Author Topic: C5 and Avast anti-virus  (Read 9656 times)

Offline In

  • Comodo Member
  • **
  • Posts: 28
C5 and Avast anti-virus
« on: November 07, 2010, 04:02:21 AM »
Since installing the new version 5 on October 29th, Avast anti-virus has not logged any events in the Event Viewer.  Before that, it logged every day.  What seems to be the reason?

Thank you

Offline In

  • Comodo Member
  • **
  • Posts: 28
Re: C5 and Avast anti-virus
« Reply #1 on: November 09, 2010, 05:14:39 PM »
Does someone have an answer?

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: C5 and Avast anti-virus
« Reply #2 on: November 09, 2010, 06:36:07 PM »
I don't use Avast currently, but it could be that you're not getting an answer because you really didn't give much data to go on.

Which event viewer? Firewall or D+?
What event were you used to seeing?

It could be that since V5 silently allows trusted applications, there is nothing to report. This is only a guess because I'm really not sure what it is you're asking.

Offline spainach_12

  • Comodo's Hero
  • *****
  • Posts: 542
Re: C5 and Avast anti-virus
« Reply #3 on: November 10, 2010, 04:11:02 AM »
Avast anti-virus has not logged any events in the Event Viewer.  Before that, it logged every day.  What seems to be the reason?

Thank you

[at]HeffeD: It's avast's event viewer. :D

[at]In: Well, it's possible that Comodo Firewall's Defense +  (I'm assuming it's the firewall since you already have Avast) is blocking Avast from logging (behavior blockers often consider recording events malicious activity). But as I remember, Avast has already been whitelisted in Defense + so this is highly unlikely.

Otherwise, it is possible that there might be some conflict or Comodo ran into some problems installing and is now conflicting with Avast's regular activities. Try the diagnostic tool in the setting tab for Comodo just to be sure.

If it doesn't find any problems, it could be a bug. Please do the following instructions by dchernyakov:
Quote
Hi Guys
If you have a problem with CIS installation - the faster way developers will analyse and fix it is to support them with proper logs.
Please follow the steps below and attach created files to your report message.

1. Download DebugView from Microsoft site: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

2. Run it with administrator privileges

3. In the DebugView menu please select:
   a) menu File -> Log to file as... -> Log file edit box -> select a file (or type a filename) which you will be able to find later
   b) menu Capture -> Capture Win32
   c) menu Capture -> Capture Global Win32 (dont worry if this submenu item does not exist)

4. Using cmd.exe, run firewall installer with the following parameter: -log log.txt. This command will create log.txt file near the firewall installer.

5. After your installer shows an error message, close it, and wait for a few seconds to let all processes finish, then look for another log file:
    a) go to the your TEMP directory. Fastest way to do this is to write the following command in the cmd.exe: explorer %temp% (+ press enter). Alternatively you can write %temp% in the Windows explorer's address bar.
    b) in the TEMP directory you will find a file called approx like this: cis_10-07-19 20.23.46.log, where "10-07-19 20.23.46" is the installation date and time (of course, your actual date and time will be different)

6. a) Download Autoruns utility (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)
    b) In the downloaded archive you have two utilities: autoruns.exe and autorunsc.exe. You'll need the 1st one (autoruns.exe), run it in the command line as follows:
    autoruns.exe -v -a autoruns.arn
    c) wait till the utility finishes scanning of the system and closes. After it closes, next to the utility you will find autoruns.arn file. Zip it and send it to me via e-mail skalenchuk[at]comodo.com (please do not post it as an attachment on the the forum).

7. As a result you will have 3 log files available:
    - from point 3-a
    - from point 4
    - from point 5-b
    - from point 6-c
Please zip these files and attach to the your message (except log from 6c). I will check these files and try to assist you.

Please do not hesitate to ask questions should you find above explanation not clear.

