C5 and Avast anti-virus

Since installing the new version 5 on October 29th, Avast anti-virus has not logged any events in the Event Viewer. Before that, it logged every day. What seems to be the reason?

Thank you

Does someone have an answer?

I don’t use Avast currently, but it could be that you’re not getting an answer because you really didn’t give much data to go on.

Which event viewer? Firewall or D+?
What event were you used to seeing?

It could be that since V5 silently allows trusted applications, there is nothing to report. This is only a guess because I’m really not sure what it is you’re asking.

@HeffeD: It’s avast’s event viewer.

@In: Well, it’s possible that Comodo Firewall’s Defense + (I’m assuming it’s the firewall since you already have Avast) is blocking Avast from logging (behavior blockers often consider recording events malicious activity). But as I remember, Avast has already been whitelisted in Defense + so this is highly unlikely.

Otherwise, it is possible that there might be some conflict or Comodo ran into some problems installing and is now conflicting with Avast’s regular activities. Try the diagnostic tool in the setting tab for Comodo just to be sure.

If it doesn’t find any problems, it could be a bug. Please do the following instructions by dchernyakov:

Hi Guys If you have a problem with CIS installation - the faster way developers will analyse and fix it is to support them with proper logs. Please follow the steps below and attach created files to your report message.

1. Download DebugView from Microsoft site: DebugView - Sysinternals | Microsoft Learn

2. Run it with administrator privileges

3. In the DebugView menu please select:
   a) menu File → Log to file as… → Log file edit box → select a file (or type a filename) which you will be able to find later
   b) menu Capture → Capture Win32
   c) menu Capture → Capture Global Win32 (dont worry if this submenu item does not exist)

4. Using cmd.exe, run firewall installer with the following parameter: -log log.txt. This command will create log.txt file near the firewall installer.

5. After your installer shows an error message, close it, and wait for a few seconds to let all processes finish, then look for another log file:
   a) go to the your TEMP directory. Fastest way to do this is to write the following command in the cmd.exe: explorer %temp% (+ press enter). Alternatively you can write %temp% in the Windows explorer’s address bar.
   b) in the TEMP directory you will find a file called approx like this: cis_10-07-19 20.23.46.log, where “10-07-19 20.23.46” is the installation date and time (of course, your actual date and time will be different)

6. a) Download Autoruns utility (Autoruns for Windows - Sysinternals | Microsoft Learn)
   b) In the downloaded archive you have two utilities: autoruns.exe and autorunsc.exe. You’ll need the 1st one (autoruns.exe), run it in the command line as follows:
   autoruns.exe -v -a autoruns.arn
   c) wait till the utility finishes scanning of the system and closes. After it closes, next to the utility you will find autoruns.arn file. Zip it and send it to me via e-mail skalenchuk[at]comodo.com (please do not post it as an attachment on the the forum).

7. As a result you will have 3 log files available:

   • from point 3-a
   • from point 4
   • from point 5-b
   • from point 6-c
     Please zip these files and attach to the your message (except log from 6c). I will check these files and try to assist you.

Please do not hesitate to ask questions should you find above explanation not clear.

After getting the logs, attach them with the following information (format provided by mouse1, see Comodo Forum):

TOPIC TITLE
This should summarize the issue. May be best to write it after drafting the issue report. A good title makes sure the right mods and the right devs look at the report

The bug/issue

1. What you did:
2. What actually happened or you actually saw:
3. What you expected to happen or see:
4. How you tried to fix it & what happened:
5. If its an application compatibility problem have you tried the application fixes (see https://forums.comodo.com/bug-reports-cis/my-app-doesnt-seem-to-work-with-cis-should-i-post-a-bug-report-t62640.0.html)?:
6. Details (exact version) of any application involved with download link:
7. Whether you can make the problem happen again, and if so exact steps to make it happen:
8. Any other information (eg your guess regarding the cause, with reasons):

Files appended. (Please zip unless screenshots).

1. Screenshots illustrating the bug:
2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
3. A CIS config report or file (see https://forums.comodo.com/help-cis/comodo-firewall-procis-configuration-reporting-script-latest-version-is-0723-t20950.0.html;msg143936#msg143936 and Comodo Help).
4. Crash or freeze dump file (see https://forums.comodo.com/bug-reports-cis/materials-to-help-in-compiling-bug-reports-t26980.0.html;msg196893#msg196893)
5. The log files you’ve generated via abovementioned instructions.

Your set-up

1. CIS version, AV database version & configuration (see Comodo Help) used:
2. a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?:
3. a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config (see Comodo Help)?:
4. Other major changes to the default config (eg ticked ‘block all unknown requests’)
5. Defense+ and Sandbox OR Firewall security level:
6. OS version, service pack, no of bits, UAC setting (see http://www.neowin.net/news/main/09/01/07/windows-7-whats-up-with-the-uac), & account type (eg administrator, limited)
7. Other security and utility software installed:
8. Virtual machine used (Please do NOT use Virtual box):

Here is an example:

TOPIC TITLE Unlimited access alerts generated for program defined as an installer/updater

The bug/issue

1. What you did: Applied the Installer/updater policy to myprog.exe, rebooted, then ran myprog.exe
2. What actually happened or you actually saw: Unlimited access alert
3. What you expected to happen or see: No alert
4. How you tried to fix it & what happened: Ticked ‘don’t ask again’ on the alert, did not work
5. If its an application compatibility problem have you tried these fixes: Yes
6. Details (exact version) of any application involved with download link: myprog.exe v. 5.1.005 (Beta), www.xyzwprog.com/download
7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes. a) Check Myprog is installer/updater in Computer Security Policy ~ D+ rules b) run Myprog from Start menu ~ All programs ~ MyProg c) Get Unlimited access alert d) tick don’t ask again and press allow e) close program f) Re-start Myprog from same location g) get Unlimited Access alert
8. Any other information (eg your guess regarding the cause, with reasons): D+ malfunctioning under load - cpu usage was high at the time.

Files appended

1. Screenshots illustrating the bug: Appended
2. Screenshots of related CIS event logs or the Defense+ Active Processes List: Appended
3. A CIS config. report or file: Appended
4. Crash or freeze dump file: Not applicable

Your set-up

1. CIS version, AV database version & configuration used: 5.0.1000.1135, Proactive config
2. a) Have you updated (without uninstall) from CIS 3 or 4 b) if so have you tried reinstalling?: Yes, No
3. a) Have U imported a config from a previous version of CIS, b) if so have U tried a preset config?: Yes, Yes
4. Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here.): No
5. Defense+ and Sandbox OR Firewall security level: Defenseplus=Safe, Sandbox=enabled
6. OS version, service pack, bits, UAC setting, & account type: Windows XP, SP3, 32 bit, None in XP, Admin account.
7. Other security and utility software installed: CAS
8. Virtual machine used: None

Hope this helps.

If CIS is blocking Avast, look in the firewall and Defense+ event lists. You will see an entry that some process by Avast has been blocked.

But this works too.

To clarify the Event Viewer I was referring to is in Start>Control Panel>Administrative Tools>Event Viewer. There are 5 categories:

Application
Security
System
Antivirus
Internet Explorer

Since installing Firewall v5, the Antivirus (Avast) category has not logged any events. It logged daily events like the other categories. It would log daily definition updates, dates of scans and notify if there were trojans, etc.

Hope this helps in finding a solution.

Thank you

Like I said, look at the firewall and D+ event logs. If CIS is blocking anything, you’ll see it there.

If there are no events blocking Avast, CIS isn’t to blame for the lack of events in the Windows event viewer.

I clicked on “View Firewall Events” and all entries under Application for System are Blocked under Action. I clicked on the More button and only System is mentioned and they are all Blocked.

I clicked on “View Defence+ Events” and there is no mention of Avast. I clicked on the More button and it says “There are no items to show”. Why is this?

I clicked on Trusted Files under Defence+ and there is mention of Avast.

I ran the Diagnostics and there was no problem.

Like I said, no events in Windows Viewer has been logged under Antivirus since installing Firewall 5.

If Avast were being blocked by CIS, it would be mentioned by name in your CIS logs.

You could try uninstalling CIS and seeing if the events come back. That would of course be the definitive result.

If you still feel the lack of events in the Windows event viewer is caused by CIS, then make a bug report as mentioned by spainach_12.

I should have mentioned that I only installed the Firewall v5, not the Internet Security v5.

Thanks

I’ve taken that into consideration. Still, you should try the instructions both HeffeD and I have given. You should try running the diagnostic tool first and then, HeffeD’s suggestion that is to uninstall the firewall to verify if it is the one causing the problems. If the problem persists, proceed to making the logs and the bug report.

I uninstalled and re-installed Firewall, ran Diagnostics and there is no change. I am not technical enough to perform logs and bug report.

How long did you have the firewall uninstalled? It sounds like you immediately reinstalled it.

I wanted you to leave it uninstalled to see if the events from Avira came back.

My Avast Pro AV 5 works perfectly well with Comodo Firewall!

The problem is not with Avast. It works fine! The problem is since installing Firewall 5.

And we’re trying to figure out who the actual culprit is…

You never answered my previous question.

Yes, we know that. We’re not doing anything to Avast now, are we? We’re just trying to figure out what’s up with the firewall and it started blocking avast. Is it a mis-installation? the configuration? a bug? ??? We needed you to uninstall the firewall first and see if avast is logging the events which means leaving it uninstalled for two or three days. If it does, then it verifies the firewall was indeed blocking it, but why? Uninstalling it allows us not only to verify the cause of the problem, but also allows us to immediately proceed to the second that is reinstalling.

Wait and observe for a day or two. Is Avast still logging events? If, yes, then the problem would have been solved. If it suddenly stopped, then it’s possible it’s not a misinstallation. Is it the configuration? Maybe. Check the whitelist. See if Avast is a trusted vendor. If not, then put it in the list of trusted vendors. Reboot and observe. Otherwise, it’s possibly a bug and would require you to make a log. Just follow the instructions. Every step has been clearly described for the less “technical” as you call it. ;D

Hi

I uninstalled Commodo and had it uninstalled for a week. I re-installed it and there were still no loggings for Avast. Apparently, Avast is no longer doing so. I can check the scan logs whenever I scan.
However, it is mentioned as a trusted file in Defence+.

Thank you for your time.

Then it is possible for it to be a bug. :-\ We’re gonna have to make a log for that.