I have Comodo FW installed and Kaspersky AV, the problem is that Comodo doesn’t like KAV.
The problem occurs if I select to scan all incoming mail in port 110. When I select this what KAV does is attach itself to “somewhere”, so when I open a pop3 connection I get a warning from Comodo saying that kavsvc.exe has been attached into the kernel and this can be a virus, trojan, spyware…
I have granted kavsvc.exe full access, disabled all the advanced settings, etc… but no luck. How can I archieve that Comodo FW ignore all the activity that goes thorugh kavsvc.exe?
I don’t know if this is what you mean by saying you granted kavsvc.exe “full access” but if not… edit the kavsvc.exe rule in the Application Monitor, go to the Miscellaneous tab, and select Skip Advanced Security Checks. Click OK, and reboot.
If you’ve already done that, and followed the KAV forum instruction, here’s my recommendation:
If you haven’t saved the installation packages for both apps, download new ones.
Uninstall CFP. Reboot. Run a registry cleaner (such as RegSeeker) to clean out any residue. Reboot.
Uninstall KAV. Reboot. Run a registry cleaner… Reboot.
Then reinstall one at a time. Be sure to turn off/deactivate/disable ANY active security applications - other AV, antispyware, HIPS, anti-rootkit, anti-keylogger, etc while installing each one. My recommendation is to install CFP first (choose “Automatic” rather than “Adanced”), reboot, then install KAV.
I know they said the reverse of that. However, if you install the AV first, there’s a good chance it will conflict with the installation of CFP (the reverse, however, is not true). If you choose to install KAV first, please turn off all active components; completely disable the application. I’d even suggest you take it out of the Startup through MSConfig and reboot; you can add it back in later.
It isn’t matter the order of the installation in this case. I will try to explain better the problem, but first both of them are working as spected. I mean, Comodo should detect the KAV behaviour and alert me.
Ok, whith KAV installed but whithout the network attacks module, nor any fw component. In the resident module I have an option to check mail, under this option I can check every mail thorugh port 110. How this is done? I don’t know where but KAV attached itself to somewhere, then when ANY application request to open a POP3 session on port 110 it is opened but the application which opens the connection really is KAV, and this is what Comodo FW says and alert me that kavsvc.exe service hash attached into kernel level and that it is risky. so, basically kavsvc.exe provides a transparent proxy for 110 port.
I understand that comodo alerts me, i have added a rule for kavsvc.exe whith full access to and from whith ‘Skip Advanced Security Check’ and ‘Invisible connections’ checked. But it keeps asking me for permission. I want to make clear that the alert is not for grant perm to go to the inet, it is alerting me for an application behaviour that is risky.
In advanced settings in the app monitor I have unchecked everything, and it stills alerts me.
Basically, Program A opens a connection, Program B intercepts it so Comodo alert me. I want to permit Program B to intercept it whithout asking me again.
Tnx for the response, pepe, and the clarification. Sorry we weren’t understanding you correctly.
If you would, when you get the next popup alert for this situation, please capture a screenshot and post it here (you can attach under Additional Options). Crop it to just the popup, and save it as a jpg, png, or gif. That way we’ll see exactly what it says; that will help.
Also, will you open your Application Monitor to full-screen size. Highlight your KAV email rule (so the details are shown at the bottom). Capture a screenshot of that as well, save it, and post it here.
Tnx,
LM
PS: What you’re experiencing sounds like standard behavior for an email scanner; they all act as proxies. You shouldn’t keep having alerts for the same thing, so something else may be going on; we’ll get it diagnosed and fixed, I’m sure.
Please open your kavsvc.exe rule (Application Monitor) to edit it. Go to the Miscellaneous tab, and check the box “Skip Advanced Security Checks.” OK. Reboot computer.
Thanks, but I have done it already and nothing changes.
Also:
I have disabled the advanced application behaviour monitor
I have put the max possible values in the intrusion detect system
And I have checked to ignore the localhost connections TCP and UDP
My apologies, pepe, I see where you already said that in an earlier post. However, it did cause me to notice something odd…
Look at the screenshot I attached. It shows your popup attached earlier, and one currently from my system. Both are from CFP’s Application Behavior Analysis. Yours should have a checkbox for “remember.”
And do I understand correctly? You have turned off the entire Application Behavior Analysis monitor under Security/Advanced? And yet you still get this popup alert?
The Intrusion settings aren’t going to affect this, but it’s odd that:
You don’t have a “remember” box on the popup
You continue to get the popups after disabling ABA
My apologies for not getting the SS attached. You understood without the picture, so that worked out, tho.
My suggestion at this point is to uninstall CFP, then run a registry cleaner afterwards to clear out any remains.
Then turn off/disable all active security programs (AV, antispy, HIPS, etc), and reinstall CFP. If you want to leave KAV in place, that’s fine; just be sure to deactivate it. I know we discussed that before, and you felt like the behavior was fine with CFP warning you about KAV. To me at this point, it seems that there’s a problem…
Not only because of the recurring alert, but the fact that there’s no remember box, and that it’s an ABA alert when you have ABA turned off every way possible. Given that changing languages has no effect on it either, we can rule out a programming issue with the language versions. What I think happened, due to conflicts I’ve seen in the past, is that KAV & CFP butted heads during whichever install came last (I’m guessing that was CFP), and now CFP is not functioning properly. If KAV has some sort of webshield, you may need to disable that on a more permanent basis.
The secuence of the installation was: KAV and then CPF, also CPF has updated itself via updates. I will try to reinstall but I don’t have any hope… KAV
The only function that I have activated in KAV is the antivirus, no spy no hips… I can live whith this, I have reconfigured the resident of KAV so instead of scanning 110 port it scans the outlook mailboxes.
If you want to make any test to try to identificate why ABA is showing an alert when it is disabled no problem.
I’m not sure what test would reveal that… I think that would be an issue for Comodo Support and Development Teams. You can certainly file a ticket with Support here: http://support.comodo.com/; they may have some additional tests and or specific info from you that will help in that way. If you do that, be sure to provide them a link back to this topic, and keep us updated as to their response.