Kishor, ever since the CAVS update this morning, I have the following problem on two computers:
From the systray icon, everything is file. However, the GUI shows the HIPS and On-Access to be Off, and I cannot turn them On. When I try to turn them On, I get a STOAC017 error - screenshot attached. Then the application closes. In fact, it closes whenever I exit the GUI; although cavse.exe is still running, as is cavaud.exe, cmain.exe is not. PE screenshot attached.
Also of note, the Settings section shows each one of those to be enabled (as does the context menu).
I generated a troubleshoot log, and attached it as well.
Both on Admins. It seemed odd to me that it was on two completely separate machines. While they’re similar in applications, they’re very different in hardware configuration. I could see it as a blip if it were just one; but both? Something must’ve conflicted.
Hmm, can’t seem to get updates to work (manual, online, that is…) I’ve probably gone and deactivated some critical security flaw required to allow MS complete access. I’ll deal with that another time.
Kishor, also during all this, the two cavse.exe processes are frequently going wild, using well over 90% of resources, and causing the system to lock. I’ve only managed to catch a quick look a couple times, as I can’t get TaskMan or PE to open when it goes bonko.
Hi LM,
In last CAV updates only CAVSubmit compnent and help file is updated. So the last updates should not cause any GUI related issues.
This error STOAC017 may come if you install SpywareGuard product. Did you install SpywareGuard software?
Thanks Kishor,
Yes I did (to check it out) but it was the day prior. Reboots have occurred since then. This situation did not occur until after the update to 2.0.12.47. Could be coincidence on that aspect of it, though.
I will uninstall SpywareGuard and see if that resolves it.
More details on the situation, too - from context menu I can disable on-access scanner, and the icon will show the red x as normal. Once the GUI closes (thus causing me to restart it from desktop shortcut), the red x is gone, and context menu shows on-access scanner as enabled. Normally, if user disables on-access, it stays that way, even thru a reboot.
Also, after boot/login, CMain is running. As soon as the GUI is opened, the systray icon disappears, CAVApp shows up as running, and CMain disappears/closes out. Once the GUI is closed, CAVApp also closes/disappears.
If this is caused by SpywareGuard, IMO that’s a pretty serious compatibility bug.
You may be glad to know that appears to be the source of the problem. I uninstalled SpywareGuard, and CAVS is back to normal. Hope you can get that resolved for posterity.
LM
PS: While SG was still installed, even tho’ CAVS GUI said HIPS was disabled, I still got a HIPS popup. So apparently it was working. So was On-Access still working as well?
My e-mail was tickled today by Kishork’s posting in the HAL.DLL thread that the issue had been resolved… so I immediately uninstalled AVG and gave it an install.
Zero issues getting this version going. :BNC Very good job Comodo (:CLP)
Then I went to continue loading my latest obsession… Lord Of The rings Online: Shadows of Angmar. (:AGL)
Well… didn’t CAVS grab a library of it and call it infected. (:AGY)
Scan Date = Fri,20 Apr 2007 11:16:00 PM
Object name = c:\games\online\the lord of the rings\zlib1t.dll
Virus name = Backdoor.Win32.Prosti.s
Action taken = Quarantine succeeds
So I’ve submitted it, researched the trojan, found that I didn’t have the shell replacement that accompanies its true infection, pulled my games file out of the quarantine, and created rules to leave it alone.
So unless someone tells me it’s not a false positive… I’ll continue my game-fest :THNK :■■■■
Beware CAVS2’s quarantine and the exclude settings. The excludes don’t seem to stick, so it may keep stuffing the library in quarantine. This repeatedly happens with several components from LogMeIn (lmiinit.dll and ramaint.exe) and RealVNC.
Thanks for the heads up Ewen. I did try rescan the file manually after doing this, and CAVS did ignore it (that time)… but if it can lose track of its exceptions lists like you said… that could be a short lived confidence (:LGH)
But at least it is straight forward to recover if/when it happens. (:CLP)
