AV crashes while scanning - scheduled and manual

Windows Event Viewer reported that Comodo Internet Security Helper Service terminated unexpectedly. The little window that asks you if you would like to check for an online solution, reported it as ‘cmdagent.exe’ crashed. Isn’t that a core component of Comodo? Did the firewall crash as well and I was unprotected all night? (That was a schedule scan for the full system)

I rebooted and tested the AV in a large folder to see if the error was just a fluke and it crashed again. This time Windows reported that ‘cavscan.exe’ crashed and the Fault Module was ntdll.dll. Event ID: 1000. MS database wasn’t much help in resolving this error, sense the assigned event could happen for many different reasons. I’m using Vista Ult 32-bit.

I should also report that my system was infected recently by something but I don’t remember what it was. I had Comodo delete it. That may have been just a coincidence but maybe not. Come to think of it, Defense + has been quiet lately too for a few days.

I know that I could try reinstalling but I would like to do that as a last resort. Last time I tried to export and import the config settings, the Network Security Policy section didn’t back up and I have a whole lot of rules. Perhaps it’s because I install Comodo in a different folder than its default one and its deep within the windows hierarchy? I don’t know. Is there anything I can do besides reinstalling?

In case anyone was wonder, I decided to upgrade to v3.8 and started scanning. I let it run pass the time it usually crashed and it appears to be working. I won’t know for sure until a complete scan is done over night. I see the import and export configs still doesn’t work and have to re-setup everything again from scratch. I wish there was a way to keep all the settings.

Most likely, you have DEP (Data Execution Prevention) on for all programs except the ones you exclude, and so you will have to exclude Comodod Internet Security. I forgot how to access it in xp, but I know you have to go to system properties (system icon), and then go to advanced system settings, and look for “Data Execution Prevention.”

I still get crashing when DEP is turned to essential windows programs only. I am using XP 64bit with 3.8.64263.468

Lilypad & Drewcam888

Can you please post the requested info from:

* CPU (32 bit or 64 bit)
* Operating System information (including Service Pack Version)
* Actively-running security and utility applications  (Optional if you post a  Comodo Firewall Pro Configuration Report) 
* Specific symptoms of the bug, and steps you can take to reproduce it (step by step).
* Specific steps you have taken to try to resolve it.
* Brief description of your Defense+ and  Firewall+ mode (Custom, Train with safe) plus mention if you modified any setting in ADVANCED section of D+ and F+ (Optional if you post a  Comodo Firewall Pro Configuration Report)
* If you pc reboots or you have a BSOD post in  BSODs: Please add your minidump files here
* Report if you are using an Administrator account Or a Limited User account. Vista users please Report if you have UAC Disabled or Enabled (Optional if you post a  Comodo Firewall Pro Configuration Report) 

I will move this to the bug section because i have seen more “crashing” av reports with this version.

Thanks to whoever moved my topic from AV help to AV bug report board. I guess I’m supposed to post the info that Ronny suggested here, rather than create a new post. My apology if I’m wrong.

When the AV first crashed I found out it was due to lack of system resources in the Event Viewer. (No crash window was presented) I disconnected from the net and took everything out of startup except Comodo - rebooted. Tried running the AV manually and it still crashed. This time it gave a crash window listing the details of the crash but the window was not a 'Send Report" window that you normally see. (send report is disabled) I did 2 tests to see if the details were exactly the same and they were not.

First test run - manual from the context menu
Problem signature:
Problem Event Name: APPCRASH
Application Name: cavscan.exe
Application Version: 3.8.64094.467
Application Timestamp: 4991e177
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000005
Exception Offset: 0006814c
OS Version: 6.0.6001.
Locale ID: 1033
Additional Information 1: 6c63
Additional Information 2: e2f654ba863ad85e3abcbd0151dc522a
Additional Information 3: d164
Additional Information 4: 5910a21d8dc6068c6f8dadaf25964697

Send test - manual, context menu
Problem signature:
Problem Event Name: APPCRASH
Application Name: cavscan.exe
Application Version: 3.8.64094.467
Application Timestamp: 4991e177
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000005
Exception Offset: 000659c3
OS Version: 6.0.6001.
Locale ID: 1033
Additional Information 1: 5ff6
Additional Information 2: ac15848b607253456f932ed1bb1bbe06
Additional Information 3: a8ef
Additional Information 4: 3af345149ff524c0f900faf00bf2643f

I pulled the “Report.wer” (only thing listed) from the ReportArchive from the second test. (Attached)

System specs:
CPU: Core 2 Duo E4500 (32-bit)
Vista Ultimate: All patches are current
Systray Apps: Proxomitron, eDexter, Threatfire
Specific system of the bug: Initialized a manual scan from the context menu. The AV runs for a little while and then crashes.
Specific steps to solve it: I tried upgrading Comodo and it now crashes quicker. Using v3.8.64263.468, Sig: 986
Brief description of your Defense+ & Firewall: Both set to Safe Mode
BSOD: n/a
Account Status: Admin
UAC: Disabled

[attachment deleted by admin]

Thanks for posting,

Maybe if you have some more time to test, can you run a context-menu scan on a per folder basis to see if we can pinpoint which folder/files it crashes on ?

