I can reproduce this issue on Windows 7. Before installing a new beta I tried build 3.8.???.477 with virus database v1111 and there was no problem. After updating to this beta and to virus database v1111 there is the same hang/stall issue like on Windows XP. Windows 7 gave some additinal informantion thouth, see the screenshot. Also I was able to create a dump file on Windows 7 via task manager option, but its size is about 123 MB and probably contains lots of private information. So if it’s really needed I could upload it somewhere and send a link via PM to Comodo’s Staff.
You can’t just compare times. Defragmentation time had so many factors (amount of files, size of files, speed of harddisk etc. etc.). Fact is that CAV seems to scan all files accessed by the Windows defrag API, which should be corrected.
More information about the Windows defrag API:
I think excluding the calls from scanning will solve the problem quite easily.
No traffic showing in Traffic window, Active connections, or tray icon.
Firewall seems to be working otherwise.
Also CIS 3.8 works fine on this same setup, so the difference is the problem?
XP Pro SP2 x64
Just a few MoBo utilities.
Just tried several clean installs and going back to 3.8 still works.
BOTester runs a process called BO32.exe to initiate testing. IF it cant run it, it will report the error. What you need to do is to go to Computer Security Policy and delete the entry that has BOTester.exe.
Yes, We have disabled it in Vista64 on 64 bit processes becauxe of thre significant number of false alerts. It will be reintroduced once the problem is solved.
Your post is very good and explains technically what is going on in realtime scanners world. Exclusion concept might not be suitable for CIS but it is not a false statement.
We are still working on this issue.
@egemen
Glad to hear the problem/issue is under investigation. I don’t like to make false (technical) statements, so that’s why I asked for your reply. Thanks a lot :-TU
1. Operating System (32 or 64 bit) and Service Pack revision: WinXP-PRO-SP3-BR 32bits
2. Other Security and Utility Software Installed:
a) running: Peerguardian 2.0 RC1 test2-2
b) NOT running: SAS, MBAM (not running all modules)
3. Step by step description to reproduce the issue:
a) Open D+ -->My Protected Files–>Groups–>Add and Add/create a New group with a few entries and/or do some changes in those groups.
b) Click Apply–>Apply to save the work
c) Open Regedit and go to: [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations] and locate your active configuration by choosing the numbers 0 or 1 or 2…
d) Open the Key named “File Groups” and you will see another sub-key (new) named “File Groups” inside of the first one, with duplicate rules + new rules.
e) That means: when you modify something in D+ File Groups the modification is saved in a wrong path: [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\File Groups\File Groups] and are not used.
f) Exporting your modified configuration and then importing “as” another name doesn’t work. The wrong path still exists.
4. How to resolve the problem:
a) Open Regedit, go to [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\File Groups\File Groups] (be sure you choose the correct config/path “in use”)and export that key. Close Regedit.
b) Open the exported/saved .reg file with Notepad, change all “\File Groups\File Groups” to “\File Groups” and save it. Close Notepad.
c) double-click on the .reg file that you modifyed and accept the modifications. (maybe you have to accept all changes in the D+ pop-ups too)
d) Open Regedit, go to that key used for the active configuration (the 1st “File Groups”) and verify your modifications. Then DELETE the second “File Groups” key, this is, delete the [HKLM…\File Groups[u]File Groups[/u]]. Close Regedit.
e) Export your new good configuration !!!
9. Any other information that might be useful: CIS on Proactive based configuration, AV on Stateful, D+ on Paranoid, BO on, and I have only one configuration to choose as “active” (exported and deleted all the others to not increase the size of my registry…)
Still no go. I still get the error with IECS (Image Execution Control Setting) enabled (Normal). It seems IECS interprets anything loading in memory from an application, So it’s some how interfering with BO Protection. I also tried deleting from Computer Security Policy, even and uninstall won’t help.
I attached the Defense+ Alert here below. BO Works when IECS is enabled. Also to help here are my CIS Settings:
Thank you for the confirmation. Works fine now. When Image Execution is Enabled it’s like another layered of protection, And if a malware is a BO and A user allows Image Execution Alert, you will get a BO Alert.
