My CAV 2.0.0.1 bugs/issues explored

I think everything is going OK now… but it was an adventure…

So of all places… I decided to load CAV 2.0 at work… because that’s where i was when it came available (:TNG)

Now at work, I am on a domain. I use Outlook 2003 but don’t have a local cache (direct communication to the exchange server).

Right after the 1st post-install reboot, I started getting a plethora of HIPS popups for the same setup.exe file attempting to load through the user login script (opens a CMD session). I’ve attatched an image below. I tried to open CAV to look at the settings, but as my PC was still trying to finish booting, this ended up making windows kack and I decided to reboot (reset).

On the second reboot I decided to try click past the popup loop and things finally started loading and the upsdb started doing it’s job. While that was running I decided to risk launching CAV GUI again and found in the settings a way to tell the HIPS to ignore files in the server path that was causing my loop. By this time upsdb was humming along… then i noticed it started scanning my network mapped drives… huh? By design?

After the upsdb finshed, I rebooted… the user script setup.exe started agin and I was like “Oh no”, but i tried to set the rule again and it seemed to work… so not sure if my “ignore list” helped or not. Boot started looking normal again but then the upsdb started again… I figured this was because I had reset… I closed the upsdb and it gave me the option to stop it from running on next boot. phew

I then started a complete system scan and it finished in 20 minutes, not too bad at all.

After the scan, I was notified to submit the files I had marked for submission, which included the “offending” setup file that looped on me… but it wasn’t able to submit the file. Closer inspection revealed that the file was located in path “\ServerName\Clients\Setup.exe” as opposed to “[b][/b]\ServerName\Clients\Setup.exe”. This explains the submit problem… does it explain the failed HIPS rule to allow it as well?

… one more reboot and i’ll post back.

P.S. My outlook 2003 seems to be behaving ok with CAVS… but i think that is because it runs without a PST/OST file (direct connect to the exchange server) unlike my home experience.

[attachment deleted by admin]

the path mismatch issue must be responsible for this last reboots looping HIPS popup for the same file… After alot of clicks it finally stopped however.

Good thing I normally just lock my PC; or this would get stale really quick. :THNK

Please Please Please report us all the bugs you find so that we can make this CAVS the most stable in the market!

thank you

Melih

I am, I am…

So here is an observation… I’m pretty much exclusively in the forums right now (IE6)… so either the forum is “lagging”, CAV 2.0 is is doing something, or there is an intermittent incombatibility with “Spyware Terminator” (it’s HIPS disabled).

It is a very intermittent issue that doesn’t last long… best explained as an IE6 brain-fart / pause.

I do use forum HTTPS btw.

I have too, felt that the forum has been unresponsive today. I have had to reload pages several times.
I have not installed CAVS 2 yet, and i don’t have any security programs running except CPF and NOD32. Maybe the servers have been really busy today…

Excellent, I was hoping that was it.

OK, new issue…

I locked my work PC and went home for the night. Returning this morning, I unlocked the PC and saw error/warning messages from Outlook 2003 that it could find the server.

Thinking that it might have been an old error from the night, I tried to open the db client on my PC and found I had “lost connection” to the network. The LAN was on, but no activity was allowed. I moused over the sys tray icon to see if anything had crashed/stoppped but did not update the tray… sure enough CPF disappeared as i moused over. This would explain the network loss if CPF had shutdown… I restarted CPF and all is fine again.

Soon after I got a HIPS popup on CFPUpdate, and allowed it. Did CPF/CFPUpdate not like the overnight wait for me to get back tgo the PC to respond to the HIPS popup?

The only thing new to the system was CAV 2.0… CPF 2.3.6.81 has never shutdown on me before (unlike its previous official version).

Oh, and is CAV Safe List File Submission icon supposed to be in the systray all the time, even when it’s empty?

I am getting intermittent “lag spikes” on my PC. It is not a freeze… the mouse still trails but clicks are “ignored” as the system catches up to the last action… like clicking start menu, switching to another open application, copy/pasting, mouse overs, minimize/maximize a window, just about any random action/event…

I can’t catch an offending service in task manager as the entire screen does not refresh until the “lag spike” is over… including task manager.

I’m seeing lags/hangs/freezes (or whatever you want to call them) as well. I’ve traced it to 2 specific components. My system has been up for about 2:20:00, ignoring “Idle” the top 2 CPU consumers are cavasm.exe (6:36) & cavemsrv.exe (4:45). The next nearest is Firefox at 0:41. So, you can easily see where most of the CPU usage has gone.

Also when cavemsrv.exe (Email scanner) runs, it uses 100% CPU & hangs the whole system (keyboard, mouse, everything) until its finished.

When I first installed CAVS my system showed a lot of the signs people are reporting: very slow, almost hangs, sometimes it froze on startup. But I went into CAVS on one of the times where it worked and I set the HIPS level to low so that it only controlled .exe programs. Since then I havent had any issues an it has been back to the way it was before I installed 2.0. I kept getting pop-ups for drivers and it was usually on these notifications that everything locked up or went really slow. Maybe if all drivers that come with Windows were automatically allowed by CAVS then those type of issues could be minimized. I dont know what all is on the list right now but there were a lot of system files that I thought would just be on the safe list.

Thanks, its looking pretty good. (L)

Same here. I posted over here. I also have experienced some complete freezes where I’ve had to cut power in order to reboot, which weren’t occuring b4. Going to keep process explorer constantly; maybe I can toggle the screen or otherwise check the history when it comes back to reality. :slight_smile:

Well, as I had stated I deployed this on my work PC, and have had to uninstall it because it is my work PC and I am loosing productivity.

So I will conclude my testing with more observations…

  • as AGM65 stated, reducing the HIPS level did help, but was not a cure for me
  • I had no uninstall issues… LSP intact and my PC was back in business fully after the uninstalls reboot (the only unistall option i had unchecked was the clear the quarantine, as it was empty anyway)

All-in-all, my experience has been quite good, and I look forward to the next beta releases. I’ll watch the fix notes for the next beta versions and deploy the very next beta that speaks to my issues.