COMODO Vulnerability Analyzer - BETA - Version 1.1.5.52 Bug Reports

rhgtyink · May 21, 2009, 6:54pm

Please post all bug reports here. Be sure to include:

-Your Operating System (And Whether if it’s 32bit/64bit)
-Security Software Installed
-How you produced the problem
-How you TRIED to resolve the problem
-Post Memory Dumps on crash if you encounter any.
-Any other Additional Information
-BSODS
-Bugs
-False Positives

Ronny

rhgtyink · May 21, 2009, 6:59pm

OS = Windows Vista SP1, Enterprise, x32.
Security Software = Windows Defender(inactive), CIS 3.9.x.509, ClamWin Free, Mbam, Secunia PSI.
Replicate = Put a folder on the exclude list.
Resolve = Remove exclusion.

Error recorded to the event log:
Faulting application cva.exe, version 1.1.5.51, time stamp 0x4a13f077, faulting module cvaeng.dll, version 1.1.5.51, time stamp 0x4a13f074, exception code 0xc000000d, fault offset 0x000404eb, process id 0x458, application start time 0x01c9da43ac7fbfe9.

jebuchanan · May 22, 2009, 3:24am

OS: Windows Vista Ultimate x64 SP1
Security Software: Windows defender, CIS 3.9.xxx.509

Added a user defined scan of the C: drive only. Scanned using this drive.

The listed applications to update does not include associated update links as did the previous version.
Some of the listed applications are incorrectly listed as requiring updates. i.e. MS SysInternals Process Explorer (I have installed the latest from the website, it shows the previous version instead),

Edit:

Ran the scan the once. Then I added two folders as exclusions to the drive scan.
Each time the scan was run, CVA stopped running (crashed). Unchecking the exclusions made no difference. Removing the exclusions allowed the scan to complete.

I did note however, the scans were much faster than the previous beta.

hiddenstar · May 22, 2009, 3:55am

Hi,
Did you update from the previous version i.e 1.1.4.30. Does the About box says Database version as 1.215 or 1.220. coz I got the update information link for the updates available list of app. with database version 1.215.

Regards,
Vicky.

[attachment deleted by admin]

jebuchanan · May 22, 2009, 4:06am

The database version is 1.215, and I did a clean install (run as Admin).
No, I did not do an online update. I uninstalled the previous version first.

hiddenstar · May 22, 2009, 4:29am

I guess, a snapshot of the CVA scan result would help the developers to analyze this… or mention the product(with version information) that is getting missed to show the update information.

Thanks,
Vicky.

jebuchanan · May 22, 2009, 5:06am

Cancel the links issue, as I pulled down the window much further and located them.

hiddenstar · May 22, 2009, 5:10am

Try enlarging the screen…

Regards,
Vicky

P.S:

hiddenstar · May 22, 2009, 6:12am

Hi,
May be the CVA dump under it’s installation folder could help the developers to analyze this issue…

Regards,
V

rhgtyink · May 22, 2009, 7:23am

Hello Vicky,

Can’t find a dump file anywhere, where should that be and what’s the name ?

Kind Regards,
Ronny

hiddenstar · May 22, 2009, 9:12am

Hi,
We can find it under the CVA installation folder(By default it’s “C:\Program Files\Comodo\Vulnerability Analyzer”) and the name of the file would be MiniDump.dmp…

Regards,
V.

rhgtyink · May 22, 2009, 9:35am

Nope it’s not there… Also not in my \virtualstore…

Ran it again, doesn’t matter if the excluded folder is related to a result just any random exclusion makes it crash.

Problem signature:
Problem Event Name: BEX
Application Name: cva.exe
Application Version: 1.1.5.51
Application Timestamp: 4a13f077
Fault Module Name: cvaeng.dll
Fault Module Version: 1.1.5.51
Fault Module Timestamp: 4a13f074
Exception Offset: 000404eb
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.0.6001.2.1.0.256.4
Locale ID: 1033
Additional Information 1: 1325
Additional Information 2: f49d0d01d024451d05b2b4af74b0ba2d
Additional Information 3: f444
Additional Information 4: 074c5c4652bd9d152e94f44c962f2c11

I can reproduce it and work around it:
If i exclude a normal folder CVA crashes everytime on the same point namely here:
A piece of procmon information.

QueryDirectory
SUCCESS
C:\Data\Source(3) CrashedMarshall\ProgramData\Microsoft\Windows\WER\ReportArchive

If i exclude a normal folder AND C:\Data\Source(3) CrashedMarshall then CVA Does not crash.

I have copied the complete folder to an other system and on that one it does not crash which leads me to believe that it’s permission related (copied over USB stick loses NFTS permissions).

I’ll see if i can copy with behold of permissons and see if it crashes then also.

rhgtyink · May 22, 2009, 5:08pm

Bug reporting for version 1.1.5.52 continues from here

user4 · May 23, 2009, 7:51am

It doesn’t detect an old, PORTABLE version of the Opera browser.

rhgtyink · May 23, 2009, 7:04pm

I also lost detection of an old version of Hypersnap, reverting back to the previous version .51 does not bring this detection back either, did something change in the database that could cause this ?

Vista, SP1, Enterprise, x32.

engrahul · May 25, 2009, 11:17am

Hi Ronny,

Can you let me know the version of Hypersnap you are using?

Thanks Rahul

rhgtyink · May 25, 2009, 2:30pm

Hello Rahul,

I’m using HS 6.13.02, that was detected in previous versions as Update Available.
Also on 1.1.5.51 but after the release of 1.1.5.52 it was gone, going back to .51 did not solve this either so i guess there has been some changing on DB level.

Regards,
Ronny