How To: Use Process Monitor to troubleshoot AV update issues

Sometimes when running in to complicated issues and CIS is failing to update your AV database you need a view under the hood, that’s where Process Monitor comes in.

This How-To will help you guide you trough the steps of making a capture,
It will not explain what’s going wrong cause that’s far more complicated then making the capture.
But once we have this capture it can be analyzed by someone who has more experience with Process Monitor to help figure out what went wrong.

We start with downloading the correct version of Process Monitor from this page here

Extract the zip file to some location on disk and extract them to a folder.
Next start procmon.exe as administrator, and read/accept the EULA.

If it starts capturing directly press CTRL+E to stop it or click File → Capture Events to stop capturing.
Also press CTRL-X or Edit → Clear Display to clear the current display.

Next open up the capture filter by pressing CTRL+L or click Filter → Filter…
Select ‘Path’ ‘Contains’ ‘Comodo Internet Security\Quarantine’ ‘Include’ and press ‘Add’ → ‘Ok’

Now start the capture by pressing CTRL+E or going to File → Capture Events.
Switch to Comodo Internet Security and check for AV updates, if all is well this will cause output on the Process Monitor Window.
Once CIS fails to update switch back to Process Monitor and press CTRL+E again.

Now save the capture by pressing CTRL+S or File → Save.
Select the options from the image below and save it somewhere you can remember (Please replace with your favorite folder).

Once that’s done it’s advisable to compress it as a zip file and after that contact the one who will be analyzing the file by PM (Personal Message) don’t post the capture on the board as it could be exposing to much details about your system to others.

If you have any questions regarding this How-To please feel free to send me a PM

[b]End of How-To[/b]

[attachment deleted by admin]