Good call Ronny, you’re right it does crash with certain folders every time. It’s ok with the smaller size but it doesn’t seem to like the huge ones (85-179GBs) with deep hierarchies.

I noticed it does not appear to be a particular file type that it has issues with either. The files that it crashed on, the AV didn’t have any issues with the same type in smaller folders. The size of the folder and the deep directory tree structure is the only difference that I’ve noticed. The AV did provide a slightly different crash signature this time:

Problem signature:
Problem Event Name: BEX
Application Name: cavscan.exe
Application Version: 3.8.64094.467
Application Timestamp: 4991e177
Fault Module Name: unarch.cav
Fault Module Version:
Fault Module Timestamp: 4992ddf2
Exception Offset: 00020d6c
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.0.6001.
Locale ID: 1033
Additional Information 1: 456f
Additional Information 2: 6107b3ea5bc08a785d38816fbb2c2141
Additional Information 3: 92b3
Additional Information 4: 92470b6957d316385175a4a91e8ca126

The other thing that happened while testing is the icons in my Start menu changed. I’m using the old win98 style menu. These are the ones that changed: Programs, Settings, Search, Help & Support, Run and Shut Down. The icons listed above the ‘Programs menu’ were not affected. A reboot did not solve this problem.

I hope this info helps track down the problem.

I just updated Comodo when it asked to. (v3.8.64739.471) The Update details said that it will fix the AV engine crashes while scanning some files. This did not fix my problem and the AV still crashes. I can’t get the icons in the start menu to go back to the correct icons either. My ‘Run’ has a musical note and my ‘Shut Down’ has a picture I’ve never seen before. The rest, I have no idea what they look like. Any suggestions?

For the icons changing i have no idea, don’t know how that should relate to this issue, but then again, you never know, have you tried changing back to the “default” menu reboot, switch back to the old style reboot and see if that helps ?

If we are talking deep hierarchies, how deep are they ? and what is the majority of the file types in there ?
Maybe going in to those folders and try a context scan from within those folders ?

Sorry I took so long to respond, Ronny. The tree directory is deep but it doesn’t look like it’s deeper than the windows folder, so that shouldn’t be a problem. A couple of files I notice it crashing on are no_cd files. I also noticed that it crashes on a video that I’m working on for a DVD project. I tested the file to see if there was something odd about it, and no errors were reported during the render test. Isn’t the AV supposed to ignore large files?

I’ve added those files to the exclusion list but the scanner still scans and then crashes. (Tried through context menu and a manual scan) I noticed others are having a similar issue so I’m not going to start another thread. It looks like there’s not much that can be done at this point till a fix comes out; but I’m always open to suggestions. Thanks for your help.

Let’s wait and see if the new release from 3.8.x has this fixed…

Although large files are not scanned I’m not sure it won’t “touch” them to read a bit of the header at least to find out what the file type is etc…

CIS Antivirus crashes while on-demand scanning the installer of newest
Adobe Flash Player 10.x.

For more details see attached screen shots.
The first one in German. Sorry. But we will know what a dialog it is.

Is this the same issue as reported in this thread?

[attachment deleted by admin]

Is that on the latest CIS 3.8.65951.477 ?

YES, update of cis just made.
Problem still present.
Tried also with after repeat download of the installer file, from adobe server.

New issue:
Updates available - pop-up still produced.
When following the update invitation:
Push on “miscelaneous - check for updates” - “updates are available. Please click on next…”
then in final window
“There are no updates available”

Both problems solved by temporary deactivation of Vista UAC.

This was caused by the “virtualstore” feature of Vista, a “normal” users can no longer write to c:\windows and c:\program files, normally that would brake “old” applications, there for MS created a “virtualstore” on c:\users<userid>\appdata\local\virtualstore\

There where probably some files left there that caused the updater to claim there where updates.

Issue still occurs. This time with the installer of the newest winamp version.

By that I’m assuming your referring to the Crashing of the engine ?
Did you manage to get rid of the “false” update available messages ?

Can you post your system details, Like OS/Version/Language/bit 32/64.
Every other security software installed, for on-demand or real-time usage makes no difference.

If you go to Misc, About, what’s the DB version ?