Random EFS Encrypted Files Corruption [NBZ]

I 'm testing the latest Comodo CIS 5.3.176753.1236 since two week and I have encountered this serious problem: randomly some EFS encrypted files become corrupted.
The Hard-disk hasn’t any problems.

I have seen this old thread about the question in the old\resolved Issues
https://forums.Comodo.com/orphanedresolvedoutdated-issues-cis/cavfree-x64-v-40135239742-corrupts-efs-encrypted-files-on-win7-pro-64bit-t58721.0.html;msg411304#msg411304

But the problem not seems completely resolved

The bug/issue

  1. What you did: Try to open some EFS encrypted files(some PDF password protected files, and various PSD file)

  2. What actually happened or you actually saw: Randomly these files appears corrupted

  3. What you expected to happen or see: The files undamaged

  4. How you tried to fix it & what happened: I have tried to add the directory to the exclusion list but this problem is random so I’m not sure this workaround have resolved the issue

  5. If its an application compatibility problem have you tried the application fixes here?: Isn’t compatibility problem

  6. Details & exact version of any application (execpt CIS) involved with download link:

  7. Whether you can make the problem happen again, and if so exact steps to make it happen: The problem is casual doesn’t happens every time and is related with EFS encrypted files

  8. Any other information (eg your guess regarding the cause, with reasons): I think is related with the virus scan engine

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: Cannot reproduce
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: No relevant event logged
  3. A CIS config report or file.: Irrelevant
  4. Crash or freeze dump file: NONE

Your set-up

  1. CIS version, AV database version & configuration used: CIS 5.3.176757.1236 AV Database 7522 Antivir+Firewall, Default config with “Notify All” Firewall policy
  2. a) Have you updated (without uninstall) from CIS 3 or 4: NO
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: YES
  3. a) Have you imported a config from a previous version of CIS: NO
    b) if so, have U tried a standard config (without losing settings - if not please do)?: NO
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Notify All Internet Connection Request in firewall setting
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Safe , Sandbox=Enabled , Firewall =Custom policy , AV =Stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 x86 All service pack and updates installed, UAC enabled, admin account
  7. Other security and utility software installed: NO
  8. Virtual machine used (Please do NOT use Virtual box): NO

a workaround for this error is to add to antivirus exception all EFS enceypted folders and restart the system, this is a big error so i hope they are working on it
note: you files aren’t corrupted, they just have not been decrypted so after restar all they will be ok

Thank you for the reply.
I have already tried this workaround(the first thing that I have done) and seems work… however I hope the team fix this bug ASAP… I really annoying.

(However this bug should be reported in the Known Issues list…)

Thank you for your bug report in the required format.

Moved to verified.

Thank you

Dennis

Hi,

The problem was observed more then 2 years ago:
https://forums.comodo.com/orphanedresolvedoutdated-issues-cis/comodo-antivirus-component-of-comodo-internet-security-corrupts-efs-files-t33649.0.html

It seems that the issue is somehow related with AV database updates.

Some info that can be useful:

  • each update of CIS virus database causes this problem;
  • only files that were not read earlier in this session (since computer start-up) become corrupted;
  • restart of computer make all files readable again;
  • adding the efs encrypted folder to antivirus exclusions prevents this problem;
  • removing the folder from the exclusion list brings the problem back.

stable way to reproduce this issue:

  1. Create a folder.
  2. Create 3 or more *.txt files in that folder.
  3. Turn on the efs encryption for this folder and all included files.
  4. Restart the computer.
  5. Open the first text file; do not open others.
  6. Update CIS virus database.
  7. Open the first text file: it’s not corrupted.
  8. Open other text files: they ARE CORRUPTED.
  9. Reboot the computer: all files are readable again.