I have been having trouble setting rules that will allow AVG to update virus defs. automatically.
Each of the following components have been set to allow all activity, skip advanced security check, allow invisible connection, and skip parent. [avgamsvr.exe, avgcc.exe, avgemc.exe, avginet.exe]
Yet Comodo firewall still blocks with the following comment:
Suspicious Behaviour (avginet.exe)
Application: D:\Program Files\Grisoft\AVG Free\avginet.exe
Parent: D:\Program Files\Grisoft\AVG Free\avgamsvr.exe
Protocol: TCP OutDestination: 0.0.0.0:8080
Details: D:\Program Files\Grisoft\AVG Free\avgcc.exe has tried to use the Parent application D:\Program Files\Grisoft\AVG Free\avgamsvr.exe through OLE Automation
I have read this message a number of times and still can’t figure out what it means!
Comodo says that avginet.exe is suspicious but then it says that avgcc.exe is behaving badly by calling the Parent application avgamsvr.exe
Does this mean that avgamsvr.exe is someone elses parent so it can’t be called by avgcc.exe?
Or does it mean that avginet.exe has called avgcc.exe which has called avgamsvr.exe?
If I could understand what exactly is being blocked I could probably set the rules to allow what I want. Can someone translate Comodo logs for me cause I am not smart enough to do it!
If this is being blocked without CFP prompting you, then at some point you may have accidentally created a block on this action when CFP first prompted you. You’ll need to review all the Blocks in the Component Monitor & Application Monitor. The Component Monitor is for programs that do not interact with the user & the Application Monitor is for those programs that do interact with the user.
If you’re being prompted for this action, then it is OK to Allow this action (remembered). CFP is just warning you that Z program has used OLE to Y program & then asks if that is OK. If you know what it is talking about, then you allow it (remembered) & you’re not bothered by it again, unless something is updated. Which might be the case for AVG… it might always update a component when the update is done, this might cause CFP to continuously prompt for apparently the same thing, which it isn’t because of the update.
So I checked the component rules and nothing is being blocked there. Also, all AVG applications that I know of are set to allow all connections.
I don’t know if Comodo is prompting because I have AVG set to update between 4-5am so there is nobody there allow the action.
I don’t know if AVG is changing a component after every update but I thought that skipping the advanced security checks would cause Comodo to allow no matter what.
So far the work around is to manually start the AVG update. Comodo has no trouble allowing this action. Only the auto update process is blocked.
I will set AVG to update during the day for now. Maybe the Comodo prompt window will have more details?