Bug Reports for Beta 2.0.5.7

Hello,

Please report any bugs that you find in Comodo Antivirus 2.0.5.7 in this topic.

Thanks,
Panagiotis

Hi kishork

Congratullation for the new version. It works fine. No slowdowns or locks any more.

I found five bugs:

  1. After setting Hips at high level after a reboot, the pc entered in windows and after clicking at the Start button at the taskbar the computer frozen (although I could move the mouse) It happened at 18h.05m.(I attached the report)
  2. During the submit sometimes I cannot move the orizontal bar. The pointer seems that can’t select it. I had to try 5-6 times for grabbing it.
  3. After manual scan, when I selected to submit all the files, I could not close the submit wizard. I had to uncheck the “select all” box for closing it. (it would be more convinient if the wizard could popup a window or an “ok” button and to close automatically)
  4. During the submit process I came across with lot of “connection problem” and “can not connect to FTP Server”. Is there a way to make “CAV Submit” to retry automatically after a minute or two?
  5. At the reports I cannot modify the 500kb size. Is 500kb the maximum?

One suggestion:

  1. Add the possibility to close the “comodo antivirus Scan” window; and let the scan to continue in the background. Probably it will help reducing the resources used by CavSn.exe .When the window is visible CavSn.exe uses 18-33 mb and when it is minimised only 7-16mb.

[attachment deleted by admin]

I set up the HIPS to high, there were a lot of messages.
At one of the message (dll loading) I wasn’t able to to anything with the pop-up, it was frozen.

During this a full system scan was running. 1 minute later the whole PC was frozen.

Btw:
How can I start the validation process of files which starts by default after the first restart after installation?

You have to run the file UPSDbMaker.exe. You will find it under C:\Program Files\Comodo\Comodo AntiVirus\

It seems that the “On Access Scanner” cannot be disabled. Although it reports that is disabled, when I try to enable the NOD32 active scanner the system reboots.

CAVS enabled + NOD32 disabled = everything is fine
CAVS disabled + NOD32 enabled = instant reboot :o

I attached the report. The problem should be versous the end of the reports (about 3 reboots in a range of 10 minutes)

[attachment deleted by admin]

Still getting system hangs but WAAAAAAY fewer and of a markedly shorter duration (typically 2-3 secs., as opposed to 2-3 minutes). Faster bootup time to normal operations.

Overall, a huge improvement.

One odd thing I’ve noticed is whenever there is a HIPS dialogue on screen waiting for input, CPU usage of cavasm.exe is 99%. Is this normal?

ewen :slight_smile:

Hi Pandlauk,
Thanks for your input.
It could be possible that you have some system dlls which is required during system bootup or service loading but that dlls i not with us. Pls go back to HIPS medium settings and scan(on-demand) windows folder and submit all files. We will check them and add them in safelist.
Your feedback for cavSubmit is being considered for nex release.
Currently the scan report size is fixed to max of 500kb. Increasing this may reduce the on-demand scannig performance. But still we will check aagin on it.

regads
Kishor

Installation and initial scanning went without any major problems. The only thing I have noticed so far is that CAVS does not notify me that the on-access scanner is enabled when the PC starts up.

Also, when I hover over the CAVS icon it does not inform me that the on-access scanner is enabled.

Does this mean my on-access scanner is not enabled or has CAVS been modified to not show this notification?

:SMLR

Hi Pandlouk,

I’m the developer of the CAVS on-access scanner.

Thanks for your report. If the system instantly reboots after enabling NOD32 on-access, it’s most probably your system fails into BSOD (and you have “Automatically restart on system failure” option set).

Please right-click “My Computer” icon and choose “Properties”. Then go to “Advanced” tab and click “Startup and Recovery → Settings” button. Deselect “Automatically restart” checkbox and select “Small memory dump (64 KB)” under the “Write debugging information” drop-down. Restart your system.

Now please try to repeat the steps you described above. Your system should fail into BSOD. Now restart it, and locate dump file (MiniXXXXXX-XX.dmp) in the %WINDOWS%\Minidump folder (if there are more than 1 dump file, please find the latest). Post it here on forum or e-mail it directly to me for analysis.

Thanks for helping us to improve the product quality,
Alex.

I have just noticed that when I open an application that I have told HIPS to allow, the message saying it has been allowed pops up twice for each application. This did not occur with the last beta.

:SMLR

I was not sure where to put this post so please feel free to move it.

I have been trying to find out why CAVS won’t scan my emails. I am using the latest CAVS beta at work where our emails are accessed via Microsoft Exchange Server. Whilst looking into this I have come across some worrying stories.
It appears that file level anti-virus scanners, if allowed to scan certain exchange server files, can cause serious damage to those files as some of them may be deleted/quarantined. Microsoft, Norton and Mcaffee all seem to say that email scanning is not necessary anyway. I would be interested to hear some opinions on this.
Meanwhile, it does appear that on-access scanning of these files can cause some problems with exchange server database files.