After getting the logs, attach them with the following information (format provided by mouse1, see https://forums.comodo.com/bug-reports-cis/format-guide-just-copypaste-it-t61845.0.html):

TOPIC TITLE
This should summarize the issue. May be best to write it after drafting the issue report. A good title makes sure the right mods and the right devs look at the report

----------------------------------------------------------
The bug/issue
1. What you did:
2. What actually happened or you actually saw:
3. What you expected to happen or see:
4. How you tried to fix it & what happened:
5. If its an application compatibility problem have you tried the application fixes (see http://forums.comodo.com/bug-reports-cis/my-app-doesnt-seem-to-work-with-cis-should-i-post-a-bug-report-t62640.0.html)?:
6. Details (exact version) of any application involved with download link:
7. Whether you can make the problem happen again, and if so exact steps to make it happen:
8. Any other information (eg your guess regarding the cause, with reasons):


Files appended. (Please zip unless screenshots).
1. Screenshots illustrating the bug:
2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
3. A CIS config report or file (see https://forums.comodo.com/help-cis/comodo-firewall-procis-configuration-reporting-script-latest-version-is-0723-t20950.0.html;msg143936#msg143936 and http://help.comodo.com/topic-72-1-155-1183-importing-exporting-and-managing-personal-configurations.html).
4. Crash or freeze dump file (see http://forums.comodo.com/bug-reports-cis/materials-to-help-in-compiling-bug-reports-t26980.0.html;msg196893#msg196893)
5. The log files you've generated via abovementioned instructions.

Your set-up
1. CIS version, AV database version & configuration (see http://help.comodo.com/topic-72-1-155-1183-Importing-Exporting-and-Managing-Personal-Configurations.html) used:
2. a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?:
3. a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config (see http://help.comodo.com/topic-72-1-155-1107-Manage-My-Configurations.html)?:
4. Other major changes to the default config (eg ticked 'block all unknown requests')
5. Defense+ and Sandbox OR Firewall security level:
6. OS version, service pack, no of bits, UAC setting (see http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac), & account type (eg administrator, limited)
7. Other security and utility software installed:
8. Virtual machine used (Please do NOT use Virtual box):


Here is an example:
Quote
TOPIC TITLE
Unlimited access alerts generated for program defined as an installer/updater

The bug/issue
1. What you did: Applied the Installer/updater policy to myprog.exe, rebooted, then ran myprog.exe
2. What actually happened or you actually saw: Unlimited access alert
3. What you expected to happen or see: No alert
4. How you tried to fix it & what happened: Ticked 'don't ask again' on the alert, did not work
5. If its an application compatibility problem have you tried these fixes: Yes
6. Details (exact version) of any application involved with download link: myprog.exe v. 5.1.005 (Beta), www.xyzwprog.com/download
7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes. a) Check Myprog is installer/updater in Computer Security Policy ~ D+ rules b) run Myprog from Start menu ~ All programs ~ MyProg  c) Get Unlimited access alert d) tick don't ask again and press allow e) close program f) Re-start Myprog from same location g) get Unlimited Access alert
8. Any other information (eg your guess regarding the cause, with reasons): D+ malfunctioning under load - cpu usage was high at the time.


Files appended
1. Screenshots illustrating the bug: Appended
2. Screenshots of related CIS event logs or the Defense+ Active Processes List: Appended
3. A CIS config. report or file: Appended
4. Crash or freeze dump file: Not applicable


Your set-up
1. CIS version, AV database version & configuration used: 5.0.1000.1135, Proactive config
2. a) Have you updated (without uninstall) from CIS 3 or 4 b) if so have you tried reinstalling?: Yes, No
3. a) Have U imported a config from a previous version of CIS, b) if so have U tried a preset config?: Yes, Yes
4. Other major changes to the default config (eg ticked 'block all unknown requests', other egs  here.): No
5. Defense+ and Sandbox OR Firewall security level: Defenseplus=Safe, Sandbox=enabled
6. OS version, service pack, bits, UAC setting, & account type: Windows XP, SP3, 32 bit, None in XP, Admin account.
7. Other security and utility software installed: CAS
8. Virtual machine used: None

Hope this helps. ;)
If you want to change the system, you need to learn how to break it.

Windows 7 Starter dualboot BodhiLinux | BitDefender AV Free| Windows Firewall | NTFS File Permissions | Commandline | Spider Senses

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: C5 and Avast anti-virus
« Reply #4 on: November 10, 2010, 12:51:59 PM »
If CIS is blocking Avast, look in the firewall and Defense+ event lists. You will see an entry that some process by Avast has been blocked.

Offline spainach_12

  • Comodo's Hero
  • *****
  • Posts: 542
Re: C5 and Avast anti-virus
« Reply #5 on: November 11, 2010, 05:11:39 AM »
If CIS is blocking Avast, look in the firewall and Defense+ event lists. You will see an entry that some process by Avast has been blocked.

