Bug report for CAVS beta 2.0.10.37

system · March 22, 2007, 4:04pm

Hi All,
Please report bugs here for CAVS beta 2.0.10.37. Thanks all for your kind support.

regards
Kishor

panic · March 22, 2007, 10:08pm

After updating to 2.0.10.37 and rebooting, ABOUT - VERSION INFORMATION still reports as 2.0.9.30.

Ewen

Arkangyal · March 22, 2007, 10:28pm

Memory scan shows scanned objects as Folders (scanned objects:492 = Folders: 492). Is that normal?

Memory scan time seems still slow somehow: 492/162 ~3,4 object/s. However, i can configure the on demand scan to avoid memory scanning, which is nice.

Arkangyal · March 22, 2007, 10:36pm

Earlier reported bug:
netsh diag gui
run test for email

It’ll only cause error if i check the display progress indicator.

Error message (Comodo AntiVirus Email Proxy Server caused an error…):
AppName: cavemsrv.exe AppVer: 1.1.0.4 ModName: mfc71.dll
ModVer: 7.10.3077.0 Offset: 00029097

system · March 23, 2007, 4:10am

Hi Ewen,
After updating to 2.0.10.37, the program updates version will be changed to 2.0.10.37. Pls check the program updates version field.
The setup build version(2.0.9.30) will be unchanged. This makes clear that you have installed setup version 2.0.9.30 and got program updates 2.0.10.37.

regrads
Kishor

panic · March 23, 2007, 5:10am

So “Build Version” is actually referring to “Base installation version”?

system · March 23, 2007, 5:32am

Yes. The “Build version” indicates setup build version which was used to install the softawere.
And “Program updates version” show the updates version of CAV program files.
These information are helpful to technical team to provide support to user.

regards
Kishor

system · March 23, 2007, 5:39am

Hi Arkangyal,
Thanks. The memory scan count is wrongly displayed as folder object. Its minor bug and will be fixed.

regards
Kishor

system · March 23, 2007, 6:04am

Hi Arkangyal,
Does it work with factory default email settings (ie. without changing email setting)?
By default “display progress indicator” check box is selected. Do you mean it gives error if you deselect the check box and again select the the checkbox?

regards
Kishor

Arkangyal · March 23, 2007, 9:19am

Hi kishork,
I meant: if i either leave on it’s default state (which is checked) or i uncheck then re-check, it’ll cause this error. So if this switch is checked and i run the test, the server will cause an error. If i uncheck and i run the test, there’s no error message. It won’t cause any errors if i’m just clicking the checkbox. Do these answered your question?

Arki

system · March 23, 2007, 9:56am

Hi Arkangyal,
Yes. Thanks you very much.
Can you pls let me know what test you run? Which email clients you have installed and whats its version?

regards
Kishor

Arkangyal · March 23, 2007, 12:35pm

The netsh is a built-in windows application - everyone got it in the Windows -, it’s main purpose to fix/test network problems. Type in “netsh” to “Run…”, then type in “help” to get more infos about netsh commands (this netsh is like a sub-system).

I got outlook express 6.00.2900.2180 as e-mail client but i don’t know if this is e-mail client related.

Arki

Arkangyal · March 23, 2007, 4:34pm

Is it possible that CAVS forgets my quarantine (at on-access, to quarantine if disinfect fails) and memory scan (on-demand’s general) settings after an update? I guess i saw this on two computers - i only had access to these two computers, i haven’t checked others - but i’m unsure, anyone can confirm this behavior?

Kendrick · March 23, 2007, 4:36pm

Hi kishor, I wasn’t sure if I was supposed to reply here or under the 2.0.9.30 thread with my test results for the hal.dll issue. I posted the files and the results under the old thread, which is here: https://forums.comodo.com/index.php/topic,6794.msg54203.html#msg54203. Please let me know if there’s anything else I can do to help resolve this issue.

Little_Mac · March 23, 2007, 6:48pm

On-Access scanner issue. I downloaded three versions of the EICAR file - the file itself, the zipped version, and the double-zipped version. On-Demand detected it, and so did On-Access. However, OA scanner did not detect it until I opened the file and allowed it to run with HIPS. THEN it kicked in to alert me.

I know when we had the winlogon.exe deal, simply clicking on file (a left-click) was enough to set OA screaming, but on the EICAR, it does nothing until I open the actual file.

LSP issue. You know I mentioned in the “jump-the-gun” thread, pre-release of this version that the LSP failed to uninstall on two machines for 2.0.9.30. After uninstall and reboot, it was still up & running, per AutoRuns (and there was an error message during uninstall). I used LSPFix, which said there were no problems, and showed the LSP active; which I then removed. This has happened in the past and I didn’t remove it; in that scenario the email scanner failed to install the next time.

All that said, I removed the LSP on both machines. On the laptop, I uninstalled the pre-release version and installed this version directly yesterday. On the desktop, I uninstalled the pre-release version, reinstalled 2.0.9.30, and let it update to 2.0.10.37 when it went live yesterday. In both scenarios, there were no errors during install, no indications of any problems. In both scenarios, the LSP is not running. Both CavEmLSP.dll & CavInsLSP.dll are present in the CAVS folder. I have not manually run InstLsp.exe; should I do so?

LM

Roy · March 23, 2007, 7:25pm

I performed a fresh install, all went OK. Then I re-booted my pc.

Suggestion 1: hips started flashing away warning of programs immediately. Wouldn’t it be better to only activate hips after the scan for programs?

I scanned to make a user defined list… at the end of the process I said yes to submit the list. Next I performed a full virus scan. At the end CAV said that there were programs found that were not on the safelist. Did I want to submit them, I looked at the list & there were items that had appeared in the list from the first program scan… odd! So I said no to submit (as I guess you don’t want the same list twice).

I then started some programs, and had hips alerts for them… programs like firefox and thunderbird - which I thought would be on the safelist, or in my user list following the scan. So, I guess somewhere along the line the safelist process has not worked, or perhaps I did something wrong?? Donno!!

In the Hips settings, I’ve looked in the manage list section, and there are only the files I have said “ok” to manually. Where is the “comodo safelist”, can I view it?

Is there a way, other than re-installing, of performing the safelist scan again?

Thanks.
R.

NB. Just run a-squared HiJackFree for the first time with no HIPS alert. Perhaps the alerts for Firefox and thunderbird are because I have a extensions / themes installed which change the program signature???

Little_Mac · March 23, 2007, 7:39pm

Roy, the Comodo safelist is encrypted and locked away from prying eyes, to avoid corruption. Your manage list you’ve already found.

You can run the UPSDbMaker again, easily enough, without a reinstall… Navigate to c:\program files\comodo\comodo antivirus, and open the item, UPSDbMaker.exe.

There is an “Advanced” button on there, where you can select any filepath(s) you want to scan, rather than scanning everything.

LM

Arkangyal · March 23, 2007, 9:52pm

It takes a while while you guys recognise my Hungarian notepad.exe, hm?

Damitha · March 24, 2007, 1:10pm

Guys problem…

ONe of ma frndz had a virus problem and he formatted and installed again. then after installing Avast ant after running a scan he found a virus but was unable to remove it. So I asked him to try CAVS and guess what CAVS said “no problems” I’ll try to get more details about the virus/trojan

Damitha · March 24, 2007, 1:13pm

file name was dd1.msi…it was in another drive