Quick scan not run (scanning "Commonly infected areas") - possibly solved

I’m using the latest version of CIS on a Windows 7 64bits.
When I try to run a quick scan, it stalls at “Status: HKLM\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath”.
After waiting some minutes it aborts.

At now I removed CIS from my machine, deleted all folders, registry keys etc. which contained “comodo”, rebooten and reinstalled CIS. Nothing changed. The first scan successfully updated the databases then started a quick scan as “First scan”, then stopped at the same registry key… :frowning:
Have you got any ideas, what can I do with it?
Before uninstalling CIS, I’ve tried to run a quick scan in windows’s safe mode but the result was the same.

No other virus scanners found infection (MBAM, Microsoft Security Essentials)

Update: now I run a Full scan, and it has been finished without any problems. What scans the Quick scan with “Commonly infected areas” what the Full scan doesn’t?

Good question to which I have no answer. We may be looking at a bug. Does the quick scan always stall at “Status: HKLM\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath”?

Yes. Even if I create a custom scan with “Commonly infected places”, it stops with the same status, but… I think this is the last inspected, but not the problematic object.
Have you got any idea, how can I debug this? In process explorer I see nothing, but… I’m not a windows expert… :frowning:

I installed this windows instance in last september, then I’ve ran a quick scan successfully. But I don’t remember if it was running before or after installing Dell Latitude drivers(it could be important, but… :frowning: ) and I never run it since that time.

The most interesting thing: why can’t run it after safe boot? I think it could be because one of Dell drivers, but it is just an assumption, I have no evidence for that. (and I hope, it means in English what I think :wink: )

What you may have witnessed is Stateful Inspection of the AV in action. If you first ran a quick scan and then the full scan then the full scan will skip the files that were already scanned. To see if this is holds up reboot your system and run the full scan.

After reboot the full scan runs normally, scanning Commonly Infected Areas not.
A perhaps interesting thing: after using the Stop button (when I see it will not work), the scan window freezes. The window looks if it was active, but clicking on button (either Stop or Pause) does nothing. No more visible effect when I click on Stop or Pause button, but the window doesn’t greyed out as usually if Windows found a dead process and the timer works at the top of the window.

But I have an old problem too… Using Virtual Dekstop freezes the operating system on this machine. Even if I try it immediately after a fresh windows install… I think there can be a conflict between Comodo software and Dell drivers… (Currently I have no chance to try it without Dell drivers :frowning: ) Or… (paranoid mode on :wink: ) I have a virus or other trash in my BIOS… (as I’ve heard, it’s not an impossible thing :frowning: )

Some additional information: restarting windows, using Diagnostic startup (msconfig.exe → Diagnostic…) I can run quick scan. Also tried to switch back to normal startup, then disable all services but MS, and restart… hmmm… Logging in to an account which has Administrator privileges, I can run Quick scan. After logging out from administrator account, logging in to my own, quick scan stops at the same registry entry. It is a weird thing…
Why can I use it from the administrator account and not from another? Why can’t run after “Safe boot”, but can if I disable all (except MS) startup items, and services? Safe boot leaves enabled some non-Microsoft software?

So… It looks like a conflict between Comodo software and Dell drivers, as I previously assumed, I’m “happy”.
(I have more problems with Dell drivers as far as I can remember)

What account are you running? A limited user account?

Why can’t run after “Safe boot”, but can if I disable all (except MS) startup items, and services? Safe boot leaves enabled some non-Microsoft software?
I never use msconfig so I cannot comment on it. My best guess is that disabling Comodo Internet Security Helper Service (cmdagent.exe) will prevent you from scanning.

So... It looks like a conflict between Comodo software and Dell drivers, as I previously assumed, I'm "happy". (I have more problems with Dell drivers as far as I can remember)
I wouldn't jump to that conclusion.

You may be right, but… The problematic element was installed as a Dell driver (I downloaded it from dell.com), but actually it’s a Broadcom software. :slight_smile:

It’s very interesting.
After disabling “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” at (or in? or on?) msconfig’s Startup tab and rebooting the machine, I can run the quick scan. When I enable it again and reboot the windows, quick scan fails. The interesting thing: if I start it manually, when it is disabled in startup, then no problem, quick scan works.
(rhetorical question follows!) Where is the bug? In Comodo software, on in the BTTray.exe, or somewhere else?

Hm… I’ve sent a ticket to the support (and attached the .exe seems to be problematic)

The story continues :frowning:
Disabling BTTray.exe resolves my problem, but simply killing it doesn’t.
I think, it loads any software which actually cause hanging of quick scan.

It would be worth to also report it to Comodo by a bug report.

If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will certainly be seen by Comodo staff.