) when indeed the packet loss is too high or it cannot connect to the Comodo servers and times out but this PC does not do this on a consistent basis. This PC has now been stuck in its stupid update loop for 12 days now so there is something wrong with the code in CIS that's not letting it display the correct error and close the bloody update window. I don't care how much packet loss there is....your code is broken and there should be code in there that shuts the update process off if there is too much packet loss, bad connectivity or whatever the condition of the connection is. Plain and simple.
Edit: Oh yeah, and don't forget the non-functioning 'Stop' & 'Pause' buttons. That can hardly be because of packet loss....
« Last Edit: July 08, 2018, 11:39:59 AM by MedNz »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24694
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #27 on: July 15, 2018, 10:27:27 AM »
MedNZ. Do you have other security programs or programs installed that interfere with networking (Netlimiter for example)?

You probably had other security programs installed in the past and uninstalled them. Sometimes an uninstaller leaves behind a service or driver which could cause hard to track instabilities.

Can you make a list of security programs you had installed in the past and then run clean up tools for those products? You can find a list of uninstallers here: https://support.eset.com/kb146/?page=content&id=SOLN146 .

Or if you are an advanced and experienced user you could use Autorun and see if you have autostarts of drivers or services of previously installed security programs.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #28 on: July 16, 2018, 09:58:12 AM »
Hi EricJH.

I have used Autoruns and saved the results to an .ARN file and attached it here.

There are currently no programs installed that interfere with networking.

There was an AV by Beijing Rising Information Technology Co., Ltd. which I uninstalled when I started to modify the setup of this PC. I think it was called 360 or something like that. I used Revo Uninstaller (Advanced Mode) to uninstall. There is no uninstall tool for that 360 AV on the Eset site so I think I'll uncheck all of those then reboot and if everything is normal, delete the drivers themselves on a subsequent reboot...unless you have any objection and plan to do something else to experiment on this system. If that goes well I'll do that for the other couple of Chinese apps' residual files / drivers.

Note that some of the File Not Found (highlighted yellow) entries in the list of drivers / .EXEs are because I have put them into the Protected Objects section of HIPS (so they never run on this system).
« Last Edit: July 16, 2018, 10:12:46 AM by MedNz »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24694
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #29 on: July 16, 2018, 11:34:55 AM »
Hi EricJH.

I have used Autoruns and saved the results to an .ARN file and attached it here.

There are currently no programs installed that interfere with networking.

There was an AV by Beijing Rising Information Technology Co., Ltd. which I uninstalled when I started to modify the setup of this PC. I think it was called 360 or something like that. I used Revo Uninstaller (Advanced Mode) to uninstall. There is no uninstall tool for that 360 AV on the Eset site so I think I'll uncheck all of those then reboot and if everything is normal, delete the drivers themselves on a subsequent reboot...unless you have any objection and plan to do something else to experiment on this system.
That is how I work. I would uncheck the drivers and reboot but not deleting the drivers (when there is no autostart they won't run and one never knows what we might want to do as part of the investigation).

Quote
If that goes well I'll do that for the other couple of Chinese apps' residual files / drivers.

Note that some of the File Not Found (highlighted yellow) entries in the list of drivers / .EXEs are because I have put them into the Protected Objects section of HIPS (so they never run on this system).
As my analysis will show you only disabled some drivers of manufacturer and left others to run.

I noticed other drivers as well. Let's take things step by step.

Thank you for the Autoruns output. That makes it very convenient to help you.


Beijing Rising Information Technology Co., Ltd
I see four autostarts for drivers
kguard.sys (Lightweight Kernel Protection against Return-to-user Attacks)
rdsys
rsutils
sysmon
And a service called QPCore

Tencent Technologies
The following driver are running
QMInject
QMUdisk
QQFmMgr
QQProtect
TSSK.SYS
There are runs a service called QPCore .
They make up a PUP:
Quote
TSSK.SYS is reported and classified as a PUP (potentially unwanted program). TSSK.SYS installs as a plugin to your Web browser, intercepting your online activities, altering the content of Web pages and search results, and displaying an outstanding amount of highly invasive advertisements.

Baidu
It has the following drivers running:
bd0001
bd0002
bd0005
BDArkit
BDDefense (this is part of Baidu AV)
BDMWrench

Can you comment on all four programs and what function they have? I only briefly looked into them.

I would say disable drivers per manufacturer. First Tecent related because it is a PUP and reboot. Then I will wait or your comment on the others.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek