CAV x64 scan looping through same files repeatedly on Win 7 Pro 64-bit.

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

Comodo Antivirus Free version 4.0.135239.742 x64 running on Windows 7 Pro 64-bit scans indefinitely without completing. My last attempt ran for over 8 hours on over 1 million files–I finally gave up and stopped the scan when I realized that the same folders and files were being scanned multiple times.

The problem appears to be the result of recursive scanning of the targets of “soft links” (a.k.a., symbolic links, or reparse points). Soft links are used in Windows 7 and Windows Vista for backward compatibility with upgrades from Windows XP. For example, the folder “C:/Documents and Settings” used in Windows XP for user profile subfolders, is now a soft link to the target folder “C:/Users” in Windows 7.

A particularly problematic soft link in Windows 7 is the folder “Application Data”, which is found under both “C:/Users/All Users” and “C:/ProgramData”. The problem being, that the target of the soft link “C:/ProgramData/Application Data” is “C:/ProgramData”; the result is that the following folder paths all point to the same place:

C:/ProgramData
C:/ProgramData/Application Data
C:/ProgramData/Application Data/Application Data
C:/ProgramData/Application Data/Application Data/Application Data
C:/ProgramData/Application Data/Application Data/Application Data/Application Data

… and so on, up to the Windows API limit of 31 levels deep of reparse point nesting.

I know–this is stupid, and I consider this to be a Windows bug; however, we and Comodo have to live with it for the time being.

I will search my disk for soft linked folders and exclude them from scans. (BTW, they have the appearance of a shortcut with the little arrow in the lower corner of the folder icon). I suggest that Comodo update their anti-virus scanner to ignore soft links (reparse points), or something like that.

Comments? Thank you.

Dave Kelly

2

Update–I have confirmed this to be a problem of reparse point recursion. I searched the disk for soft link folders and excluded all of them from CAV scans, then ran a full computer scan. The scan completed in about two hours, scanning about 750,000 files (finding 5 threats–thank you).

As noted in my original post, without having the soft link folders excluded, the scan ran indefinitely until I aborted the scan (over 8 hours, with file count over 1.7 million).

It seems to me that the CAV scanner should be programmed to ignore reparse points to avoid this condition.

3

I have confirmed the repeatability of this problem by removing all of the junction point (reparse point) exclusions that I previously entered, then I ran another scan. During the scan, the scan progress dialog displayed files like the following being scanned:

C:\Users\All Users\Application Data\Application Data\Application Da….…file.ext

As noted in a previous post, there can be up to 31 levels of junction point nesting included in the dot-dot-dots (…) above. That’s a lot of redundant scanning, disk grinding, CPU cycles and resource consumption.

I hope that somebody who works on bug-fixes is looking at this…

4

Deserves a reply, nice post Dave.
I got the same problem.