Comodo antivirus component of Comodo Internet Security corrupts EFS files

see original post:

Last night (01-24-2009) I finally determined that the antivirus component of Comodo’s Internet Security for Vista 32 Ultimate apparently caused the corrupted EFS contents. I found this out through the following steps:

1.) Removed my 250 Gb notebook internal hard drive. Replaced with new 320 Gb SATA Hitachi notebook hard drive.

2.) Installed full install Vista Ultimate with SP1 from Windows Anytime Upgrade Pack DVD. No network connection yet, because no Realtek driver installed.

3.) Created text file and turned on EFS encryption.

4.) Rebooted, and still able to read correct EFS encrypted contents.

5.) Installed Realteck driver previously downloaded from Toshiba website.

6.) Connected to Internet with Vista firewall turned on and downloaded 45 Microsoft Vista patches.

7.) Rebooted, and still able to read correct EFS encrypted contents.

8.) Downloaded and installed Comodo Internet Security and installed both Comodo firewall and Comodo antivirus components.

9.) Rebooted, but EFS contents now corrupted.

10.) Uninstalled Comodo firewall but retained Comodo antivirus.

11.) Rebooted, but EFS contents still corrupted.

12.) Uninstalled Comodo antivirus.

13.) Rebooted and EFS contents no longer corrupted.

14.) Reinstall Comodo firewall, but not Comodo antivirus.

15.) Reboot and EFS contents still not corrupted.

16.) Download and install Avira antivirus.

17.) Rebooted and EFS contents still not corrupted.

18.) Removed 320 Gb hard drive and replaced with original 250 Gb hard drive.

19.) Uninstalled Comodo antivirus, but retained Comodo firewall, version 3.5.5173.439.

20.) All but 6 EFS encrypted file contents now not corrupted.

21.) Installed Avira antivirus. EFS contents still not corrupted.

I will also post the preceding on a Comodo forum, as I like Comodo products.

Will provide follow-up post if any EFS problems re-emerge.

I can confirm this bug.

After I had installed Antivirus component of CIS (instead of avira), I began to notice that some of my efs encrypted files occasionally become corrupted. But I wasn’t able to reproduce this bug at my will.
Finally today I’ve found the stable way to reproduce this issue.

Initial conditions: Vista SP1 32bit, CIS without the latest virus database.

  1. Create a folder.
  2. Create 3 or more *.txt files in that folder.
  3. Turn on the efs encryption for this folder and all included files.
  4. Restart the computer.
  5. Open the first text file; do not open others.
  6. Update CIS virus database.
  7. Open the first text file: it’s not corrupted.
  8. Open other text files: they ARE CORRUPTED.
  9. Reboot the computer: all files are readable again.

My OS: Windows Vista Business 32bit SP1; UAC enabled
CIS x32 3.9.95478.509: both antivirus and firewall installed; cleanPC mode; Proactive Security configuration; stateful file inspection.

It seems that this issue appears only on Vista systems.

Here are some of my observations.

  • only Vista computers are affected by this issue;
  • each update of CIS virus database causes this problem;
  • only files that were not read earlier in this session (since computer start-up) become corrupted;
  • restart of computer make all files readable again;
  • adding the efs encrypted folder to antivirus exclusions prevents this problem;
  • removing the folder from the exclusion list brings the problem back.