AV database update fails at finalizing stage.

Out of the blue, my CIS installation has stopped automatically updating the virus database. I haven’t made any system changes, other than installing Comodo Dragon, but the update issue occurred two days before installing CD.

The bug/issue
1. What you did:

Got suspicious when Windows security center produced a popup saying my AV may be out of date. When clicking the date in the summary window to manually update the database, invariably the first attempt shows a popup saying the database is up to date, and it changes the updated date/time to when I just clicked it. If I click the link again, it will start updating. It downloads and applies the bases.cav updates, but when it gets to the finalizing stage, the update process will fail saying to check my internet connection. This is perplexing, because my internet connection is solid, and it had just downloaded the bases.cav updates! What exactly happens at the finalizing stage? I suspect the failure is actually due to something other than my internet connection.

2. What actually happened or you actually saw:

My AV database hadn’t been updated for two days. (When I first noticed the problem, it hasn’t actually updated for going on 5 days now) The automatic updates apparently just silently fail without letting me know there was a problem updating. This doesn’t seem right. CIS should tell the user there is a problem before the Windows security center needs to get involved.

3. What you expected to happen or see:

I expected to have my database automatically update every 30 minutes or so as it has always done.

4. How you tried to fix it & what happened:

First I downloaded and installed the latest bases.cav manually. This gave me a more recent database than the one I had, but it still wouldn’t automatically update. I then did a clean uninstall using Revo, and reinstalled. The new installation seemed to think the database was up to date even though it only had database 1. Attempts to manually update fail as already mentioned, so I manually updated the bases.cav again. CIS is still not able to automatically update the virus database, going on 5 days now.

Edit: 11/17/10
Prior to uninstalling the AV, I had a suspicion that there could possibly be an issue with the sfi.dat file that the uninstaller leaves on the system. I did a complete uninstall of CIS using Revo, rebooted, deleted the sfi.dat file manually, ran Auslogics Registry Cleaner, rebooted, and reinstalled the full suite. Updating followed the same failure method. CIS downloaded the current bases.cav (6703), downloaded and applied all the updates to reach the current db version, then failed at the finalizing stage saying I need to check my internet connection.

5. If its an application compatibility problem have you tried the application fixes?:

N/A

6. Details (exact version) of any application involved with download link:

CIS 5.0.163652.1142. You know where to get it.

7. Whether you can make the problem happen again, and if so exact steps to make it happen:

I don’t need to take any steps to make the problem happen again. It fails all by itself every 30 minutes or so…

8. Any other information (eg your guess regarding the cause, with reasons):

I cannot even begin to guess what the cause is because it has always worked flawlessly, and I have made no system changes.

Files appended. (Please zip unless screenshots).
1. Screenshots illustrating the bug:

See below

2. Screenshots of related CIS event logs and the Defense+ Active Processes List:

Edit: Added screenshot of AV update logs. Note that they are more frequent than normal due to my attempts at manual updates.

3. A CIS config report or file.

Attached Internet Security Config.

4. Crash or freeze dump file:

N/A

Your set-up
1. CIS version, AV database version & configuration used:

5.0.163652.1142, DB 6703 (last manual bases.cav update), Internet Security Configuration.

2. a) Have you updated (without uninstall) from CIS 3 or 4:
b) if so, have you tried reinstalling (if not please do)?:

Clean install.

3. a) Have you imported a config from a previous version of CIS:
b) if so, have U tried a preset config (if not please do)?:

I never import my configuration.

4. Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. )

I enable Do Protocol Analysis in the firewall settings and stealth my ports to everyone in the Stealth Ports Wizard. I also enabled cloud scanning.

5. Defense+ and Sandbox OR Firewall security level:

D+ and Firewall are in Safe Mode, Sandbox is Enabled.

6. OS version, service pack, no of bits, UAC setting, & account type:

Windows XP Pro, Sp3. 32bit. Administrator account.

7. Other security and utility software installed:

Secunia PSI, Malwarebytes, SUPERAnti-Spyware, Hitman Pro, (Security software is on-demand, only CIS is realtime) Auslogics Disk Defrag, Auslogics Registry Cleaner, CCleaner, Revo Uninstaller.

8. Virtual machine used (Please do NOT use Virtual box):

N/A

Edit: Added another screenshot and italicized the bug form questions to help with readability.

[attachment deleted by admin]

Here’s a partial log from today. (Log goes on, but there is no point in multiple screenshots to grab it all) Still no go on the updates. It checks, updates and completes fails around 30 seconds later. Repeating every 5 or so minutes…

I’m a bit disturbed that it just fails silently like this. Note that the log just puts the entry in the Completed column, yet as witnessed by the version number of the DB before and after that the update didn’t in fact complete. CIS obviously knows it isn’t updating because of the frequency it’s checking for updates, as well as the fact that it reported to Windows security center that it was out of date, yet it’s not saying a thing to me. :o It only tells me there was a failure if I attempt to update manually.

