I run a XP desktop PC. Have today installed for first time CAV Beta2, having uninstalled my old friend NAV, which had become bloatware. PC running much faster, on this account, I could swear. Problem is Norton Utilities 2002, which I have been running since it came out. CAV keeps saying, in a red stripe window, WDScan.exe. is not a valid system application. I then find WinDoctor shows an error, I run it, it fixes the error/s, green light comes back. A few minutes later, the same rigmarole. So I tried to exclude WDScan.exe in Settings/Advanced/Select program to exclude. This brings up an Exclusions box in which I am able to enter the line WDScan.exe, but this doesn’t ‘take,’ for the reason, it appears, that a white rectangle, empty, is within the box, as if something is trying to come through and show itself but not managing to do so. This rectangle is obscuring the buttons in the Exclusion box, except for ‘new’. So having entered WDScan.exe. in the New window, and having clicked ‘Ok,’ I would expect the entry to be accepted, willy nilly, and to then show up as an existing exclusion, but it doesn’t. When I click to bring up the Exclusion box again, and to enter, say, another exclusion, WDScan.exe. does not appear as an existing entry. The white rectangle is there again. I am constantly having to go throught the same rigmarole with Norton Utilities, which is most annoying and time wasting. I have no intention of abandoning Utilities as I consider it still to be a top notch facility for helping to keep my PC running sweetly. Advice gratefully received.
Hi xylophone
You will need to put the complete path in the exclude box. In the exclude list area, click new and use the search folder to the right of the box and find WDScan.exe and it will enter the path in the box for you. Try this and let us know if it helps you.
John
Thanks, John. That is how I do that.
I’m thinking I should uninstall and reinstall. When I installed it 48 hours ago, it immediately asked me to allow or block programs, for which I was of course unprepared, not being familair as yet with the program, so in a slight panic (firewall blinking away as well, etc.), and thinking that if in doubt. don’t, I blocked two maybe three programs.
That doesn’t explain why in the exclusion box 24 hours later I had five or six programs, all ones I use daily, such as Winword, showing as ‘blocked’ I didn’t block them. Within the exclusion box, I can change the designation of these programs to ‘allowed’ , but that doesn’t stick, they just come back as blocked. So I removed the entries, today others are appearing much as before.
Why, for example, should CAV be blocking Winword? My wife uses that all day every day, but in the last 48 hours she has not used it with any attachments, which is the only reson I can think of why CAV might block Winword.
I’m afraid I don’t understand how this program works yet. Perhaps it will all right itself shortly. Comodo Firewall instaleled like a dream and worked straight out of the box. This morning, after my wife had been on the machine, it was displaying the folder icon in the tray, which showed a safe list box with nothing in it! - how did that get there?
If you or anyone else can help with any of this, I would be most grateful. Is it known when CAV will come out of Beta?
Hi xylophone,
just to clarify: are you using CFP 3.0.22.349 as well as CAVS2? If so then you should disable the HIPS component of CAVS2 and ensure Defense+ is activated in the firewall. D+ is a much more advanced and stable HIPS than the one with CAVS2 and trying to run both HIPS at once could result in problems.
CAVS2 will not be developed any further: there is a new vastly improved version under development and the first beta release will be very soon - it is likely that this new CAVS 3 will not be a beta for long.
If you continue to get problems after deactivating the HIPS in CAVS then it may be worth your while installing something like Avast free edition until CAVS 3 is ready. I am using Avast whilst I wait for CAVS 3 and it works very well alongside CFP3 on both my XP and Vista systems
:SMLR
Thanks N.T.T.W.
I have the latest freeware version of CFP, 2.4.18.184, Comodo certified applications database, version 3.0
I know this incorporates Defense+, the website blurb says so, but for the life of me, I can’t find any reference to Defense+ in the program, anywhere. How do I know, for a fact, that Defense+ is running on my machine?
I look forward to your advice on that, whereupon I will deactivate the HIPS bit of CAVS2.
BTW, I see various references on the website to CAVS2 and CAV. I had thought I have CAV. Are they the same?
Many thanks
The version of the firewall you have is the old version 2 which does not have D+. If you are using XP then you would be much better downloading the latest Firewall (Version 3.0.22.349) which incorporates Defense+.
You can get it here:
http://www.personalfirewall.comodo.com/download_firewall.html
Once you have downloaded the new version you can then uninstall Version 2 and install the latest version. I advise you read some of the posts on these forums regarding setting up and using the new D+ features but the best way I have found is to initially, immediately after reboot, set security level to ‘Training Mode’ whilst the firewall and D+ learns your applications. Usually an hour or two is enough and then I would switch to ‘Safe Mode’.
:SMLR
Thanks. I don’t have SP2, only SP1, and do not intend to go to SP2 - a long story, but not relevant here.
That being so, what do you suggest I do now?
Apart from Winword, some Symantec files are blocked: sysdoc32.exe, windoc.exe, nopdb.exe, sdntc.exe., also foxit reader, and gmer.exe (a rootkit program I am trying). As I have said, I have uninstalled NAV and retained Norton Utilities. At the time of writing, I don’t know if any of these Symantec files are needed for Utilities, but assume so. Since I installed CAV, only these files appear as blocked, and no others, and I am not being notified by CAV of any problems. Perhaps on this overall basis, I can just ignore what CAV is telling me it has blocked and get on with my life.
I concede that I saw that the blurb for CAV recommends SP2. However, I have yet to encounter any problem with my software that needs SP2 to get it resolved. Perhaps this CAV thing is therefore a first!
