CAVS 2 - initial experiences and observations

G’day all,

N.B. Questions and observations are in bold.

I downloaded CAVS 2 this morning and installed it on out test PC at work - Novell backend, semi-controlled desktop, 138K files - very untidy box. We uninstall AVG, rebooted and installed CAVS2 and did a further reboot.

The PC started up with a slightly noticeable lag. The creation ofhte user DB seemed to take FOREVER, but this may have been caused by the HIPS in CAVS 2 popping up about the myriad of startup objects on this box. It’s funny that when I clicked on remember and submit in the HIPS pop-up, straight after I did, a second poop-up appeared telling me that the object I just accepted was in the user DB.

Does this mean that it is just confirming that it has just added it, based on my input?

After getting through the initial flurry of HIPS pop-ups, it has been silent for the past two hours, even with the PC under heavy usage. There’s no noticeable lag in the running applications and scan speed it very good (138K files in 32 minutes - better than CAVS 1 and comparable to AVG, Panda and better than CrapAffee).

After completing a system scan, it reported that there were large numbers of files that were not in the Comodo safelist. I ticked “Select All” and then submit. After an inordinately long delay, the files status changed to “Added to list” (or similar wording).

There was no really clear indicator that the files had actually been submitted.
These was no really clear indicator whether these files were being submitted to the usr DB or whether they were being submitted to Comodo.

I’ve poked around the Comodo AntiVirus folder and can’t find CAVCONS.EXE or its version 2 equivalent?

Does this mean there is no command line utility for CAVS2?

Other than these, it has been a relatively seamless upgrade to V2. Performance is better than V1, HIPS is working well (will throw a few sneaky bits at it over the weekend and report back) and its generally unnoticeable (which is how it should be).

Looking good so far, but I do think a command line utility is needed for emergency work, particularly if we have to do emergency work on someone else’s PC that doesn’t have CAVS 2.

Regards,
Ewen

Gooday,
The file which is allowed by user is added into User’s allow list. As soon as you accepted the file it is added into allow list. After then every execution (either by user or system or any programs) will be allowed. This alert information message can be controled by user using HIPS advance settings.

Actually the files are added to “submit file queue”. Submit file application reads this queue and submit the file to comodo lab. How it would be if the status text is changed from “Added to list” to “Added to submit file Queue”?

Command line scanner is missed in this setup. It will be added in next setup.

regards
Kishor

G’day Kishor,

Thanks for the above answers.

The wording may be clearer if it was changed to " Files queued for submission". I think this more clearly indicates that the files WILL be submitted at a later point.

It might be an idea to produce a quick and dirty install guide with screenshots so the users know what should be taking place and an approximate timeframe on each action. This way, we could tell the users what is happening and the impending results of those actions. For example, I take it from your answer that the app builds a submission list and submits these in the background as and when the app has time or feels it will impact the system the least. If this assumption is correct, wouldn’t it be better for the users to know this in advance?

Glad to hear the command line is still in the picture.

Cheers,
ewen

Hi Panic,
This seems better “Files queued for submission” :). Thanks.
The help guide is under development and it will include each steps.
The delay between addition and submission is being removed. So as soon as it is added into queue, user can see its progress of submission. And he has control to stop / resume submission or remove from the submission list.

regards
Kishor

One small cosmetic GUI related thing - in the file submission window, the “Select All” option is always initially turned on, even if there are no files in the list or if there are files in the list but each file is NOT selected. To select all files, in htis case, you have to deselect “Selkect All” and then select “Select all” a second time.

Not a biggie, but odd.

ewen

Further CAVS 2 notes …

CAVS 2 is still working perfectly on my work test system. Only oddity Ive noticed so far is the "Select all " bug mentioned above.

The home test system is now working, dnt know what was different in the second install, but it does work and work well. Strangely, when the system is booted, I get two instances of the User Profile DB maker running. They appear to be checking the same files and one instance seems to have been invoked about 15 seconds after the other one.

The two UPDB windows exactly overlap, so I only discovered this after moving what I thought was the only window. The underlying window is, I think, the first instance started, but the two instances are rtelated. I can’t shut down, pause or exit the top instance, unless I have first stopped or shut down the bottom instance.

When I firstly hut the bottom instance and then the top instance, when the top instance closes (after selecting to not run this next time) I get an error dialogue stating it cant update autorun parameters (or words to that effect) - meaning thast whenever I turn this system on it will always start the UPDB app.

Any ideas?

Also, I get a fair few “Connection reset by server” or “Connection timed out” messages when uploading files to the CAV submission server.

Cheers,
Ewen

On the home system submitting files frequently stops when submitting a large setup file (>10MB).

Is there a file size limit to the PASV FTP transfer?

ewen

I’ve noticed that when a file submission is taking place CAVS2 on access scanner is scanning the file that is to be uploaded. Can these be excluded somehow, as it delays the upload and induces a lag on the PC. Couldn’t CAVS be coded to ignore the FTP stream from CAVSubmit.exe?

ewen

HI Panic,
Thanks for valuable bugs. We we will consiser your above suggestions.
I am curious to know that wheather do you face any hal.dll issue in Beta 2.0 on your test PC? We still could not reproduce it. Could you pl help us to reproduce it. It does not seems to be false positive problem or deleted by CAV.
If you can reproduce it pl send the troubleshoot log files.

regards
Kishor

Hey Kishork,

I haven’t had the HAL.DLL issue with CAVS2 yet, but, trust me, if I do, you’ll hear about it! LOL

I can’t reproduce it on the systems still running CAVS1. It only seemed to affect certain PCs and not others, but it DEFINITELY was caused by, or trigged by CAV. My gut feeling was that it was something to do with the autoupdate module, possibly when an update occured while the scan engine was doing something else. Just a thought.

I’ve installed CAVS2 on one of the systems that was affected by the HAL.DLL bug, but it hasn’t occured yet.

cheers,
Ewen

I just had CAVASM.EXE go nuts on the home system - running between 60-98% CPU usage. Simultaneously I had aCAV File Submit icon in the system tray that would not respond to mouse clicks. When Task Manager finally opened (with CAVASM.EXE still around 80%), I killed off the CAVSUBMIT process and CAVASM.EXE went back to sleep and the system responded as normal.

Co-incidence? I think not.

Ewen

The CAVSubmit and cavasm taking much CPU resources is expected to fix next coming version.
Thanks

CAVS2 HIPS exclude list does not accept a UNC type file path.

It would be REALLY handy if, during the install, we could specify to not include UNC type paths and or logical drives mapped to a network, and have CAVS only focus on physical drives attached locally to the PC.

cheers,
Ewen