But this works too.  :D
If you want to change the system, you need to learn how to break it.

Windows 7 Starter dualboot BodhiLinux | BitDefender AV Free| Windows Firewall | NTFS File Permissions | Commandline | Spider Senses

Offline In

  • Comodo Member
  • **
  • Posts: 28
Re: C5 and Avast anti-virus
« Reply #6 on: November 11, 2010, 11:22:19 AM »
To clarify the Event Viewer I was referring to is in Start>Control Panel>Administrative Tools>Event Viewer.  There are 5 categories:

Application
Security
System
Antivirus
Internet Explorer

Since installing Firewall v5, the Antivirus (Avast) category has not logged any events.  It logged daily events like the other categories.  It would log daily definition updates, dates of scans and notify if there were trojans, etc.

Hope this helps in finding a solution.

Thank you



Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: C5 and Avast anti-virus
« Reply #7 on: November 11, 2010, 11:46:21 AM »
Like I said, look at the firewall and D+ event logs. If CIS is blocking anything, you'll see it there.

If there are no events blocking Avast, CIS isn't to blame for the lack of events in the Windows event viewer.

Offline In

  • Comodo Member
  • **
  • Posts: 28
Re: C5 and Avast anti-virus
« Reply #8 on: November 11, 2010, 05:36:27 PM »
I clicked on "View Firewall Events" and all entries under Application for System are Blocked under Action.  I clicked on the More button and only System is mentioned and they are all Blocked.

I clicked on "View Defence+ Events" and there is no mention of Avast.  I clicked on the More button and it says "There are no items to show".  Why is this?

I clicked on Trusted Files under Defence+ and there is mention of Avast.

I ran the Diagnostics and there was no problem.

Like I said, no events in Windows Viewer has been logged under Antivirus since installing Firewall 5.

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: C5 and Avast anti-virus
« Reply #9 on: November 11, 2010, 07:51:53 PM »
If Avast were being blocked by CIS, it would be mentioned by name in your CIS logs.

You could try uninstalling CIS and seeing if the events come back. That would of course be the definitive result.

If you still feel the lack of events in the Windows event viewer is caused by CIS, then make a bug report as mentioned by spainach_12.

Offline In

  • Comodo Member
  • **
  • Posts: 28
Re: C5 and Avast anti-virus
« Reply #10 on: November 11, 2010, 08:09:40 PM »
I should have mentioned that I only installed the Firewall v5, not the Internet Security v5.

Thanks

Offline spainach_12

  • Comodo's Hero
  • *****
  • Posts: 542
Re: C5 and Avast anti-virus
« Reply #11 on: November 12, 2010, 12:27:21 AM »
I should have mentioned that I only installed the Firewall v5, not the Internet Security v5.

Thanks

I've taken that into consideration. Still, you should try the instructions both HeffeD and I have given. You should try running the diagnostic tool first and then, HeffeD's suggestion that is to uninstall the firewall to verify if it is the one causing the problems. If the problem persists, proceed to making the logs and the bug report.  :D
If you want to change the system, you need to learn how to break it.

Windows 7 Starter dualboot BodhiLinux | BitDefender AV Free| Windows Firewall | NTFS File Permissions | Commandline | Spider Senses

Offline In

  • Comodo Member
  • **
  • Posts: 28
Re: C5 and Avast anti-virus
« Reply #12 on: November 13, 2010, 04:01:57 PM »
I uninstalled and re-installed Firewall, ran Diagnostics and there is no change.  I am not technical enough to perform logs and bug report.

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: C5 and Avast anti-virus
« Reply #13 on: November 13, 2010, 04:06:33 PM »
How long did you have the firewall uninstalled? It sounds like you immediately reinstalled it.

I wanted you to leave it uninstalled to see if the events from Avira came back.

Offline jovan111p

  • CESMUser
  • Comodo's Hero
  • *
  • Posts: 525
  • After every fall I get up, never give up!!!
    • Comodo Internet Security Complete, take a look on best protection on the Net
Re: C5 and Avast anti-virus
« Reply #14 on: November 13, 2010, 04:55:04 PM »
My Avast Pro AV 5 works perfectly well with Comodo Firewall!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek