Kishor, ever since the CAVS update this morning, I have the following problem on two computers:
From the systray icon, everything is file. However, the GUI shows the HIPS and On-Access to be Off, and I cannot turn them On. When I try to turn them On, I get a STOAC017 error - screenshot attached. Then the application closes. In fact, it closes whenever I exit the GUI; although cavse.exe is still running, as is cavaud.exe, cmain.exe is not. PE screenshot attached.
Also of note, the Settings section shows each one of those to be enabled (as does the context menu).
I generated a troubleshoot log, and attached it as well.
I’ve also attached version info.
PS: It’s on 220.127.116.11, actually
[attachment deleted by admin]
Everything running fine here.
No problems. Even the previous problem I had with sending big attachments with emails is gone :BNC
Is it after a reboot? (i haven’t done so and seems ok here)
Yes, I’ve rebooted on both machines, although that wasn’t required by CAVS.
I’ve rebooted the machine but i don’t have these problems. Are they administrators or power users, users?
Both on Admins. It seemed odd to me that it was on two completely separate machines. While they’re similar in applications, they’re very different in hardware configuration. I could see it as a blip if it were just one; but both? Something must’ve conflicted.
Sounds interessting. Anything with Microsoft patches maybe?
We’ll see. I’m checking for updates now.
Hmm, can’t seem to get updates to work (manual, online, that is…) I’ve probably gone and deactivated some critical security flaw required to allow MS complete access. I’ll deal with that another time.
Kishor, also during all this, the two cavse.exe processes are frequently going wild, using well over 90% of resources, and causing the system to lock. I’ve only managed to catch a quick look a couple times, as I can’t get TaskMan or PE to open when it goes bonko.
I had a similar problem with windows update last night, but it was the svchost executables eating up 100% of the cpu resources.
At the end of the day, here is what I did to get updates working again.
In last CAV updates only CAVSubmit compnent and help file is updated. So the last updates should not cause any GUI related issues.
This error STOAC017 may come if you install SpywareGuard product. Did you install SpywareGuard software?
Yes I did (to check it out) but it was the day prior. Reboots have occurred since then. This situation did not occur until after the update to 18.104.22.168. Could be coincidence on that aspect of it, though.
I will uninstall SpywareGuard and see if that resolves it.
More details on the situation, too - from context menu I can disable on-access scanner, and the icon will show the red x as normal. Once the GUI closes (thus causing me to restart it from desktop shortcut), the red x is gone, and context menu shows on-access scanner as enabled. Normally, if user disables on-access, it stays that way, even thru a reboot.
Also, after boot/login, CMain is running. As soon as the GUI is opened, the systray icon disappears, CAVApp shows up as running, and CMain disappears/closes out. Once the GUI is closed, CAVApp also closes/disappears.
If this is caused by SpywareGuard, IMO that’s a pretty serious compatibility bug.
You may be glad to know that appears to be the source of the problem. I uninstalled SpywareGuard, and CAVS is back to normal. Hope you can get that resolved for posterity.
PS: While SG was still installed, even tho’ CAVS GUI said HIPS was disabled, I still got a HIPS popup. So apparently it was working. So was On-Access still working as well?
These might be FAQs but I wonder for a long time.
Why quarantine works without asking?
If there was a false positive and it was necessary for system It may damage system.
Why on-demand exclude list and on-access exclude list are separated?
so I have to register same files twice.
and I found trivial mistake.
When you right-click task tray icon “Exit Comodo Antivirus” is embolden.
“Show Comodo Antivirus” should be embolden.
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
I have this entry in my HijackThis Log and cannot find anything about it. Some are suggesting it is Vundo but I have a feeling it is to do with CAVS.
Can anyone confirm that for me please?
Yep! monln.dll is the “Comodo Anti-Viruspyware Logon State Tracking Library”.
Thanks Ewen, that is a relief, it had me worried. :■■■■
My e-mail was tickled today by Kishork’s posting in the HAL.DLL thread that the issue had been resolved… so I immediately uninstalled AVG and gave it an install.
Zero issues getting this version going. :BNC Very good job Comodo (:CLP)
Then I went to continue loading my latest obsession… Lord Of The rings Online: Shadows of Angmar. (:AGL)
Well… didn’t CAVS grab a library of it and call it infected. (:AGY)
Scan Date = Fri,20 Apr 2007 11:16:00 PM
Object name = c:\games\online\the lord of the rings\zlib1t.dll
Virus name = Backdoor.Win32.Prosti.s
Action taken = Quarantine succeeds
So I’ve submitted it, researched the trojan, found that I didn’t have the shell replacement that accompanies its true infection, pulled my games file out of the quarantine, and created rules to leave it alone.
So unless someone tells me it’s not a false positive… I’ll continue my game-fest :THNK :■■■■
Beware CAVS2’s quarantine and the exclude settings. The excludes don’t seem to stick, so it may keep stuffing the library in quarantine. This repeatedly happens with several components from LogMeIn (lmiinit.dll and ramaint.exe) and RealVNC.
If LOTR won’t start, check your quarantine.
Thanks for the heads up Ewen. I did try rescan the file manually after doing this, and CAVS did ignore it (that time)… but if it can lose track of its exceptions lists like you said… that could be a short lived confidence (:LGH)
But at least it is straight forward to recover if/when it happens. (:CLP)