Can someone please tell me what this file is, and where it is located? Every time I restart my computer I am asked to either grant or deny network access to this file. It doesn’t seem to matter which option I choose, I still get asked the question on system restart. It’s becoming rather annoying.
Welcome to the forum.
sbapifs.sys could be related to Sunbelt’s driver: http://www.greatis.com/appdata/a/s/sbapifs.sys.htm , but it could also be malware: http://spywaredlls.prevx.com/RRDGFA17683044/SBAPIFS.SYS.html
You could run some test scans:
Is comodo looking at this and how do I get it looked at. I get the same symptoms, every time I reboot I am asked to allow or deny. Until I answer it, the system hangs. Even if I tell it to remember it, it will ask the next time.
John W. Colby
Where is the file located on the computer so that we know it’s not a Sunbelt file?
Hello! I am new to this forum, but I am a forum junkie :D. I have a question, I am using my brother’s computer. I was going to check my email, but I keep getting the blue screen of death with the following error:
***STOP: 0X00000050 (0XFFFF0000, 0X00000000, 0XEDB56A86, 0X00000000)
***SBAPIF.SYS - ADDRESS EDB56A86 BASE AT EDB54000, DATESTAMP 45CCAD3B
I saw on this thread and on a search with Google that it could be either spyware or software with Sunbelt. I did spyware scan with: AVG Spyware, Prevx CSI, Ad-aware & Spybot -Search and destroy and nothing was found. Can anyone be of any help? Thanks
Welcome to the forum, Pablo.
Well, based on your technical info background I can tell you already possess more knowledge than myself :D. I really don’t know how to interpret those things relating to BSOD, but are you using any Sunbelt products? If so you can try to see if you can reboot into safe mode and see if the issue persists. Safe mode does not load other software drivers.
Like I said it’s not my computer, but I imagine so because I just looked through the programs and it shows “Sunbelt → Counter Spy”. So what should I do?
Actually, safe mode won’t be a good idea because it prevents all security software from loading, so you can’t follow the process of elimination to figure out which programs are causing the conflicts. You can probably get your friend to uninstall one software at a time and monitor for the BSOD. Also, when does the BSOD usually occur? See if you can locate any minidumps (not that I can interpret it anyway, but someone else more (:NRD) probably can help). I know that thread is directed at CFP, but the same concepts apply.
How do I update the Minidumps file? I tried to open with Notepad and Word but I just get a punch of weird characters.
I am thinking it could be Counter Spy because I closed the program and there is no error so far. :). I am wondering if my bro should uninstall this program? ???
No no minidumps are not meant to be opened that way, and certainly not through Notepad. Like I stated, I’m not an expert so I can’t help on how to read it. You’ll need some (:NRD) to decipher it with a special program. Uninstalling was only a suggestion to narrow down the culprit, not necessarily a solution. Best report it to Sunbelt as they’d probably be keen on why their software causes BSOD’s. If you send them the minidumps I’m sure they’ll help you out. Might need to contact them or check out their forum:
Hi All - About the BSOD Minidumps - I believe that you can get a summary of those events from the Event Viewer Start>All Programs>Accessories>Administrative Tools>Event Viewer. Click the “Application” entry in the left pane and look for xError entries. Double-click on them and you will see a summary of the event, including the program that caused the fault and some error codes. There is also a link to the Microsoft web site for more information about the codes.
The cause of the BSOD’s is quite likely to be conflicting security software. You can try uninstalling them all and then re-installing them one by one until the problem reappears, or you can just uninstall the one that caused the problem.
About the file and the recurring alerts, you may have to write a rule for that program to tell the firewall to ignore it. You will have to find it and if you don’t have a better way, open Explorer and select the C: drive and then Right-click it and select “Search” and fill in the blanks in the dialog that pops up. You will have to note the path to the file so that you can find it in the “Browse” dialog when writing the firewall rule. This assumes that it is not actually malware???
You can open it with Debugging Tools for Windows.
Read here how to do it.
