Author Topic: Problem with F-Secure AV  (Read 4066 times)

Offline Gravy

  • Newbie
  • *
  • Posts: 20
Problem with F-Secure AV
« on: July 28, 2006, 08:47:51 AM »
Hello,

I have been happily trying out Comodo Firewall for the last couple of months and was currently running the newest beta from earlier this week. Everything was going great until last night when I uninstalled Nod32 and attempted to install F-Secure AV (only the AV, not the internet security suite). I am running windows xp sp2.

The actual install of F-Secure went smoothly, the troubles didn't start until the reboot and attempted first run. Windows booted to the desktop but was very slow in showing any system icons other then volume and the mouse was doing the hourglass. Eventually the comodo icon appeared too, but the hourglass remained, system essentially locked and no wireless or AV start. I could not ctrl-alt-del either and had no way of getting into comodo to try and adjust for F-Secure. I also tried booting to safe mode (which worked fine), but could not adjust any of the comodo settings in this mode.

Next I rebooted to safe mode and uninstalled both comodo and f-secure, rebooted and manually cleaned up any remaining remnants, rebooted and installed F-Secure. This worked great and the AV program was chugging along without any problems.  Just to try and smoooth things out I disabled F-Secures browser and system file security features. I then installed Comodo and tried to make F-Secure a trusted application before rebooting. It would not allow me to turn on application control to do this though, so no-go. I went ahead and rebooted hoping it would work things out. Unfortunately I was back to the beginning - desktop loaded, comodo loaded slowly and then computer essentially locked up.

I uninstalled comodo (in safe mode again) and installed Outpost just to see if it would work with F-Secure. No problems with Outpost, everything loaded quickly and is working great.

So please advise if you have any tips on resolving this. I want to keep using F-Secure and would like to keep testing comodo firewall too. Also worth mentioning that Barclays Bank just sent free F-Secure 2-year licenses to 1.6 million customers so this is likely an important fix.
« Last Edit: July 28, 2006, 08:57:21 AM by Gravy »

Offline Gravy

  • Newbie
  • *
  • Posts: 20
Re: Problem with F-Secure AV
« Reply #1 on: July 29, 2006, 12:02:00 PM »
Did I post this in the wrong forum or something?   :-\

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: Problem with F-Secure AV
« Reply #2 on: July 29, 2006, 12:11:43 PM »
Ok, I might be stretching here, but I do know that the comodo products use some form of IE control(s) for the GUI.  You are indicating that the F-Secure comes with it's own browser... I wonder if it replaces, locks, affects the IE control(s) Comodo is using.

If this is true, Comodo is working on redoing the GUI to dump this use of the IE control(s)... so look forward to the new versions, specifically looking for the new GUI implimentation.

 (B)

Regarding your other question, I'm not certain that this is the wrong part of the forum, but I probably would have placed this thread in the CPF section.
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline Shemp Howard

  • Comodo Loves me
  • ****
  • Posts: 174
Re: Problem with F-Secure AV
« Reply #3 on: July 29, 2006, 05:26:31 PM »
I trialed f-secure 2006 av awhile back.It installed ok with comodo fw, but had issues with the mail scanner.Very similar to the avg mail scanner problems that have been reported here.I haven't tried with the Beta version though.Maybe the comodo guys can test f-secure ?

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Problem with F-Secure AV
« Reply #4 on: August 01, 2006, 05:25:51 PM »
I trialed f-secure 2006 av awhile back.It installed ok with comodo fw, but had issues with the mail scanner.Very similar to the avg mail scanner problems that have been reported here.I haven't tried with the Beta version though.Maybe the comodo guys can test f-secure ?

Hi Guys,

BETA versions will not play well with FSecure AV scanner because of FSecure activates the self defense mechanism of CPF by trying to obtain full access rights to its memory. Normally an AV would need READ access. FSecure does not do so like other antivirus programs. Since CPF does not allow any other application to change its memory, FSecure freezes whole system. We are trying to find a secure way to overcome this. But FSecure is responsible for freezing the PC. There is no reason to freeze a user's computer just because you cant scan an application.

