My CAV 2.0.0.2 bugs/issues

I must say, a much smoother 1st boot… and no relaunch of the usdb upon reboot either.

I still have one of my initial issues with my UNC pathed (network) files being added incorrectly (as per this post)

The performance is much better. I no not have the frequent lag spikes anymore, but do still feel some slight application load increase times. Once the app is loaded however, smooth sailing. Disabling the “Show allowed apps” popup seemed to help somewhat, but not a cure.

An excellent 2nd build. :BNC
(R)

I agree, the new version is a great improvement.

No problems installing, initial scan satisfactory though I would rather CAVS only scanned drive C and not my network drives - this may be an issue for some people who will use CAVS at work.

No repeat scan on second boot - thank you.

System does not seem to freeze as much with the new beta though I have noticed a slight delay when opening some applications - no problems after initial load though.

Overall I think this is a great improvement and CAVS is now really starting to show it’s true potential. Keep up the good work Comodo. :SMLR :SMLR

Hello all hard-working guys at Comodo,

Version 2.0.0.2 works much smoother compared to the erlier version.
Thank you for a great improvement!

However, I have one issue on my Windows XP Home box at home. After some minutes of inactivity - typically when doing a complete scan - my screen-saver kicks in and it seems like stuff happens then. The HIPS control says that the file ‘kbdhid.sys’ is an unknown application and it asks me to either block or allow it. The problem is that both my mouse and my keyboard (both USB connected) are disabled. All I can do is restart my computer by cutting the power.

I sent the kbdhid.sys file to you guys at Comodo yesterday for inclusion in future updates of the database. Should I send any other information?

Thank you for your attention,

/Mattias

Hi, that is for your keyboard configuration and a reason why Comodo refuses to have hot keys as attacks can happen through these means so it is simply asking to allow it or not. Also not sure you are aware, but it is a very GOOD idea to NOT have a screen saver running when doing any system scans etc…as they can , have and will interfere with your system scans, etc…Screensavers are nothing more than eye candy now and with the refresh rates on screens haven’t been needed in quite some time. So that said, if you prefer to have it, that’s your choice but I would disable it when running any thorough scans. I think the keyboard config is coming up due to screensavers having hot key abilities. Just my opinion though. I would like to add this can be hijacked as well and when you hear from the higher ups, let me know as to what they think this is.

Thanks,
Paul

Hello Paul,

Thank you for yor swift answer.
I was not aware that having a screen-saver could pose such threats.

Do you know when ‘kbdhid.sys’ is used, for instance, is it somehow used/activated/run if I turn off my monitor?
The reason I am asking is because I have changed the time for my screen saver to kick in from 30 to 90 minutes of user inactivity. Then I started a scan and turned off my monitor.

When I started my monitor some 30 minutes later the same problem had occured.

Sincerely,

Mattias

Hi. the kbdhid.sys are keyboard drivers. It is for enhanced keyboards, “HID” , USB keyboards, etc… I erased my whole reply as it’s too long to explain but you can read here…

http://www.microsoft.com/whdc/device/input/w2kbd.mspx

all about your drivers. As well, the topic at hand, I don’t think turning on the monitor would do this as MS says, the kbdhid drivers are the only ones allowed to read the app collections, with hotkeys, special configurations etc…there may be something that set off the keyboard drivers when you were doing a scan, since this is a security risk these drivers and settings, perhaps the drivers were attempting to read the keyboard app collections and it was notifying you. It may have had nothing to do with screen saver or monitor at all. Do you have special keys for your screen saver? This is a possibility but I think the prior to be more accurate.

The reason I say a screen saver does this, is it takes resources, and it does interfere with other running applications, slows them down etc…not on every pc, not every screen saver but many. All they have to do is show you a bench test running a screen saver while doing another heavy system scan and you will see the drop in performance and possibly eating up ram. I always disable them and then re-enable when done with security scans, etc…

Hope this helps a bit more,

Paul

Thanks for taking the time to answer my questions. Now I understand the problem a bit better.

But (and by saying this I might sound a bit stubborn - sorry!) I still feel that this behaviour is closer to a bug than to being a feature - at least for people like me, that uses a screen-saver for saving the screen. :stuck_out_tongue:

Thank you,

/Mattias

I have to agree, it is better than the previous one, but scans take way too long and I mean WAAAAAYYY TOOOO LLLLOOONNNGGG. Also the time lag between executing a program just switching between screens still remains.

Spotted another issue with this newest beta build. I’m unable to do a standard reboot on my PC. I have to do a cold reboot if I wanna restart my PC. Is anyone getting the same problem?

I agree with Mattias. CAVS interfears with the activity of my logitech mouse/keyboard. Probably it has to do with the “On Access Scanner” and not with the demand scan or with the Hips.

i have seen this on the version 2.0.0.1. But after the first two cold reboots, I was able to restart it normally. Probably it was caused because Hips initially had failed to identify some services and detected them only at the 3rd restart of the OS.

Okay…the scan to a little 3hours…it was kinda making me irritated because while it was scanning, it made my Overclocked Rig into a slow snail. After the scan was completed and no problems were found, it told me to submit (I believe over 7-10GB of files) to the server to see if it’s considered to be on the safe list or virus list. I believe that it’s still trying to submit them while I’m typing this post. (FYI: I’m using another computer from my office; the computer I’m talking about is at home). I’m thinking about reverting back to the previous beta build.

Hi Pand,

Other people experienced this with other anti-virus scanners and thought they had viruses etc…and ran hijack this, went through a week of trying to figure it out, lol. So I am in agreement with Mattias and yourself. As I stated, it’s probably catching the app read, but nonetheless an aggravation that can confuse a lot into believing they have a virus. Of course this is a vulnerability at the same time but shouldn’t be brought up unless infected I would think. More of an interference I suppose.

Paul

Hi Comic,
Yes you are right. But in my pc “Hips” with “On Access Scanner” = worst than a virus. (:TNG)
On version 2.0.0.1 the pc could not react. On v. 2.0.0.2 it blocks every 10 seconds.
But on the other hand CAVS “Hips” and “NOD32” work like a charm together :BNC

Seems to be some slowdown on boot up and shut down over previous version. still getting warning balloon permenantly above bar icon saying ‘on access scanner active’ until clicked off. Also getting no signs that emails are being scanned in outlook express even though annimated icons are switched on so not sure if email scanner is working. cant see email scanner listed in processes when start task manager either. hips working smoothly though as is on acess scanner.
kitt.

Could you pl attach troubleshootlog log for further analysis?

Email scanner name is “cavEmSrv.exe”. The design is made such that, this exe is executed whenever an email is being sent or being received.

regards
Kishor.

Hi Mittas,
‘kbdhid.sys’ is kept on hold by HIPPS for user’s input as it is not found in the safelist. And this keyboard HID mapper driver could not be allowed to take the input. We will fix this in net release. By that time you can change your hips setting to low to monitor only .exe files.
Can you let me know that What is the version and size of this file?

regards
Kishor

Hi Kishor,

The (product) version of the file ‘kbdhid.sys’ I am having problems with is 5.1.2600.2180. The (actual) size is 14 848 byte.

Thank you for the tip on lowering the safety level as a remedy. I will test that ASAP.

Sincerely,

/Mattias

hi Kishor,
managed to get email scanner up and running after fresh install. seems to be fine now. a confliction issue when using comodo antispam as far as i can tell. still getting that windows warning balloon above taskbar telling me that on access scanner is enabled but thats no biggie. Thanks for the reply and will try to get a report to you… er, when i work out how to do that…kitt.
now below,cheers.

[attachment deleted by admin]