But you’ll most likely won’t understand a thing, but just in case you’d like to know
Sorry to drag this up again, but it’s still not resolved. In reply to Soyabeaner, the file is supposed to be located at C:\Windows\System32\drivers, but I’ve been through both this folder and, indeed, the entire Windows directory manually and it’s apparently not on my computer. I’ve even tried unhiding system files to see if that would help, but it hasn’t.
Are you running any Sunbelt products, or have you in the past?
I’m running Counterspy Version 2. The thing is, I know the file is related to this program and that it’s safe, I just can’t convince either the firewall or antivirus programs of this fact. Moreover, I can’t submit it to you guys for analysis because I can’t actually find it anywhere on my computer. I know where it should be, but a physical search of the directory turns up nothing.
Would it be possible for one of the developers to download and run this program with both Comodo Firewall Pro and Comodo Antivirus to see if they could replicate the problem? That’s the only way I can see this being resolved.
I run Counterspy 2.5.1043 and I installed CFP 3.0 yesterday. Sbapifs.sys (a CS Active Protection file that from what I have been able to find out Googling, creates and loads at boot up via services.exe in a rootkit-like manner). I don’t think you’ll be able to find it on your system in c:\windows\system32\drivers folder where it’s “supposed” to live or via and entire HDD search in Explorer. Hiding itself may protect hackers from being able to turn off CS protection totally, but it may be what’s setting off a red flag for CFP in doing so. It is reappearing in my pending files list every time I reboot. I just got through Googling and found this info (link below) that may shed light on this problem. You must read the entire thread…Op on that thread, does a test on install sequencing and when he did the installs in the FW/AV/AS order, his sbapifs.sys alerts (& crashes I was not having BTW) went away. Installing in the wrong sequence brought the sbapifs.sys alerts and crash problems back again.
I installed CFP 3.0 on top of my already installed (but turned off) CS and Avast. I know it’s better sequencing to install in the FW/AV/AS order. But as I didn’t appear to have any problems after the CFP install, I didn’t go back and uninstall/reinstall CS. BTW I’m having no problems with Avast functionality or on this file.
I guess I may be uninstalling/reinstalling Counterspy to resolve this. Hope this finding helps anyone reading this thread with similar problem. When I reinstall CS I’ll post a quick note on my results.
Well, a thorough, clean uninstall “according to Eric Howe’s”, reboot & reinstall of CS 2.5 did not resolve the problem of Comodo listing sbapifs.sy in the My Pending Files, even after two reboots. So I don’t think the sequencing of the security apps is the problem here. Just guessing it may have to do with how sbapifs.sys creates itself (or moves into) the kernel level of the op system at boot up. Don’t know that this is a true “conflict” between the two programs either. I’m truly not a techie so this one may be for the Comodo/Sunbelt developers. For now, I’ll just move the file to My Safe Files to get it off pending list in Comodo. Maybe the Comodo FW experts can get with Eric over at Sunbelt & find a solution to this, as this question is apt to come up by users again and again.
I need your help. My Comodo Fireweall deleted sbapifs.sys. Is this a very important file? If yes, may somebody send me it to my mail? email@example.com
Thanks for each help.
I don’t know for sure, but I believe that the sbapifs.sys file is created on the fly by its parent program and deleted after use. This is not uncommon and you will find a number of files including .dll’s and .exe’s in the temp directory of the Documents and Settings\User\Application Data\Temp folder that are reported by Pending Files and not found if you check the folder (especially common for programs that use the .Net framework). You can also click the Purge button on the Pending Files list and it will show you files that are no longer on the hard drive and offer to take them off the Pending Files list. I don’t think that CFP is responsible for sbapifs.sys not being found - it looks like it is a temp file from here. It will not be present on your computer to submit or define as safe, so every time it is created, it will appear on your Pending Files list.
One way to deal with this would be to create a rule for the process. Click Defense+>Common Tasks>My Own Safe Files. On that page, click the Add button and choose Running Process (I am assuming that sbapifs.sys will be running in memory). Locate the sbapifs.sys process and select it. That should solve the problem.