Firewall loading virus signatures into memory and detected by avast

Sorry to cross-post, but I was trying to help into avast forums and I don’t know why it seems the Comodo firewall be loading virus signatures into memory.

Is there any firewall function that does so? Defense+?
Is it an avast false positive only?

Thanks.

And so?
Why cmdagent is loading signatures into memory?

Silence? Lack of support?

remember that cloud AV / behavior blocker is part of D+, that could be it. Also D+ had the new command line heuristics that can find malware in real time.

Thanks for starting the ball rolling, Tech.

Basically, since the 10th of October, avast! has started throwing up this alarm on my poor auld PC -
File name: Process 11xx [cmdagent.exe], memory block 0x00000000023C0000, block size 4xxxxx
Severity: High
Status: Threat: Win32:FakeVimes-B [Trj]

I updated CFP v4.1 to v5.0.1 after the first few times I got this alert - no joy.
I’ve uninstalled CFP and installed a fresh copy of v5.0.1, but I’m still receiving the alarm.

Firewall only, not the AV component. Installed as: Firewall with Maximum Proactive Defence.
I run a custom virus scan with avast! - all the boxes checked and scan sensitivity set to 11.

Anyone else recently started having issues with avast! v5.0.677 and the cmdagent.exe of Comodo firewall v4.1 or v5.0.1? Specifically on or after the 8th of October.

This is not the first time avast! has flagged cmdagent.exe on my PC. It usually sorts itself out after a few avast! virus and/or engine updates. Though it’s been six days and counting, this time, which is why I’m wondering if there might be another issue.

I couldn’t help but notice that the downloads for Comodo Firewall for Windows, Comodo Antivirus for Windows, and Comodo Internet Security for Windows, are all the exact same size, at 48 MB (50,179,528 bytes). Firewall Download | Best Firewall Security software for Windows

Does this mean that the three different downloads are the same thing, but with different elements switched off or turned on?
In which case, does that mean that Comodo Firewall for Windows contains switched-off virus scanning components which might be read by virus scanning software?


“In general, any security application can load some signatures (fragments of malicious code used to detect the real threats) into memory - they are located in data segments (instead of executable code).”
Ok, but why would a firewall need to do this?

Thanks.
If so, the signatures must be loaded encrypted in the memory.
Remember the poor service done by Panda regarding to this…

No, it’s an online installer that downloads the necessary/chosen parts of the suite.

It’s Defense+ cloud and behavior shield like posted by languy.
The issue now is that Comodo must encrypt the signatures loaded into memory.

This is a Comodo problem.
Please, solve it!


well well well, its 9-20-11

and my Avast free 6.0. (most up to date version) has detected cmdagent.exe as the
Win32: FakeVimes -B[trj] and i’m just using the fire wall only.

its year 2011 now ,

and yes i did a definitions update before scanning whole computer

Kissbaby, I still receive the process [cmdagent.exe], memory block, Win32:FakeVimes-B [Trj], ‘high severity’ threat notification whenever I complete any scan which includes a high-sensitivity memory check.
I’m satisfied that Win32:FakeVimes-B [Trj] is merely a fragment of the actual virus which Comodo loads into memory as part of a legitimate process. It’s irritating to see it flagged with every Avast! scan, but I can live with it.

Will adding cmdagent.exe to avast exclusions help?

Hmm, I’d never considered that. To be honest, it’s really not that big a deal (any more), and if there was any change in behaviour I’d rather not miss it.