Recently, I’ve been seeing many crypt32 related errors in my event log:
“Failed auto update retrieval of third-party root list sequence number from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt with error: This network connection does not exist.”
With Event Viewer, avast 6 Setup.log, and Comodo’s firewall log open I saw the pattern… for each avast definitions update roughly every four hours (allowed in firewall) the firewall log showed application cmdagent.exe attempting to connect to 127.0.0.1:12080 (avast WebShield proxy, so it was probably trying to connect to a remote host) and being blocked (Comodo Internet Security is set to a Blocked Application in Network Security Policy) and those events corresponded to one or more crypt32 errors in the event log. So naturally I tested the theory by manually triggering an avast definitions update check (none available, it was up to date) and sure enough it worked again. These things are related somehow.
Next I unblocked Comodo Internet Security and triggered another avast update check (none was available). This time, no blocked cmdagent.exe, I saw an info item in the event log:
“Successful auto update retrieval of third-party root list sequence number from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt”
and saw the associated HTTP GET as well. I compared the avast log entries from both manually triggered update checks and saw no differences in logged avast behavior. So I’m not sure this is directly related to avast. However, it clearly appears to be related to Comodo and the blocking of cmdagent.exe. I am unable to duplicate the earlier error scenario at least for the moment. Perhaps I’ll be able to after a certain amount of time elapses and that retrieval needs to take place again. For now, I’m trying to make some sense of what I saw.
Admittedly, it is probably unusual to set Comodo Internet Security to a Blocked Application in Network Security Policy. I recently decided to do that just to play it extra safe and make sure no info was getting sent to Comodo’s cloud whatever. What I’m mainly curious about at the moment is why an avast update causes cmdagent.exe to try to fetch that certificates related file. I need to reread some stuff, but I believe I’ve read that Windows will periodically fetch that if the Update Root Certificates component is installed (which it is on my XP box). Anyone have some thoughts to share on what is going on here? Thanks in advance.