CIS scan gets stuck/aborted [M2218]

A. CIS scan gets stuck/aborted

Can you reproduce the problem & if so how reliably?:
Yes, I can reproduce it anytime. In fact, this problem is present since earlier versions of CIS (5.x, 4.x?) and since earlier versions of Windows 7. I could never ever complete a full system scan of my computer.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Tasks/Scan/Full Scan or a Custom Scan including some directories.
2: Wait.

One or two sentences explaining what actually happened:
Scan starts, zillions of files are scanned. When a certain directory gets in the focus, the “Status:” line displays the path of one or two certain files. The elapsed time clock goes on with the displayed file and the percent unchanged, with some activity from cavwp.exe. After ~5 minutes, the status line changes to “Scan Aborted”.

One or two sentences explaining what you expected to happen:
Continue scanning, and (in some hours) complete the scan.

If a software compatibility problem have you tried the advice to make programs work with CIS?:
n/a

Any software except CIS/OS involved? If so - name, & exact version:

Any other information, e.g., your guess at the cause, how you tried to fix it, etc.:
I have tried to narrow it down to the problematic files/directories but with too specific directories the scan completes successfully.
These directories contain C++/SQL source and binaries (.obj, .lib, .dll, .exe) from a previous development project of mine.

Each time the scan gets stuck/aborted, a ~240-280 MB dump is created in C:\Documents and Settings\All Users\Comodo\CisDumps.

B. MY SETUP

Exact CIS version & configuration:
CIS Premium 10.0.1.6209, DB: 26938

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
AV: Realtime Scan enabled
Firewall: Safe mode
HIPS: Disabled
Containment: Disabled for some other directories
Auto-Containment: Disabled
VirusScope: Enabled
Website Filtering: Enabled (with the defaults, I guess)

Have you made any other changes to the default config? (egs here.):
Made CIS endurable on a developer computer (e.g., disabled any auto-smartness that prevented the build system to call batch files, etc.).

Have you updated (without uninstall) from CIS 5, 6 or 7?:
Yes.

 [b]if so, have you tried a a a clean reinstall - if not please do?[/b]:

Yes.

Have you imported a config from a previous version of CIS:
Not intentionally. The updater might have done so.

 [b]if so, have you tried a standard config - if not please do[/b]:

Yes, I have tried.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 Professional SP1 x64.
UAC: enabled, default level.
Account: Administrator level.

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
none

CIS diagnostic report and dumps: https://drive.google.com/open?id=0B0KeWrzc5YJOQ0RYdmZwd3d0dkE

You should collect those dump files and compress them into an archive and provide a share link to it (google drive, onedrive,or some other file sharing service). Also to find out the file that it gets stuck on use process hacker and view the handles of the scanning cavwp process.

Hi,

I’ve tried to upload the dumps first to the Comodo Cloud (as suggested by the “Resources for bug reporters” thread) but I get a 404 for the provided link.

Here you are: https://drive.google.com/open?id=0B0KeWrzc5YJOQ0RYdmZwd3d0dkE
It’s a report created by CIS, containing the latest crash dump. (I’ve deleted the older ones.)

Regarding the problematic file(s), the GUI stucks on a file (from a set of a few, trying to re-run the scan), cavwp.exe still runs and generates millions (literally) lines of activity in ProcMon.
Custom file scan on the last displayed file(s) completes without problems. So I guess the GUI is behind the real scan progress.

Yes the scan runs faster than the GUI can show the file being scanned. But that is why you should check the open file handle that doesn’t close when it starts to hang. Anyways I have submitted your report, a Comodo staff member may come in contact with you via PM for additional info. Thanks for reporting the issue.

Maybe I was not clear enough. Under the hood, cavwp.exe simply crashes/quits so there is no open file handle I can check for. It’s only the GUI that takes minutes to recognise this situation - and I cannot close the Scan window during this time. (They could be posted as different bugs.)

There are two instances of cavwp.exe running, one with the “/ModeAvMonitor -Embedding” command line, and that is fine.
The other one is started for the custom scan, without parameters. The latter one disappears when the scan gets stuck.

Meanwhile I did a ProcMon session with filtering for the second cavwp.exe. Here is the log:

Approximately the 40% of this dump belongs to the scan, the remaining 60% is the error report/crash dump.

The last scanned files seem to be BeepHyph\Helyese.c and BeepODBCSql\BeepOdbc.cpp - both are plain C/C++ source files of a few kBs in size.
However, if I folder scan either directories (or the one after them) it completes successfully. Selecting their parent directory triggers the crash.
I have narrowed it down so much so far.

(And an annoying usability bug for the UI: Custom folder scan does not remember the last selected place, no MRU.)

Ok makes sense. Actually a bug is in the tracker “Scanning is aborted without any prompt after a long period if ‘cavwp.exe’ process is terminated” so ill bump up the version to indicate that it still happens and can occur when the scanning processes crashes.

There are two instances of cavwp.exe running, one with the "/ModeAvMonitor -Embedding" command line, and that is fine. The other one is started for the custom scan, without parameters. The latter one disappears when the scan gets stuck.

Meanwhile I did a ProcMon session with filtering for the second cavwp.exe. Here is the log:

Approximately the 40% of this dump belongs to the scan, the remaining 60% is the error report/crash dump.

The last scanned files seem to be BeepHyph\Helyese.c and BeepODBCSql\BeepOdbc.cpp - both are plain C/C++ source files of a few kBs in size.
However, if I folder scan either directories (or the one after them) it completes successfully. Selecting their parent directory triggers the crash.
I have narrowed it down so much so far.

(And an annoying usability bug for the UI: Custom folder scan does not remember the last selected place, no MRU.)

So scanning BeepHyph or BeepODBCSql folders there is no issue but scanning the parent directory that those two folders are located in is when it crashes, that is interesting and I have updated the tracker with your findings and added the link to your logfile.

OK, I managed to get the problematic file. :-TU (It took only some time due to the 5-minute timeout in case of a crash.)
It was in a directory alphabetically before the previously mentioned directories.

So here is the file that crashes cavwp.exe:

It is a message resource for a service. An ASCII text file. Should not contain any executable parts.

Yep the scan window is still reporting that the file is being scanned despite cavwp crashing. Great work added to the tracker.

edit: nvm you already did before

Seems fixed with Comodo Internet Security v10.0.1.6294.