So please report this issue to FSecure developers too.

Thanks,
Egemen

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14690
    • Video Blog
Re: Problem with F-Secure AV
« Reply #5 on: August 01, 2006, 05:35:55 PM »
Hi Guys,

BETA versions will not play well with FSecure AV scanner because of FSecure activates the self defense mechanism of CPF by trying to obtain full access rights to its memory. Normally an AV would need READ access. FSecure does not do so like other antivirus programs. Since CPF does not allow any other application to change its memory, FSecure freezes whole system. We are trying to find a secure way to overcome this. But FSecure is responsible for freezing the PC. There is no reason to freeze a user's computer just because you cant scan an application.

So please report this issue to FSecure developers too.

Thanks,
Egemen

So just to clarify:

CPF has Self protection which allows other programs to read its memory but it does not allow other programs to modify its memory! If we allowed this in CPF memory full access (that includes modification rights and not just read rights) then any application could terminate CPF and that would be a bad security practice. Other AVs dont' require a full read/write access and majority use just a read access to read the memory and scan. For whatever reason FProt wants full read/write access and because CPF is not letting it have full access only allowing read access, FProt is going into freeze.

I don't think we should reduce our security by allowing other applications have write access to CPF memory as this would then allow floodgates for malware which would use this ability to terminate CPF. I think you should get in touch with Fprot and ask them to fix this by not requiring full access to other apps memory!

So what that also means is: yes you can (or malware can) terminate outpost a lot easier than CPF which means CPF secures you much better!

Melih

Offline Gravy

  • Newbie
  • *
  • Posts: 20
Re: Problem with F-Secure AV
« Reply #6 on: August 01, 2006, 06:33:13 PM »
Hey, I am happy to see an official response! Fair enough answer too.

One thing for Melih, the AV program is F-Secure not F-Prot. Two very different programs. I suspect that F-prot would actually work with CPF as it is an excellent and very straightforward program. As for F-Secure, I will contact them too and see if they have any suggestions on this.

While it sounds like the way F-Secure works does deserve examination I don't totally buy that there isn't a way to have the firewall work with it and be secure. For that matter, Outpost doesn't shut down it just prompts me on how to handle F-Secure. From there I created a rule in the hidden process section of outpost that allows F-Secure (and only F-Secure) to do it's thing. I am not an expert but might this be flexibility rather then a weakness?

Most of all, thanks for responding and keep up the good work. I might be back to CPF soon and will definitely be back if you come up with a version that works with F-Secure OR they provide me a tip on making it work with CPF.

« Last Edit: August 01, 2006, 06:42:51 PM by Gravy »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14690
    • Video Blog
Re: Problem with F-Secure AV
« Reply #7 on: August 01, 2006, 08:16:09 PM »
Hey, I am happy to see an official response! Fair enough answer too.

One thing for Melih, the AV program is F-Secure not F-Prot. Two very different programs. I suspect that F-prot would actually work with CPF as it is an excellent and very straightforward program. As for F-Secure, I will contact them too and see if they have any suggestions on this.

While it sounds like the way F-Secure works does deserve examination I don't totally buy that there isn't a way to have the firewall work with it and be secure. For that matter, Outpost doesn't shut down it just prompts me on how to handle F-Secure. From there I created a rule in the hidden process section of outpost that allows F-Secure (and only F-Secure) to do it's thing. I am not an expert but might this be flexibility rather then a weakness?

Most of all, thanks for responding and keep up the good work. I might be back to CPF soon and will definitely be back if you come up with a version that works with F-Secure OR they provide me a tip on making it work with CPF.



oh sorry for mixing up the names :-)
I see your point about trying to get more flexibility. I think there is something in the wishlist that would give us something similar.
Be rest assured that we will continue to improve our firewall and get it as near to perfection as possible ;-)

Please keep the help coming by telling us how we can improve and by adding into our wishlist.

thanks

Melih

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek