What you did:
My CIS logging preference is set to copy log files over 25MB to a subfolder.
What actually happened or you actually saw:
Sudden change in size of logs; never before (since Comodo version 2.x) have I seen Comodo log files of this size.
What you expected to happen or see:
reasonably sized log files; similar to previous CIS versions
How you tried to fix it & what happened:
nothing yet; don’t know what to change
If its an application compatibility problem have you tried the application fixes here?:
Details & exact version of any application (execpt CIS) involved with download link:
helpsvc.exe version 5.1.2600.5997 (xpsp_sp3_gdr.100614-1759) filedate: June 14 2010, filesize: 744,448 bytes. NOTE: this is a newer filedate than the other files in that folder. I assume that is because it was updated by Windows Update… it does not appear to be malware or virus to me.
Defense+ seems to be logging configuration changes to the file C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvs.exe over and over and over again.
Whether you can make the problem happen again, and if so exact steps to make it happen:
It just happens; Not something I am causing, I don’t think.
Any other information (eg your guess regarding the cause, with reasons):
Something is happening to that file that causes Comodo defense to see it as a configuration change of some sort. I don’t use Windows help services very often, so I don’t know what could be causing changes to that file. I don’t think I have changed any other Comodo CIS settings that would cause it to log more changes than it used to. Virus scans come up clean, so I don’t know why this is happening.
Files appended. (Please zip unless screenshots).
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs and the Defense+ Active Processes List:
- A CIS config report or file. 20_01_2011_13_29_18.zip
- Crash or freeze dump file:
CIS version, AV database version & configuration used: 5.3176757.1236 AV 7470
(but this has been happening at least since first install of v 5.3x)
PS: sure would be handy if I could copy and paste that info from “about” screen instead of retyping it.
a) Have you updated (without uninstall) from CIS 3 or 4: NO - I uninstalled 3.x completely and then installed 5.1 as new installation
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
a) Have you imported a config from a previous version of CIS: NO
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Turned off cloud scanning. Turned off auto updates (I check for software and AV database updates daily or more often. Other than that, no, I don’t think so.
Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
Defense+ = clean pc mode
Sandbox = enabled
Fiirewall = safe mode
AV = stateful
OS version, service pack, number of bits, UAC setting, & account type:
XP Pro 2002 sp3 fully patched/updated, 32bit, user account w/administrator privs,
Other security and utility software installed:
Spybot S&D (teatimer not active)
Virtual machine used (Please do NOT use Virtual box): NONE
[attachment deleted by admin]