Bug Reports for Beta 2.0.4.3

Hello,

A newer version of Comodo Antivirus has been released (version 2.0.5.7). We thank you for all of your feedback on the previous beta (2.0.4.3). If you are still having issues please upgrade to the latest beta version and if the issue is still there then report it in the new bug report topic.

Thank you for taking your time to test and report bugs,

Justin

EDITED: 12/7/06

I’m having the same problem since 2.0.0.1… UNC paths are not sensed properly in the HIPS “popup” and the resulting rule if requested to save… see my new image.

[attachment deleted by admin]

Hello all,

It feels like a lot of good stuff have happened since version 2.0.0.3.
Lots of serious problems are fixed but a new one has occured for me.

I am using Thunderbird 1.5.0.8 on Windows XP. Whenever I try to send an email the on-access scanner (not the email scanner) reports that all emails I am trying to send contains a virus called “email-flooder.win32.friendgreetings”.

This virus is also detected when doing a full system scan in various html and jsp pages from, among other, Sun’s JDK documentation.

My solution to this is to disable the on-access scanner. Then everything runs very smoothly.
Is this some kind of false positive?

Sincerely,

/Mattias

Similar problem here. I have just completed a full system scan and CAVS has also found ‘email-flooder.win32.friendgreetings’ in five different locations. I have submitted the files: one was a text file called gmreadme.tx, two instances of MSCAL.DEP were flagged and also MS Build.rsp.

If possible, please could someone at Comodo let me know if these are false positives - as far as I know
‘email-flooder.win32.friendgreetings’ should not create entries where CAVS says it found them.

???

Almost identical here…two instances of gmreadme.txt (which I deleted) plus MSCAL.DEP and MS Build.rsp which I quarantined and submitted for analysis.

Jim

Hi,
I have installed this new version and I have the same problem of previous versions: like I have explained here (https://forums.comodo.com/index.php/topic,3931.0.html) my Apache Server don’t work untill I uninstall Comodo AV.
You say me that I must create a rules on my firewall BUT I haven’t any firewall on my pc!

Maybe I’m not a genius… so if the problem is that I really have to create that role on my Comodo AV, it’s too difficult because I can’t found how I can do it. :cry:

Another problem… I have finished the setup since 2 hours… but my pc still work, it read from HD and CAVS use 50% of my CPU but Comodo don’t say me what it’s doing!
In the program consolle it seems that it’s doing anythings… but it’s not true.
I’m driving crazy when I can’t know what my PC is doing… so in the next release show this information to the users.

Bye!

G’day,

I get an error dialogue about “not being able to access the file” if I do anything in a CAVS pop-up while a file submission is happening.

Is it possible that the file submission list is locked while submitting (understandable if it is)?

If so, could CAVS cache any responses to pop-ups while submission is happening?

Cheers,
Ewen :slight_smile:

after testing both new releases of cf and cavs,
they seems to be working fine and better than the previous

cavs found several “email-flooder.win32.friendgreetings” on complete scan
found them on several legit applications which i frequently use
it never healed the file, but at least they’re quarantined
i still continue to use those programs without any problems

love the update being enabled on cavs and fixed previous bugs
the hanging issues were somehow fixed,
but i’ve experienced hang-ups on few occassions especially during installation of other programs
hope this will be fixed on the next release

but overall they’re working better
both cf & cavs
good job!

thanks

(:CLP)

CAVS Beta 2.0.4.3

After installation, upon restart and having entering the Windows desktop, the User’s Profiled Safelist DB scanning dialogue window did not visibly show itself until approximately a minute had elapsed (although everything else had already loaded). The length of time it took to finish running User’s Profiled Safelist DB Maker: 45 minutes and xx seconds approximately (I no longer can find that bit of info).

The following length of times for a scan to complete doesn’t change regardless whether either or both HIPS and On-Access Scan is enabled or disabled.

  • rightclick scan on one 3.06 kilobyte text file (or one 39 kilobyte sys file) takes 1 minute and 16 seconds to finish scanning
  • rightclick scan on 1 folder which itself contains 43 files and 12 folders (a variety of compressed files in both zipped and cab format, etc.), and is 234 MB’s in total size, takes 1 minute and 46 seconds.
    Seems to be a lengthy time for a 3 or 39 kb single file scan to complete?

