Op Sys: XP Home Edition (SP3)
Comodo: V 3.0.20.320
AV: Bit Defender 2008
Have been running the above for many months - apart from SP3 which was installed about 3 weeks ago without any problem.
Defense+ is in Training Mode. Painful experience has taught me that it does not work reliably.
Today started getting Defense+ events continuously logged and the machine got bogged down as a result.This was despite being in Training Mode. Therefore have had to disable Defense+
All the events relate to Bit Defender 2008. This only has the AV installed and running (ie the BD firewall iproduct s not installed). Messages are:
Target:
c:\program files\common files\bit defender\bit defender threat scanner\av32bit_5721\and then various files libfn.dll, avxs.dll and avdisk.dll.
Scans for viruses (using BD) and rootkits (using Sophos Roootkit) reveal nothing untoward.
Any ideas as to why this is happening?
And please don’t suggest upgrading COMODO. Many previous painful experiences remving old versions and then installing new versions and then repairing the whole system has made me an old man and taught me my lesson about doing that without a very very good reason. If I have to reinstall again I will certainly go to a different product than Comodo.
Comodo gets along with any av. I have tried them all. You cannot leave D+ in training mode for ever nor should it be in training mode for 3 weeks. Can you please post your logs. You need to add Bit Defender to D+ as trusted. It is not a painful experience I assure you. What ever is being block by Comodo that belongs to Bit Defender needs tio be trusted,.And yes upgrading to the latest Comodo is always a good idea.
I have had to permanently disable Defense+ (ie put it in an INACTIVE state) in order to stop any more events being added to the Defense+ log.
I left Defense+ in Training mode deliberately as this was the only setting where it would work without causing problems. I have used various older versions of Comodo in the past, and from memory I think there have been issues of one sort or another with every singly version I have used. The system has been running this way quite happily in Training mode for a long time now.
I accept that it is a good idea to upgrade software, but I find the uninstall/install process to be unreliable. The last time I tried this I had to spend virtually all day unscrambling the mess. I promised my self then no more upgrades (unless vital) until Comodo produces a proper robust automatic uninstall/install process (like other developers seem to manage). As you know this subject is a common whinge on these forums.
Bit Defender was a set up as a trusted application in the policies so I don’t think this is the problem.
What logs do you want? Where can I find it and what is it called. I will then send you a copy.
The above is a bit negative, but I’m getting frustrated.
If D+ is disabled then you will have no logs. You need to open up Comodo and go to the D+ tab and click on D+ events. Post your logs here. YOU CANNOT LEAVE D+ in training mode all the time. That means any program will be aloud even if its a virus. You are highly sacrificing your security that way. There is nothing wrong with Comodo only a matter of understanding what is going on? When does this happen? Afer you run a scan? After you update Bit Defender?
Sorry I cannot read that. Please take s screen shot of your logs. Just like it is in the Comodo logs. I use FastStone Capture free edition. Its should look like this when you click more.
It seems to me as if you told Comodo to block Bit Defender. Open up Comodo and go to the D+ tab/Advanced/Computer Security Policy and find the explorer.exe entry. Right click on it and select edit. Then click on access rights. Then click on the modify tab next to “run an executable”. Go through the list of allowed things and block items. See if you see Bit Defender there.
I told Comdo to do nothing. As I said before I left Defence has been in Training mode for a long time without any problem. Is this really to do with explorer.exe? The screenshot I sent you was only from the time I disabled Defence up to the time I had to put it into INACTIVE mode. Before then there was nothing but many entries about Bit Defender - the same as the ones you see on the screenshot.
However I had a look at the policies. First the entry %windir/explorer.exe appears as an “installer or updater”. Bit odd that? There are entries for Bit Defender in the access rights (run executable section) but they are not for the executable that appears in the events log. You cannot see it on the screenshot, but the BD executable which is the target application is bdc.exe.
Unless you have any other ideas I think the best way out of this is to zeroise the Defence policies and oput it back into Training mode for a while. Otherwise this could take forever to diagnose.
Can I zap all the Defence policies and start again or are there some which I should not touch. I notice there are some to do with windows appearing at the top of the list which I think were there from day 1.
The reason explorer.exe says “installer/updater” is easy. You did that by answering “installer/updater” when you go a D+ alert about explorer.exe trying to let Bit Defender or some other program run. If I select “updater/installer” when I get an explorer.exe alert then mine will look like yours. When you get an explorer.exe error just click allow aslong as you know what the program is. You are clearly not applying the correct rules. Its ok. Right click on explorer.exe and edit it to custom policy. Then click apply. Go back in to D+/Adanced/Computer Security Policy and find all the Bit Defender entries and remove them. Then click apply. Put the firewall and D+ in safe mode and reboot. If you get a D+ alert about explorer.exe trying to run Bit Defender just click allow. Do not change it to updater/installer. I stress again training mode is not the answer. That is only a temporary mode.
Open up Comodo and go to the D+ tab/advanced/Computer Security Policy and click on add. Select browse and go the the folder in your screen shot and add that exe and make it trusted.