AV scan freeze

Only happens if Rootkit scanning is enabled. Scanned with F-Secure Blacklight & RootkitRevealer and they both came up clean.
It does not freeze on a file but on –

If I delete my HOSTS file it freezes even earlier on another item that is not a file and only exists in the registry –
Status: JQSIEStartDetectorImpl Class

Clean boot with nothing else running.
Tried the DEP suggestion.
CIS 5.3.174622.1216
Clean install with Revo
CAV 7318
XP Pro SP3 fully patched
Athlon64 3800+

Stopping scan does not work. Only a reboot will release me from the scan freeze.

Any hints, clues, suggestions?

COMODO QA will contact with you. Can you please list all the applications you have in the computer and your operating system?

One question before I assemble a list of applications. There aren’t that many “regular” apps, but a lot of utilities and it’s going to take me a while. Are there any Windows Services that Comodo AV scan requires? Using information from BlackViper’s site I have turned off a number of Services that are not normally necessary for me.

Regarding my OS, I forgot to mention in my previous post that my XP Pro is 32 bit.

You can use SIW, Sisoft Sandra or similar program to make a system report for you.

Thanks for the suggestion. I already sent a PM to egemen yesterday with the list. I looked at some of those types of programs but unfortunately they didn’t capture a lot of what I think egemen was looking for (e.g. my Lotus 1-2-3 that won’t appear on any of those). And some were just too obscurely named to know what they did (e.g. OpenWide, an automatic dialog window sizer) so I needed to add some annotations.

Any word yet as to: “Are there any Windows Services that Comodo AV scan requires?”
Since I wrote the above sentence earlier this morning I tried enabling some likely Services and it didn’t help.

Btw, I have found that I can free the scan by closing CIS from the tray icon. Still, this is Event Log item I get when I reboot.

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 1/8/2011
Time: 12:17:00 PM
Windows saved user XXXXXXXXXXXXXXXXX registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


  1. What happen if scan immediately after install CIS and AV updates disabled? In other words - when AV database have version 1. Does it hang?

  2. Which filesystem you use on system drive?

  1. FAT32

  2. I didn’t try a scan until a few days after install. I wouldn’t look forward to doing another fresh install, but if you think it’s important I’d be glad to do so. Do you want the scan before I do any configuration of my apps and Comodo itself (not that I do anything fancy)?

Whats New in 5.3.175888.1227 ?

FIXED! AV scanning freezes if rootkit scanning is enabled

Thank you very much. The rootkit scanning was something I was particularly glad to see folded into CIS. I’ll test as soon as I can and let you know if there’s any problem.

P.S.: Tested - no problem.