Wording / Suggestions …

Loading scan engine. . . .

    1. the wording leaves a person with the impression that the scan engine never actually finishes loading; perhaps, once loaded, if it said “scanning files” or some alternative wording, might be more plainly indicative that it is doing that which the user set out to do, rather than continuously just displaying “loading scan engine”
    1. also, during the scan there is no visible sign of files and/or folders being scanned (an image of a monitor with lines scrolling on it, although it adds to the appearance and looks good, of itself, isn’t really saying anything)

Looking in Settings | Reports
under Troubleshoot heading it reads:
Create Troubleshoot Log. (This may affect on the performance of Comodo AntiVirus. So check it only when you face any problem and need to send this log to Comodo)
Save and send Troubleshoot log to Comodo Lab.

    1. remove the word “on”; replace the word “when” with “if” (let’s not presume there is definitely going to be problems); and instead of using the words “face any” perhaps instead use “have a”; also place a period at the end of the sentence after the word Comodo.
      It would then read like this: (This may affect the performance of Comodo AntiVirus. So check it only if you have a problem and need to send this log to Comodo.)
    1. capitalize the word log, so it then reads: Save and send Troubleshoot Log to Comodo Lab.

Looking in Settings | HIPS Application Control | General
under Security Level it reads:
Manage Allow Block List

    1. add forward slash between the words Allow and Block, e.g. Allow / Block

In the Submit Wizard window the second sentence describing its content of files says “You may add this files to submission list.”

    1. the word “these” ought to be used instead of the word “this” (e.g. “You may add these files. . . .” ).

I find CPU usage consistently remains fairly high, placing a drag on the system when attempting to use other applications. And system response times return after exiting CAVS.

And as to what was previously reported in this thread, numbers 3 and 4 remain unchanged in this beta. And because I have not received any error messages in this installation (yeah!), I don’t know if the typos in numbers 1 and 2 have been corrected.

Keep plugging away at CAVS, and it’ll only (hopefully) continue to improve and get better. Performance improvements always welcome.

Laurence

===
This system is running Windows XP Home SP2 (on NTFS), no Window Updates applied (and only several small additional programs installed), a Pentium II 350 GHz with 384 MB’s of RAM, and a 6.5 gigabyte hard drive.

Within a few minutes after installing\rebooting and scanning for trusted applications, the first Windows message box reporting a missing dll popped up and my browser (Maxthon) wouldn’t start any more because of that. Also playing video files doesn’t work anymore because another dll is also missing.
This means that the next reboot will fail because of the missing hal.dll problem, no doubt about that. This has happened with every version of CAVS I have tried, starting with 1.1, both with Windows XP and 2000.
I’ll wait with installing CAVS again until this problem has been dealt with.

USer4, we need your help in getting to bottom of this missing hal.dll issue.
it only happens in very few PCs and we really could do with your help in identifying the exact scenerio for this pls.

I would like to get our dev guys to get in touch you, if this is ok, to help identify this bug. Would you mind helping us identify this bug? if you are willing, can you pls PM me with your email address so that I can put you in touch with the dev guy pls.
thanks
Melih

I’ll do all I can to help. Hopefully this annoying problem will be no more very soon.
I think I just sent you a PM… not sure if it worked.

A problem i have found is the On Access Scanner. When running programs of various types i was unable to do anything. My PC was so sluggish. When opening task manager to see if anything had locked up or was hogging resources, there was nothing.

I was running windows & internet cleaner and it was taking forever, and i couldn’t do anything so i disabled On Access Scanner and my system was back to normal. It was doing this with a few programs, totally slowing my system down. Hope this issue is resolved. No problems for me other than that at present.

Program is looking good so far. Nice work guys. (:WIN)

Same comments from me… My system has slowed down from pre-CAVSbeta2.0.4.3 and CAVS takes a great deal memory: look this topic for more info:
https://forums.comodo.com/index.php/topic,4091.0.html

Also, my Winamp and My computer start takes from 1 minute to 15 minutes and this was in seconds before installing CAVS… So can someone say whats going on?