Thanks
I am not sure whether the lack of SP2 is affecting your security software, though I suspect it may well be and is possibly likely to in future.
The problems you describe with CAVS 2 are known bugs with this beta and unfortunately they will never be fixed: all work is now being carried out on the new CAVS 3. When CAVS 3 is ready it may not work correctly on your SP1 installation and the new version 3 firewall may well not function correctly either. Perhaps someone more knowledgeable than me might comment on this.
It will certainly be worth trying the new CAVS 3 when it is ready but if I were you I would remove CAVS 2 and install Avast free edition at least until you try out CAVS 3 - I think Avast will work well on your system.
:SMLR
What you say I didn’t know, so many thanks.
I’ve never tried Avast. The website says Windows XP (no server), so I assume SP1 will not be a problem.
I’ll take you up on your suggestion, particulalry as it seems Avast offers greater protections than CAV. But I will look at the new CAV when it comes out.
I suspect I will end up with Avast AV, Comodo Firewall and Comodo Antispam (which is just worth having). Malware-wise, I also run Spybot and Ad-aware freeware, and Trojan Hunter paid for, which unlike Avast is a dedicated trojans program. Could be worth dumping TH in favour of Avast for trojans, running it, and see how I go.
You could also try Comodo Boclean:
http://www.comodo.com/boclean/boclean.html
This is low on resource usage and protects against all sorts of nasties,
:SMLR
I think BOClean requires SP2, otherwise I would have it.
Not sure about that - the website says “Windows XP, any”.
I know of at least one user who has Boclean on sp1 so it may be worth a try.
:SMLR
Re BOClean, which os the malware programs I have mentioned would it mean I would no longer need to use? - Spybot, SpywareBlaster and Ad-aware
You could probably still use them all but personally I would get rid of Ad-aware for definite.
I have never used spyware blaster so I don’t know if it is compatible with Boclean or even if it is any good. Spybot is still handy in my opinion but don’t use the ‘tea timer’ feature if you use Boclean.
I think that if you use a good antivirus, Comodo Firewall and Boclean you will be pretty well protected.
:SMLR
SpywareBlaster blocks sites similar to SpyBot’s Immunize feature.
UncleDoug
Thanks, guys. I have installed Boclean and Avast. I was of course wrong about BOclean and SP2.
Ad-aware I now, agree about. Of course, not too long ago, Spybot, SpywareBlaster and Ad-aware were a dream trio.
I’ll keep Spybot and dump SpywareBlaster, Ad-aware and Norton Utilities. That means I will end up with Avast AV, CFP, BoClean, Spybot. I also have CCleaner.
I think that tightens things up with the modern, up to date and more powerful freeware I need.
My only outstanding question is what to do about trojans. I have Trojan Hunter, an excellent, dedicated program, and now BOclean. The conventional wisdom is not to have two such programs as they will attempt to scan for trojans at the same time, with slow-downs and false responses. That should mean, I think, that I dump BoClean. But does it do a good job on trojans, i.e. sufficient to justify its use over Trojan Hunter. I pay for TH. What do you think? Keep TH or use BoClean.?
Thats a tricky question. Boclean does not have an ‘on-demand’ scanner: rather it sits in the background and detects any Trojans as they attempt to activate, stops them and then asks you if you want to remove them. Trojan Hunter, I think, has a similar feature (Guard?) but also has an ‘on-demand’ scanner. I don’t know about compatibility but in theory you could use Boclean for resident protection and Trojan Hunter to scan when you feel the need to ‘check things out’. You would probably have to turn off the Guard feature of TH in this case.
I am fairly sure that Boclean will detect and stop more Trojans than TH but I know some folks like so ‘Scan’ every now and then for peace of mind and what one anti-trojan misses another will detect.
All I can suggest is you try TH with the Guard feature turned off (if it allows this) and just use it for scanning and also use Boclean for ‘resident’ protection.
:SMLR
Thnaks again, N.T.T.W. TH has a facility to ‘unload’ TH Guard. So you are spot on once more.
Two questions:
1
Oops! Don’t know what happened there!
Question 1 On what basis, if I may ask, are you able to say that ‘I am fairly sure that Boclean will detect and stop more Trojans than TH’? This would mean that BOClean anti malware freeware is more powerful than a commercial dedicated anti-trojan program. Is it now as good as that for consumers in this field?
Question 2 I read about CAV and CAVS - are they the same program, just called different names as you prefer?
Boclean was a paid for product before Comodo purchased the company and Comodo made the decision to offer the product free of charge as part of their policy of providing free security software to create trust online.
Also: does the fact that a product is paid for mean it is better than one that is free: compare Comodo firewall 3 against any other firewall - it is the best there is and it is free. Comodo have invested huge amounts of money into development of security products. It is worth reading this:
http://www.comodo.com/boclean/boclean.html
To quote a snippet from the Comodo Website regarding Boclean:
“We have located and studied over 1,000,000 malware programs and new ones are appearing daily. The vast majority of them are modifications to older, existing malware. We only count unique malware in our “effectiveness count” and do not include renamed, repacked or variant malware in our listings. BOClean will simply detect those, eliminating user worry over so many “zero-day” warnings seen from other software manufacturers that turn out to be a repack or variant.”
CAV and CAVS are the same though I think CAVS is the correct term - Comodo Antivirus and Antispyware. I think CAVS 3 will be very good once it is finished.
:SMLR