Does anyone know anything about this and is it likely that CAVS could cause any problems - the initial safe list scanner does scan my exchange server database and our exchange server has crashed every day for the last week. I have now excluded the entire exchange server folder from on-access scanning just in case.
:SMLR

Here’s a different email scanning issue, using Thunderbird as the client, with large files.

Another user indicated problems using Outlook Express and receiving large WMV files, that the POP server timed out. Increasing the allowed time up to 5 minutes did not resolve the problem. I do not know what size WMV files, as he couldn’t say, and didn’t keep any. I do not know what version of CAVS as he didn’t say, and uninstalled it, returning to NIS (which apparently has some setting to “protect” against server timeouts with email scanning).

Another user in the same thread indicated similar problems, and has submitted a Support ticket.

I attempted to recreate the problem with TBird, and was successful. I sent a 7MB file, and the POP server timed out. Turning off email scanning resolved the problem. I did this with 2.0.4.3 before moving to 2.0.5.7, where I did it again.

This was from my home computer last night. I will submit a Support ticket with full details tonight.

LM

PS: when I installed 2.0.5.7 and let the SafeList Maker run, there was only one HIPS alert during that time (I did not run any software). The alert, and thus the first submission, was for the SafeListLog file! (:THNK)

It must be a dll of something that interacts with the windows grafical enviroment or with the browse folders function of xp. It happened when I tried to open my network connections folder.

I am submitting them now. 900+ dlls and exes.

ps. I noticed that Hips did not recognize some of CAVS exes. :o

Hi Alex,

Fortunatly I had the debugging information activated.
I attached the minidumps.

Here is some description of the configuration when the reboots occured:

1st. it happened at 12.53’
Cavs settings:
On Access Scanner = ON
Email Scanner = ON
Hips Application Control = ON
Automatic Updater = ON

NOD32 settings
IMON = ON (worked ok)
EMON = ON (worked ok)
DMON = ON (worked ok)
AMON = ON (instant reboot)
(with Anti-Stealth technology activated)

2nd. it happened at 12.58’
Cavs settings:
On Access Scanner = OFF
Email Scanner = ON
Hips Application Control = ON
Automatic Updater = ON

NOD32 settings
IMON = OFF
EMON = OFF
DMON = OFF
AMON = ON (instant reboot)
(with Anti-Stealth technology activated)

3rd. it happened at 1.05’
Cavs settings:
On Access Scanner = OFF
Email Scanner = OFF
Hips Application Control = ON
Automatic Updater = ON

NOD32 settings
IMON = OFF
EMON = OFF
DMON = OFF
AMON = ON (instant reboot)
(with Anti-Stealth technology activated)

4th. it happened at 1.09’
Cavs settings:
On Access Scanner = OFF
Email Scanner = OFF
Hips Application Control = OFF
Automatic Updater = OFF

NOD32 settings
IMON = OFF
EMON = OFF
DMON = OFF
AMON = ON (instant reboot)
(with Anti-Stealth technology disabled)

I included the time that the reboots happens. So you can check them at the CAVS report I submitted at the previus post. :wink:

Hope it helps,
Panagiotis

[attachment deleted by admin]

Noticed a small visual bug :). Do the following:-

  1. Right-click CAV icon and select “Disable On-Access Scanner”
  2. Right-click CAV icon and select “Enable On-Access Sacnner”
  3. Hover mouse over CAV icon

CAV reports that the on-access scanner is still disabled. See screenshot below:-

:slight_smile:

[attachment deleted by admin]

I still have multiple CAVSubmit entries showing (via Process Explorer) whenever the module is running (ie, in the systray). One stays constant, up to two (for a total of three) come and go, generally using less than 5%.

Partway through submission of one file, one spiked up to just past 50% then dropped quickly back down.

LM

I’m unable to remove an entry which isn’t located on the local computer. See screenshot below:-

:slight_smile:

Edit: I should note that I’m currently logged on locally (no network access)

[attachment deleted by admin]

I’ve been trying since about 3:00PM CST to submit one 3.61 MB file with CAVSubmit. It gets to about 60% complete and then gives me a connection error message. I just tried it again to see the exact wording, and it has changed.

Now there is no progress, and the error box says, “Some error while uploading.”

LM

I have 4 different email addresses. When the CAVS incoming scan is enabled it it almost impossible to check any of them. My email program reports error messages like
“Server:ERR permission denied”,
“Server: ERR Username or password incorrect”
or something like that.

Only occasionally checking actually works and and one of the times it did work I noticed something very strange. One of my addresses receives lots of junk mail. CAVS reported an incoming mail had an attachement that contained the Mydoom virus (or worm\trojan, whatever it is). In an online scan 13 out of 15 different scanners reported the file was infected, so CAVS was right. However, when scanning the file directly through the right click menu (or scanning the containing folder) CAVS found nothing. This was the same, unaltered file. Very strange.

Another thing, after booting the email program can’t connect immediately (it is launched automatically every time the pc starts). It takes a little while before it works\connects normally.

this could be normal depending on how the av engine starts up. If it starts up a little later in the startup sequence then your email app would have to wait for it.

The only way around this would be to have the av do some form of low level hooking or something similar.