i have performed a search in this sub-forum & in the bug reports for my problem before posting.
so i think i might have come across a possible bug. i cant remember when it actually started, maybe september or october last year, where the hips rules stopped appearing & only by logging off or a reboot would make them return. but they would eventually disappear again. for unrelated reasons i performed a complete reinstall last december, still to no avail as the problem is still there. i have attached a pic of the problem.
win 7 ultimate x64 with enhanced protection
cis -AV since the clean install i updated to what seems to be the latest version. sorry i cant actually find the ver info, where did it go? lol ???
avast 2014.9.0.2011
mbam free so there’s no protection module running
on a side note with another small but really annoying issue with media player classic. it seems defense+ doesnt like it or it could be vice versa , as various & multiple times during a video as short as 20mins. the video will freeze and a d+ alert will pop up asking me if i want to allow mpc access to explorer. i take it its not white-listed?
obviously information that i may have forgotten will be added in a reply.
Interesting problem. When you say clean install did you import a previously saved configuration?
Can you check the logs of Avast to see if they report interaction with CIS?
on a side note with another small but really annoying issue with media player classic. it seems defense+ doesnt like it or it could be vice versa , as various & multiple times during a video as short as 20mins. the video will freeze and a d+ alert will pop up asking me if i want to allow mpc access to explorer. i take it its not white-listed?
obviously information that i may have forgotten will be added in a reply.
cheers.
Try adding MPC to the Trusted Files. If it is already on there CIS will tell you. Is the D+ alert about getting memory access to explorer?
thanks for the reply. i forgot to add in my initial post that its an x64 os, with enhanced protection running too. also it may or may not be important, but i do also have installed xp x64 & 8.1 x64.
no i did not use an earlier config. as i have not had to access avast logs ever, where would i happen to find them?
another interesting thing happened also. sunday i had rebooted to get into another os, rebooted again back into 7 and the hips rules were back, only to disappear again a few hours later. they had returned again at some point over last 2 days, then, a few hours ago i had run ccleaner and rebooted like i had done on sunday night. went to look in in the rules because i wanted to change something, and they had disappeared again. tried rebooting and they have yet to show up. ccleaner could possibly be the culprit.
Try adding MPC to the Trusted Files. If it is already on there CIS will tell you. Is the D+ alert about getting memory access to explorer?
as it turns out, im pretty sure that when the rules cant be accessed, d+ wont remember any new rules even if i ask it to. also, i run explorer in a separate process. so usually alerts are asking for access to explorer. i might have to go and ask on the k-lite forum about why mpc would want to access cryptography as well. when i did block it stalled for about 5 minutes then the video resumed.
To be honest I have no clue if and where Avast logs would be. I assumed they might be there and might be of help.
another interesting thing happened also. sunday i had rebooted to get into another os, rebooted again back into 7 and the hips rules were back, only to disappear again a few hours later. they had returned again at some point over last 2 days, then, a few hours ago i had run ccleaner and rebooted like i had done on sunday night. went to look in in the rules because i wanted to change something, and they had disappeared again. tried rebooting and they have yet to show up. ccleaner could possibly be the culprit.
Could you see if this reproduces?
as it turns out, im pretty sure that when the rules cant be accessed, d+ wont remember any new rules even if i ask it to. also, i run explorer in a separate process. so usually alerts are asking for access to explorer.
i might have to go and ask on the k-lite forum about why mpc would want to access cryptography as well. when i did block it stalled for about 5 minutes then the video resumed.
lol the only folder i didnt check, not sure why, but its program data>avast. so i checked through any logs i thought were relevant, i didnt see anything related to any cis processes.
Could you see if this reproduces?
as i leave my pc running 24/7, i had checked before i went to sleep whether or not the rules were back, which they weren't. so somewhere in the time that i was sleeping they had returned. i went in to change a rule, closed, remembering that i needed to change the rule for mpc, i went in & they had disappeared again. with ccleaner i have just performed a clean to get rid of dumps etc. went in to see is they were gone, which they were. a few minutes after i checked again, and they were back. im not sure there is anything definite as to what the cause is, unless you say something different, i will continue testing this for a few days at least and note what i do before hand to see if a pattern emerges or not.
May be it was not designed to be handling a HIPS.
possibly. i managed to change the rule to "allowed", so i'll wait to see if anything happens or not before i head over to k-lite forum and ask there.
Can you test if CCleaner plays a role? I want to exclude it as a possible culprit (it’s unlikely is would be playing a role). Can you run the cleaner and check immediately after if D+ rules are still intact or not?
Can you check the Windows logs in Event Viewer and see if there are crashes reported from CIS components? The logs can be found under Control Panel → Administrative Tools → Event Viewer → Windows logs → System. The reason for asking is that sometimes when a CIS component crashes it damages the rules stored in the registry.
in the days since my last reply, i have doing some testing. rebooting for windows updates and switching os, i have not seen the rules yet. i also have been checking at least 5 times a day. it seems ccleaner was a total coincidence, but cant be a 100% sure as mentioned i havent had any rules.
ok so i had a look through the logs, i couldn’t see anything related in system. this was the only application event, some hours after the reinstall though back on the 5th december. as cmdagent is running, it is most likely unrelated.
The description for Event ID 0 from source cmdAgent cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
i did have a bsod friday or saturday while windows was updating. upon restarting i checked with the who crashed program and it was due to comodo driver faulting.