Looks like I’m going to have to bail on the AV at this point. :frowning:

Nearly a week with no updates (other than my manual installations) with no indication from CIS that there is a problem updating isn’t encouraging behavior in a security application. If it weren’t for the security center, I would have had no indication that there was anything wrong because it just fails these automatic updates silently. :-\

[attachment deleted by admin]

As I understand it, the devs don’t actually look at bug reports unless they follow the format template supplied by mouse1.

I’m curious why this report hasn’t yet been moved to the format verified reports list. It follows the template and has as much information regarding the bug as I can give. Is there something I have missed? ???

And a side note, before uninstalling the AV, I did another troubleshooting step that was unsuccessful. I’ve added that to the initial report under item 4.

I’m currently running Avast which updates just fine. I’d still prefer to be running CAV.

On a side note. Does the problem still persist? The reason I ask because I came a cross a topic where the auto update fixed its self after two days.

Well, I had uninstalled the AV last night, but it hadn’t been updating for six days. I just reinstalled it to see what it would do now.

Same thing. It downloads the initial bases.cav, then it applies whatever updates there are, then tanks at the finalizing stage saying to check my internet connection.

Then I tried downloading and manually installing the latest bases.cav to see if maybe it may be able to update starting from their. No go. Exact same results. (Although as already stated, CIS maddeningly thinks the AV is now up to date…)

I’d really like to hear from the devs about what actually happens during the finalizing stage and why the updates fail due to my “internet connection”. Obviously there’s nothing wrong with the connection as it downloads the updates just fine, CIS just seems to have mysteriously developed a DB merging issue that even a reinstall can’t fix. :frowning:

I’m tempted to give the GeekBuddy free trial a try… :-\

Thanks for an excellent bug report, HeffD. We really do appreciate it when someone tries ahrd to make things clear.

We were just discussing it, as AV updates are a thorny issue - can they ever be 100% reliable? However you subsequent updates make it obvious that there is something very strange happening.

Forwarding to format verified now.

Best wishes

Mouse

Thanks Mouse!

Yes, I understand that updates probably can’t be 100% reliable. This is why I wasn’t overly concerned until the problem had existed for several days. I mean, I can understand an update or two failing, but dozens a day for several days is stretching the probability of even the inherent flakiness of an update infrastructure due to net congestion or whatever.

My connection is a solid 7.1Mbps VDSL2 connection. And since getting this error, I’ve run countless bandwidth and line quality tests and I’ve yet to see anything that would lead me to believe there is a problem with my connection. I’m in the U.S., and even if I run a test to a server overseas, I still have zero packet loss and very low jitter. (See screenshot) I’m convinced there is nothing wrong with my connection.

Not to mention that until a week ago, I have had no problems with updating the virus database since I installed V5 two months ago.

[attachment deleted by admin]

Hey, it updated! :o It has done so twice now! :-*

I’m hoping it’s not just coincidental that it started functioning shortly after this report was moved to the format verified list. I’d like to think the report pointed them to a server issue. Since it has been happening for a week, the timing does seem a bit too convenient to be chance. :wink:

As you can see from the screenshot, it finally updated at 9:47 this morning. Apparently the entry I’ve been seeing in the Code column is denoting the error. The code 0x80004005 is what it has been showing for the last week. Then there is the entry with the Code column blank. Apparently a blank field in this column is the mark of a successful update because this entry shows the first DB update in a week. Then there are three entries of 0x00000001, which I suspect means no update available, then another blank which again shows a new DB update.

I think it’s still early to call this resolved, but I’m keeping my fingers crossed. I’m going to be keeping an eye on it to see if the code 0x80004005 rears it’s ugly head again.

I’d still really love to hear from the developers what code 0x80004005 means, and why CIS doesn’t notify the user that automatic updates are failing.

[attachment deleted by admin]

Good questions - would be useful to know :wink:

Will leave here for now.

Please post again when happy.

Mouse

Well, it’s been 4 days now and I haven’t seen a recurrence of the dreaded 0x80004005 error.

All I’m seeing in my logs are a blank Code column when the database updates, and 0x00000001 when there is apparently no update available.

I’m going to cross my fingers and call this resolved.

I saw 0x80004005 errors too during the same time span. Details of the issue (very similar to HeffeD) and my eventual solution are in this thread: https://forums.comodo.com/antivirus-help-cis/cav-failing-to-update-solved-t64954.0.html

Bottom line: I think the AV database updater should check for the existence of c:\windows\temp before trying to use it, and then do something more reasonable if it doesn’t exist.

I wasn’t missing my Temp folder, but I find it very interesting you were experiencing the same problem at around the same time.

OK moving to resolved. PLease PM me if anything further on this.

Mouse