I use the free version of Comodo Antivirus with the latest updates. Yesterday I have encountered a problem :(, as I tried to solve another problem >:( I experience for several weeks now.
The older problem was that I frequently use pendrives, and since 2 or 3 weeks ago I cannot safely remove any pendrives from my USB ports, because of HIPS. I have written an own program that is a very simple program for calculations. It does no harm, does not contact the Internet. It was captured by HIPS control and I made a mistake: I clicked on “Block it”, I thought it probably tried to access something I didn’t want to. Now it is in the HIPS block list, with a Path signature pointing onto the pendrive. Since that if I turn off HIPS protection, I can remove my pendrives, but if not, I cannot remove them as usual, clicking on “Safely remove…”. This was my first problem.
The second problem has occured when I tried to remove this program entry from the HIPS Application settings in Comodo Antivirus Settings, clicking on the Manage button. A new window appeared as it has to, it loaded a list of entries, but immediately after loading them, Windows XP SP2’s “Data execution protection” (I think it is called so in the English version, but I have the Hungarian one) has shown a message. It says that Comodo AV GUI tried to execute data, and the Data execution protection now shuts CAV GUI down. Since that time I am unable to access this page of Comodo AV Settings, Windows XP always shuts it down after loading the settings list. It is stopped even if I set Windows XP to use this protection only on protected system files, and even if I set Windows to exclude the recognized Comodo AV GUI program from this protection. This protection cannot be totally switched off.
I have looked after this “protection method” on the Internet and Windows Help and found that this protection is raised if a buffer overrun is done in a program, and aims protecting from worms and trojans that try to infect a system by flooding memory with unnecessary data, causing buffer overrun, and writing themselves to memory areas that are only accessable by a memory area overflow problem.
I’d be happy if an update would solve these issues. The antivirus program is a very good one, and I don’t want to change it. (:CLP)