Avast anti-virus has not logged any events in the Event Viewer. Before that, it logged every day. What seems to be the reason?
Thank you
[at]HeffeD: It's avast's event viewer.
[at]In: Well, it's possible that Comodo Firewall's Defense + (I'm assuming it's the firewall since you already have Avast) is blocking Avast from logging (behavior blockers often consider recording events malicious activity). But as I remember, Avast has already been whitelisted in Defense + so this is highly unlikely.
Otherwise, it is possible that there might be some conflict or Comodo ran into some problems installing and is now conflicting with Avast's regular activities. Try the diagnostic tool in the setting tab for Comodo just to be sure.
If it doesn't find any problems, it could be a bug. Please do the following instructions by dchernyakov:
Hi Guys
If you have a problem with CIS installation - the faster way developers will analyse and fix it is to support them with proper logs.
Please follow the steps below and attach created files to your report message.
1. Download DebugView from Microsoft site: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx
2. Run it with administrator privileges
3. In the DebugView menu please select:
a) menu File -> Log to file as... -> Log file edit box -> select a file (or type a filename) which you will be able to find later
b) menu Capture -> Capture Win32
c) menu Capture -> Capture Global Win32 (dont worry if this submenu item does not exist)
4. Using cmd.exe, run firewall installer with the following parameter: -log log.txt. This command will create log.txt file near the firewall installer.
5. After your installer shows an error message, close it, and wait for a few seconds to let all processes finish, then look for another log file:
a) go to the your TEMP directory. Fastest way to do this is to write the following command in the cmd.exe: explorer %temp% (+ press enter). Alternatively you can write %temp% in the Windows explorer's address bar.
b) in the TEMP directory you will find a file called approx like this: cis_10-07-19 20.23.46.log, where "10-07-19 20.23.46" is the installation date and time (of course, your actual date and time will be different)
6. a) Download Autoruns utility (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)
b) In the downloaded archive you have two utilities: autoruns.exe and autorunsc.exe. You'll need the 1st one (autoruns.exe), run it in the command line as follows:
autoruns.exe -v -a autoruns.arn
c) wait till the utility finishes scanning of the system and closes. After it closes, next to the utility you will find autoruns.arn file. Zip it and send it to me via e-mail skalenchuk[at]comodo.com (please do not post it as an attachment on the the forum).
7. As a result you will have 3 log files available:
- from point 3-a
- from point 4
- from point 5-b
- from point 6-c
Please zip these files and attach to the your message (except log from 6c). I will check these files and try to assist you.
Please do not hesitate to ask questions should you find above explanation not clear.
After getting the logs, attach them with the following information (format provided by mouse1, see
https://forums.comodo.com/bug-reports-cis/format-guide-just-copypaste-it-t61845.0.html):
TOPIC TITLE
This should summarize the issue. May be best to write it after drafting the issue report. A good title makes sure the right mods and the right devs look at the report
----------------------------------------------------------
The bug/issue
1. What you did:
2. What actually happened or you actually saw:
3. What you expected to happen or see:
4. How you tried to fix it & what happened:
5. If its an application compatibility problem have you tried the application fixes (see
http://forums.comodo.com/bug-reports-cis/my-app-doesnt-seem-to-work-with-cis-should-i-post-a-bug-report-t62640.0.html)?:
6. Details (exact version) of any application involved with download link:
7. Whether you can make the problem happen again, and if so exact steps to make it happen:
8. Any other information (eg your guess regarding the cause, with reasons):
Files appended. (Please zip unless screenshots).
1. Screenshots illustrating the bug:
2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
3. A CIS config report or file (see
https://forums.comodo.com/help-cis/comodo-firewall-procis-configuration-reporting-script-latest-version-is-0723-t20950.0.html;msg143936#msg143936 and
http://help.comodo.com/topic-72-1-155-1183-importing-exporting-and-managing-personal-configurations.html).
4. Crash or freeze dump file (see
http://forums.comodo.com/bug-reports-cis/materials-to-help-in-compiling-bug-reports-t26980.0.html;msg196893#msg196893)
5. The log files you've generated via abovementioned instructions.
Your set-up
1. CIS version, AV database version & configuration (see
http://help.comodo.com/topic-72-1-155-1183-Importing-Exporting-and-Managing-Personal-Configurations.html) used:
2. a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?:
3. a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config (see
http://help.comodo.com/topic-72-1-155-1107-Manage-My-Configurations.html)?:
4. Other major changes to the default config (eg ticked 'block all unknown requests')
5. Defense+ and Sandbox OR Firewall security level:
6. OS version, service pack, no of bits, UAC setting (see
http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac), & account type (eg administrator, limited)
7. Other security and utility software installed:
8. Virtual machine used (Please do NOT use Virtual box):
Here is an example:
TOPIC TITLE
Unlimited access alerts generated for program defined as an installer/updater
The bug/issue
1. What you did: Applied the Installer/updater policy to myprog.exe, rebooted, then ran myprog.exe
2. What actually happened or you actually saw: Unlimited access alert
3. What you expected to happen or see: No alert
4. How you tried to fix it & what happened: Ticked 'don't ask again' on the alert, did not work
5. If its an application compatibility problem have you tried these fixes: Yes
6. Details (exact version) of any application involved with download link: myprog.exe v. 5.1.005 (Beta), www.xyzwprog.com/download
7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes. a) Check Myprog is installer/updater in Computer Security Policy ~ D+ rules b) run Myprog from Start menu ~ All programs ~ MyProg c) Get Unlimited access alert d) tick don't ask again and press allow e) close program f) Re-start Myprog from same location g) get Unlimited Access alert
8. Any other information (eg your guess regarding the cause, with reasons): D+ malfunctioning under load - cpu usage was high at the time.
Files appended
1. Screenshots illustrating the bug: Appended
2. Screenshots of related CIS event logs or the Defense+ Active Processes List: Appended
3. A CIS config. report or file: Appended
4. Crash or freeze dump file: Not applicable
Your set-up
1. CIS version, AV database version & configuration used: 5.0.1000.1135, Proactive config
2. a) Have you updated (without uninstall) from CIS 3 or 4 b) if so have you tried reinstalling?: Yes, No
3. a) Have U imported a config from a previous version of CIS, b) if so have U tried a preset config?: Yes, Yes
4. Other major changes to the default config (eg ticked 'block all unknown requests', other egs here.): No
5. Defense+ and Sandbox OR Firewall security level: Defenseplus=Safe, Sandbox=enabled
6. OS version, service pack, bits, UAC setting, & account type: Windows XP, SP3, 32 bit, None in XP, Admin account.
7. Other security and utility software installed: CAS
8. Virtual machine used: None
Hope this helps.
