Is antivirus stopping itself?

I just installed Internet Security on an old computer that had been running with Norton Antivirus. I noticed that Norton file system security was turning itself off, I’d sit down in front of the computer and the Norton icon in the system tray would have the red circle with the line across it.
So I switch to Internet Security (the only reason I was running Norton was because work required it, but that changed so I got rid of Norton happily).

Now I’m seeing the same thing with Internet Security. I sit down and the icon has the red circle with the line through it. HUH? The only way I’ve found to solve this is to shut Internet Security down and restart it. It happened again this morning in fact.

Can anyone offer a suggestion as to what is causing this and how to stop it? Virus scans are clean. The only change I’ve made to anything is adding Juniper Networks to My Trusted Software Vendors.

Thanks

You did uninstall Norton Anti Virus and rebooted? You have CIS installed with the AV active?

We are gonna take a look to see if there are some old drivers of your previous security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

I did uninstall Nortan and rebooted. I’ve rebooted several times since it was uninstalled. There is nothing in device manager or autoruns that I can see that is a left over from norton. Any other ideas? The icon is showing the red circle right now, and that scares the heck out of me.

Try running Diagnostics and see if that helps. What does it say?

Can you tell us more about your system? What OS are you on? What other security applications are running in the background>

I assume you mean Diagnostics in the Miscellaneous section? It reports “The diagnostics utility did not find any problems with your installation.”

I am running XP SP3 and the only other security software running is what is built in to XP, the windows firewall etc. That reminds me, I did not install the Comodo firewall. I’ve used it in the past but the frequent popups were un-nerving the none geeks that use this computer (not me obviously). Could that have something to do with it?

By the way Windows Security Center says “COMODO Antivirus reports that it is up to date and virus scanning is on.” So maybe I’m worried about nothing?

Just to make sure I understand you correctly. The icon you see with the red circle and the line through it. Is that the Comodo shield? To make sure it is the Comodo icon click right and look at the context menu.

Yes, it is the Comodo shield. I’ve checked that very carefully.
I was notified that an update was available today so I installed the update and rebooted. It is showing the normal icon right now.

Just a follow up, the update did not fix the issue. The Comodo shield is showing the red circle now. Summary screen shows the system status as “All systems are active and running”

Have you had any other security program installed in the past? If so do the following to make sure all leftovers of them are gone.

We are gonna take a look to see if there are some old drivers of your previous security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

Eric,
Your post is informative but it is almost word for word the same as your original post to this thread.

Sorry about that…

Do you have other security programs running in the background? Try disabling them. When that doesn’t help I can only think of advising to do a clean install.

I guess I have a clean install in my future then, because I don’t have any other security software running.

Is by any change Windows Firewall switched on? CIS does not disable it when installing nor does it switch it on when it is unisntalling.

Out of curiosity, would that cause this?

I reinstalled yesterday and made sure to install CIS firewall. It’s been 28 hours or there abouts and the red circle is not showing on the icon.

I had high hopes that the reinstallation had taken care of it, but I got home from work today and the icon is showing the red circle.

Can anyone in development tell me under what circumstances the icon is displayed this way?

The only thing I can think of right now is to do a clean install. Uninstall CIS, reboot and continue with the following tutorial:
Start with exporting your configuration to a folder that is not part of the Comodo folder under Program Files. This way you can restore your configuration after the reinstall.

Uninstall CIS and reboot. Then run [url=http://system-cleaner.comodo.com/]Comodo System Cleaner[/url] to get rid off registry keys.

Then delete the Comodo folders under Program Files, Program Files\Common Files, C:\Documents and Settings\All Users\Application Data\ .
For Vista/Win7
Users%username%\appdata\local, Users%username%\appdata\roaming\ and \Users%username%\appdata\local\virtual store

To be even more thorough open Device Manager and set it to show hidden devices under menu option View. Then see if there are Comodo driver(s) left in non Plug and Play drivers. If so select the driver → click right → uninstall and reboot.

Now delete the following:
C:\boot.ini.comodofirewall (this file may not exist).
WARNING: Do not mistakenly remove the original “boot.ini”.
C:\WINDOWS\system32\drivers\cmdGuard.sys
C:\WINDOWS\system32\drivers\cmdhlp.sys
C:\WINDOWS\system32\drivers\inspect.sys
C:\WINDOWS\system32\guard32.dl

a. HKEY_CURRENT_USER\Software\ComodoGroup\CFP and HKEY_CURRENT_USER\Software\ComodoGroup\Comodo Internet Security
b. HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1 *
*(If you have other Comodo products installed, delete only the values
for CFP)
c. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\cmdAgent
d. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\cmdGuard
e. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdHlp
f. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inspect
g. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
\cmdAgent
h. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
\cmdGuard
i. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp
j. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect
k. KEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
\cmdAgent
l. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
\cmdGuard
m. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp
n. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect
o. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent
p. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard
q. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp
r. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Inspect
s. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
t. HKEY_USERS\S-1-5-21-1202660629-746137067-2145843811-1003\Software\ComodoGroup\CFP
u. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT *
v. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD *
w. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP *
x. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT *
y. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDAGENT *
z. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD *
aa. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP *
bb. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT *
cc. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDAGENT *
dd. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDGUARD *
ee. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDHLP *
ff. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT *
gg. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDAGENT *
hh. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD *
ii. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP *
jj. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT *
kk. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x32
ll. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x64
mm. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog
nn. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission
oo. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro

*Note: It may not be possible to remove these “LEGACY” keys. If you cannot delete them, leave them in the registry. However, I have subsequently found that you MAY be able to remove these keys in Safe Mode by using a third-party registry tool. To permanently remove them may also require modifying the Permissions for each key. See: https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_info-t17220.0.html;msg119226#msg119226

Now you should be good to go

I went through Eric’s steps a couple of days ago, so far everything looks fine.
Most of the steps were not needed, the uninstall process seems to clean just about everything out, which impresses me. A lot of uninstalls (dare I say, most uninstalls) leave little bits here and there which I find irritating.