Problem CIS 4 with WINDOWS UPDATE WEB

Hi

I have a problem with windows update on windows website update.windows.com - I receive an error:

0x80072EFE or 0x80072EE2

I just have installed NOD32 2.51, AVAST ANTIVIRUS FREE 5.0,

SO= XP sp2

Otherwise, i receive an error during upload test on www.speedtest.com or when i send a file (>60 Kb) on www.virustotal.com

why?

there is nobody can help me?

If i disintall CIS, i can update XP.

After I have installed CIS, i receive error on update XP

why?

Why are you running both NOD32 and AVAST? Are you using the COMODO antivirus in CIS as well? You should only have one active antivirus.

The following codes mean:

0x80072EFE -2147012866 ERROR_INTERNET_CONNECTION_ABORTED
0x80072EE2 -2147012894 ERROR_INTERNET_TIMEOUT

http://support.microsoft.com/kb/836941

It looks like when you install CIS it is blocking a connection for Windows Update. Go to Firewall > Network Security Policy > and make sure “Windows Updater Applications” is set like the one in the following picture:

[attachment deleted by admin]

:cry: i have always used both NOD32 and AVAST. with sygate personal firewall i don’t have any problem.

after i uninstalled SPF and installed CIS i have problem.

example: i have cis up. i go on site www.virustotal.com for testing a file online. Now, files smaller than 60 Kb are sent, while the largest are blocked.
i go on www.speedtest.net for testing adsl speed: test download works, but does not begin testing uplolad (then stop remain)

i have teh rules on Windows Updater Application and also on SVCHOST.EXE
I’ve started my computer by disabling the start of nod32 and avast one a time but still not working.
If I uninstall CIS, then works properly.

i confused

Do the Firewall logs give any clues here? They are under Firewall → Common Tasks → View Firewall Events. Can you post a screenshot of the logs?

I’m trying, but obviously will not work-

There’s a block in upload.

now i try restarting PC in Safe Mode to disable service cmdagent.exe and then try again

I can not send either not initiating CIS.

I had uninstall it

now i send two file: log and policy

[attachment deleted by admin]

I checked your logs. What does chiesto mean? Ask? What does Chalsiasi mean? All?

CHIESTO = ASK
CONSENTITO = ALLOWED
BLOCCATO = BLOCKED

QUALSIASI = ALL
CONSENTI = ALLOW

sorry

Your logs look fine at first sight.

There are a couple of bases I want to cover first before I will look more closely at CIS.

First make sure there are no more left over from Sygate around. Read the following closely and remove possible Sygate driver left overs.

We are gonna take a look to see if there are some old drivers of your previously uninstalled security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> reboot your computer.

When the problem persists make sure there are no auto starts from your previous security programs. Download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting pusdh Escape and go to Options and choose to hide Windows and Microsoft entries, to include empty locations and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

When that doesn’t help I will further investigate the possible influence of your AV programs.

Seen this before, the intermittent network connection, the solution then was to update the network drivers.

Can you verify if there are newer drivers available for the Network Interface?

Also I’d advise to upgrade to SP3.

I resolved ;D

the problem was due to a file KL1.SYS of Kaspersky Antivirus.

Given that I installed this virus and can not remember whether (and if and when) I tried it, I found this:

I did a search with two sw anti rootkit (rootkit hook analyzer and Helios) found this file (in addition of course to Avast and CmdAgent) hooked in the system. I ran the Fix with both sw, but the problem continued to reboot. I rebuilt the search with the both SW rootkit and the file was still there.

Now I run a search with RunAlyzer Safer-Networking (home of Spybot) found that this file starts as boot.
At this point I deleted the file and run the FIX kl1.sys with Helios.

At the next reboot I reinstalled and CIS: :-TU WORKS … ;D ;D ;D

Good news and good find! :-TU