I’ve installed CFP 3.0.13.268 few days ago and found some strange issue. When I try to update Active Virus Shield (antivirus based on Kaspersky Antivirus 6) CFP doesn’t correctly recognize the application which is trying to connect to the internet. Comodo Firewall shows that “System Idle Process is trying to connect to the internet”. The same thing happens when I try to receive mail (because Active Virus Shield intercepts POP3 connection to search for viruses). So Active Virus Shield needs to connect with many different IP adresses (mail servers, update servers) on many ports.
I don’t think that the rule “allow System Idle Process all internet connections” would be safe.
The strange thing is that CFP 2.4 was able to recognize Active Virus Shield’s connection attempts.
WXP SP2
Did you know that AOL Active Virus Shield is no longer a service provided by AOL? I had a look at the website the other day only to find the following:
We’re Sorry!
AOL® Active Virus Shield is no longer available.
Looking for protection from viruses, spyware and hackers?
We are now offering McAfee® Virus Scan Plus-Special edition from AOL.
Please visit AOL® Internet Security Central to find the most comprehensive FREE set of safety tools available to help keep you, your family, and your PC safer from online threats.
I run Kaspersky Antivirus 7 with CPF3 without any problems. I have noticed some blocked outgoing in the logs when KAV tries to update but then realized I had:
Block All The Unknown Requests If Application is Closed
Selected under Defense+ >>> Advanced >>> Defense+ Settings. Turned on. This, at the moment seems to have resolved that though at the same time I added KAV as a “Trusted Software Vender”
Incidentally KAV 7 only cost £11 for the year so I went ahead and bought it instead of settling for Avast or Antivir Free.
AOL Active Virus Shield is no longer available for download. But licenses are still valid and updates are also available.
Of course I can change my antivirus or just add the rule “allow system idle process to connect only with Kaspersky’s servers”. But the problem still exists: CFP 3 doesn’t recognize the application, which is trying to connect to the internet. It says (while Active Virus Shield attempts to update):
“System Idle process is a pseudo-process rather then normal process. This means the firewall could not detect the real process behind this connection request. This usually happens when a custom protocol driver is used to send/receive data instead of the standard TCP/IP driver. Many utilities such as VPN clients or packet sniffers may use their own protocol drivers to function properly. If you are not sure about what to do, it is recommended that you block this request. You can safely allow this request” (Last 2 sentences isn’t my mistake. This is word for word security considerations)
Active Virus Shield uses the standard TCP/IP driver. And CFP 2.4 recognizes it correctly (on the same computer!). I think it’s abnormal.
If CFP3 can’t determine, that exactly AVS makes connection requests, then it may miss some trojans in the future. I hope I’m wrong. :-\