COMODO Vulnerability Analyzer Version (BETA) Released

Hi Everyone,
We have made program updates for existing CVA versions live.

Following are setup details:

32-Bit setup

Size: 3.32 MB (3,482,384 bytes)
MD5: 2a26b74c89b43f677e217d3436d81018
SHA1: cabfd758955aa2bd6ed3760e6f9390deb8cdc292

64-Bit setup

Size: 6.55 MB (6,876,432 bytes)
MD5: ff79d0385b4bae875adb67198d40b368
SHA1: 51ceb73d67902e45fbe447f12d8b968576c7934f

Following is a list of changes:


  1. It allows you to scan for Windows updates. There is a check box named “Scan for Windows updates” provided under “Miscellaneous–>Settings->General” tab. It is selected by default. If you do not wish to scan for Windows updates, you can de-select it.

  2. In case you do not want to use IE’s Internet connection settings and have a different proxy server to use, you have options to define proxy settings using “Miscellaneous–>Settings->Update” tab. Interface to the same is provided through Updater’s GUI as well.

  3. In earlier versions, we used to show vulnerable applications but in case updates are also available for vulnerable applications we didn’t show that. So an application shown in CVA was falling under “Update Available” category or “Vulnerable” category, now if an application is vulnerable and at the same time if an update is also available for that application, we highlight the corresponding version for it and lower details section also informs user that an update for that product is also available. This is done so that user doesn’t have to bother about vulnerabilities and best for him is to use latest version of the software.

  4. From this version onwards you will see database version in ‘About’ dialog. From now onwards we will update database on daily basis.


  1. When you close application from top-right title bar close icon, it used to sit in system tray and you had to right click on tray and exit. Now when you close application, it simply closes and in case scanning is being done, it asks if you really want to close the application.

And what future releases are going to be :slight_smile:
We will be adding an interface for you to be able to inform us as what all other products we should cover and inventory tool + CVA for enterprise! how that sounds? good :slight_smile:

You should be seeing that also coming up here soon, i will announce release dates later.

While we keep building it up in terms of features, we are increasing it’s vulnerability detection count on daily basis.
So please give us your valuable feedback as you always do.


wonderful, work very good for me :slight_smile: thank you. (B)

Win XP SP2.

Works great. Only one small problem (which most likely is related to me disabling Windows Updates and BITS):

Would be better if it told you what the problem was (like ‘the Windows Automatic Update-serivce is not running, please enable it’ or something).


mmm I’m disabling Windows Update too and I don’t have this Error msg.

I get the same error as Rag’s. I think we cleansed the file and registry systems on Automatic Windows Updates too thoroughly (:LGH). This is our own problem for us clean freak tweakers.

-WMP and PPV are still not there. Not that it really matters to me, but just pointing out some program updates are missing.
-It could be me, but this version scans even quicker than the previous (less than 3 seconds ^_^).
-Little red dot at the top left corner is still there :-X. During the installation, I believe it’s the 2nd page, there are some words truncated with 120 DPI (see 1st pic)
-In the My Search Paths (and also My Exclude Paths), if I add two or more entries without clicking on any entry yet, none of them are highlighted. More of a useability issue than anything else (not major anyway) because I click Remove, I wouldn’t know ahead of time which path it will be removed. (see 2nd pic)
-In the About screen, there are no standard OK / Cancel buttons. The user has to click the X to close it
-In one screen (IIRC it’s the checking for CVA updates) the Escape button doesn’t cancel out the screen like it does for the others

[attachment deleted by admin]

Regarding display of error while checking for Windows updates, we do have some explicit error messages for user, but there are many error codes related to Windows updates.

When we show error code, it can be checked out on Microsoft site, e.g. error code ‘-2147024770’ seen by Ragwing can be seen by visiting following link:


Hi Soyabeaner,
We have yet not covered WMP and PPV.
We are just making a comprehensive study on all Windows products as which all are covered by Windows updates and which are not.
We would like to cover only once which are not covered by Windows updates as user is expected to install all available Windows updates applicable to his system. As we have Windows updates checking feature, so it should be handy.