And now I saw one big lag when I right-clicked my Desktop to open Nvidia Control Panel. After the right click I could only see hourglass icon over Desktop, everyhting was fine with Task Manager that I had opened before to see whats going on. Desktop lagged several minutes but no change in Task Manager no program using processor over normal values. Then the lag got away and I never saw that right-click context menu. Then I tryed to start Firefox, but it took also minutes to open. I had Task Manager all the time open and didnt see anything strange going on… I really dont know whats going on… But these bugs and lags werent here before installing latest Cavs-beta… ::slight_smile:

G’day,

I’m still getting system hangs with CAVS 2.0.4.3, but not as frequently or for as long - untill today, when I had a total hang that I gave up on after 10 minutes. Mouse still worked but hourglass appeared whenever the mouse was over the desktop.

Luckily I had Task Manager open on a second monitor with CPU as the sort column and it reported “Cmain.exe” as consuming most available CPU resources. It would flick between 85% and 94%, usually hovering around the 94% mark. I don’t know how accurate these figures are, as the response within the TM window was as speedy as a pig in mud. This is the second time I’ve spotted Cmain.exe as the culprit, but still can’t put my finger on what the trigger is.

Hope this helps,
Ewen :slight_smile:

P.S. I didn’t have the troubleshooting logs turned on, as they exlicitly say not to turn them oon unless you have to. I guess I have to now. :wink: I’ll enable them tomorrow and send the logs after the next hang.

Hi
The virus definitions was modified so, there could be possible false positive. AV lab will fix it soon and you will get the fix through updates.

regards
Kishor

Hi Daniele,
Could you pl upload the troubleshoot log for further analysis?

regards
Kishor

Hi Ewen,
Its bug if it is locking the file during submission. This will be fixed.

regards
Kishor

I have a Linksys wireless router and have Upnp enabled on my PC. An Internet Gateway icon will appear down in the taskbar as long as only the Comodo firewall is installed. If Upnp is enabled this icon should appear down there.

If I install CAVS then it will stop the Upnp from working on port 2869 and the icon disappears. I still have internet access ok but the CAVS is stopping something from working on the Upnp. I have tried to find what is killing it but all I see is port 2869 just gets closed and stops working. CAVS is what is stopping the connection. I have CAVS set to the default settings and no other applications are being affected.

If I do a repair on the connection it will bring back the icon for about 5 minutes then will quite again. If I uninstall CAVS it will work correctly again.

I know this isn’t a big deal as it doesn’t stop internet access, but CAVS shouldn’t stop something from working if I allow it. I have tried disabling different parts of the AV but it doesn’t seem to make a difference.

jasper ???

After installing Beta 2.0.4.3, I have the following:

I waited until UPSDB was complete before opening applications. At that point, HIPS does not recognize Firefox; I had to authorize it separately (I submitted the file). Obviously, this is an oversight… :slight_smile:

I don’t know how rapidly the DB is being updated at Comodo; we’re on the 4th version now, and I’m still submitting some of the same files each time, that HIPS does not recognize. These would be:
ccleaner.exe
hpztsb10.exe
hkcmd.exe
igfxpers.exe
igfxsrvc.exe

They all run at startup, which means they start before completion of the UPSDB. However, so does volume control and CPF, and those aren’t triggering an alert…

I have also submitted xnview.exe with each version, which I manually open after the completion of the UPSDB; it’s still triggering.

All that’s not a big deal, just FYI…

I still have no evidence of email scanning. It seems to be installed, but no icons/progress, no certifications, and when I send email, CAVEM does not show up in Process Explorer. Install Log and EM setup file attached. I am using Outlook 2003 (11.6568.6568) SP2.

I am still getting multiple (up to three) instances of CAVSubmit running simultaneously (screenshot attached). One is always on, as long as the Submit folder appears in systray. The other two come and go, using a max of about 6% of resources (normally 1.54%). Is this supposed to be occurring?

Some more FYI…

UPSDB scanned:
88745 files
Added to the local list:
16428
in:
00:21:51

CAVSubmit peaked on file submission at 100% of resources (only lasted a couple seconds); I think it was on xnview.exe. It mostly hovered around 25%, with two forays up to 50% and 60%. This peak is just as it completes submission of each file.

I saw that CAVSM hit 64% while opening Firefox. Per Process Explorer, combined Virtual & Physical Peak was 63068K.

Guess that’s it for now… :slight_smile:

Thanks for continuing to work on this product!

LM

[attachment deleted by admin]