Yesterday I installed the latest 3.10.etc for integrated protection, and it took a few hours.
After most of the day with the telephone line disconnected whilst cleaning out ESET NOD32 and Comodo 3.5,
I reconnected the line when the installation required connecting to Comodo,
and when installation suggested a scan I allowed it - the start of my woes ! ! !
My normal Internet speed is 3 to 4 Mbps. The initial A.V. signature download trickled at 0.2 to 0.5 Mbps some of the time - and then it would stop completely and perhaps rest at zero for a minute or so before continuing. At other times it would stop and the previous Comodo screen would show that the A.V. had not been updated and I had to restart. I had to restart 4 or 5 times before it completed and was ready to scan. The only good thing was that each time I restarted the progress bar commenced further along - I was not continually reloading the same signatures every time.
The Installation scanned the whole computer, taking much more than an hour.
That scan found prcview.exe on the external drive. I recognised this as a powerful tool that my manager supplied so I could switch off the Panda A.V. which the I.T. manager insisted upon installing, even though several pages of my scripts were irretrievably destroyed by Panda (Panda never announced itself - when it froze my keyboard for 20 seconds it was exactly the same as Win95 thinking of something else and needing me to again select and delete a bad page - excepting that Panda would queue multiple page deletions in a buffer and when Panda finished scanning then instead of deleting the one bad page, I then lost another 6 good pages as well ! !)
Congratulations to Comodo for spotting something that is able to shut down anti-virus protection.
Panda A.V. always started up before I could log on. But Panda never saw what then came and hit it ! ! !
After completion of the installation I then configured as per the advice in
Configuring CIS for Max Security with Zero Alerts - Simplified by 3xist.
I then tested my Internet Speed and it was still 3.5 Mbps, so the 0.2 Mbps was not punishment by my ISP for disconnecting him for a day ! ! !
My questions :-
-
Should I expect slow speed and intermittently disrupted signature updates during normal operation,
and is there anything I can do to improve the situation ? -
The Installation scan seemed to scan all partitions on both the internal hard drive and the external hard drive,
and I recognised the drive letters of FAT32 partitions, but NTFS partitions were variants upon C:
e.g. C:1:\ C:2:\ etc (I forget the precise punctuation). Is this a result of Linux drivers that have different rules for allocating drive letters ? -
I really need this one answering - why is protection intermittent / variable ?
I logged on this afternoon for a few hours.
I logged on this evening at 19:32:09, and WIA service started running at 19:34:51.
Anti-Virus Events now show :-
Date/Time Action Location Malware Name Status
8/2/2009 7:35:54 PM Detect D:\Downloads\nfs4.exe UnclassifiedMalware@9086064 Success
8/2/2009 8:31:59 PM Detect D:\Downloads\nfs4.exe UnclassifiedMalware@9086064 Success
The first event was 63 seconds after start-up, about when Xplorer2 was launched, and one of its tabs looks at the contents of D:/Downloads,
the second event was when I used Xplorer2 to see what nfs4.exe is and when it came onto the system.
I found that nfs4.exe is a potent file splitter which could be considered hazardous, but it has been there since January.
My concerns are :-
Why did the initial total system scan find prcview.exe, but ignore nfs4.exe ?
Could it be due to it failing when it said it was scanning C:1:\ or whatever ?
Is it possible that the scan BEFORE “Configuring CIS for Max Security with Zero Alerts” was less rigorous than it is since that configuration ?
There have been no configuartion changes since yestrday, so why are these events shown for this evening, but NOT for this morning when start-up also included launch of Xplorer2 with a view of D:\ ?
regards
Alan