I will get back to you here after we made a decision about it.

One thing i missed out to mention in the post as a part of policy we decided to not to include ALPHAs/BETAs/RCs, but we have included Google’s products in our list as they are very widely used and most of them have been running in BETA for last few years.

So just in case if some one sees google’s products in detection, please don’t get surprised.


Ok I understand now. Thanks. :slight_smile:

Maybe there should be alerts for p2p applications (it’s connected to security, no?)

Thanks for the update. :-TU
Will give it a go.

Hi Liron Jan,

What I get from this “Are we covering P2P applications and their vulnerabilities”? The answer is Yes.
Currently we are covering Vuze (formerly Azureus), BitComet, eMule, Shareaza, LimeWire, BearShare, uTorrent, Cabos…to name a few.

If you want any other application to be covered in CVA, please let us know.


That’s strange… because I don’t have the latest version of eMule. VA did not mention anything.

Hallo Liron Jan,
please post more details about it.

What version are you using?
Is it an emule mod?
Is there any advisory available for that version?

I am using 0.48 version of emule. (the latest is 0.49a)
I don’t understand the second question.
If you talk about AV advisory, so no, VA did not alert for new version of eMule. If you talk about available new version message from eMule application, so yes.

eMule mods

As a popular open source program, eMule has many variants, usually called mods. Some mods started as forks from official eMule versions, and then continued to develop independently rather than modifying newer official versions. An example of this type of mod is eMule Plus. Since eMule Plus forked off before the release of v0.30, the first official version to include Kad, eMule Plus does not support this feature. Other mods follow official eMule releases and make their own releases based on each new release of the official version. Since mods are required to be shared publicly by the GNU General Public License, useful features created by mod developers can be incorporated into an official version.

Looking at Secunia Vulnerability Report: eMule 0.x it looks like there is no known unfixed vulnerability for 0.48 version of emule.

So… VA will not alert about new version of emule because of that?

I guess that will only cover the Vulnerability part.

In regards to monitored software detection and update notices related to emule I’m not able to provide an answer but it could be useful to know if you are using an official emule release or a fork (modded variant).

Well… I think I downloaded the official. I downloaded it from eMule-Project.

Thanks, Liron Jan.

I’m having Crashes on cvaupdat.exe after i press the start buttom

exception: c0000005 (access violation)
addresses: 76EEA817(rasconnectionnotificationw) or 76EE3CE9(rasenumentriesw)

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Avira Antivir, Comodo Safesurf, Riva Tuner, Unlocker assistant, Speedfan, Daemon tools, Comodo Firewall Pro 3.0.25, Logitech Setpoint 4.60.122

[attachment deleted by admin]

Okay, thanks.

CAUSE This problem may occur if Internet Explorer has some damaged files, or if the Inseng.dll dynamic link library (DLL) file is not registered.

Guess it in this case should be ‘if Internet Explorer is missing some files’… I hate Internet Explorer anyways, so it doesn’t matter. Would be cool with Comodo Safety Browser or something…
Disabling ‘Scan for Windows updates’ in Settings will fix this.

And now some suggestions…

Maybe include an option to scan for available BETA-versions (not checked by default), and when checking it, pop-up a box that says ‘WARNING! BETA-versions might be unstable, and is not recommended to be run on your every-day PC’ or something…
BETA-releases might be unstable and full of bugs, but still be safer than the former verison.

And err… CVA only scans for vulnerable programs, and if there’s any updates for them, right? So if there’s no known vulnerability, it won’t show that there’s an update available, if there is?
Although it’s not a part of CVA’s job (seeing as it’s named Comodo Vulnerability Analyzer), it wouldn’t be too bad if it also alerted about updates for non-vulnerable programs too… Not necessary tho, but it’s always a small bonus.