Author Topic: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4  (Read 10268 times)

0 Members and 1 Guest are viewing this topic.

Offline MaxReed

  • Full Member
  • ***
  • Posts: 100
  • Amo tutto ciò che funziona come dico io!
I performed a couple of deep scans with custom settings with Avast! and in the results it tells me the COMODO's process cmdagent.exe as a virus.This only happens on the laptop.
On the "home PC" it doesn't detect nothing unusual.
Someone can tell me something about this behavior?
« Last Edit: July 08, 2011, 10:04:01 PM by MaxReed »
-Asus N61Jv | Intel Core i5-540M | nVidia Geforce Gt 325M | 6GB RAM DDR3 | Win8.1 Pro x64 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version
-Asus T100Ta | Intel Atom Z3740 | 2GB RAM DDR3 | Win8.1 x86 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82691
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #1 on: July 04, 2011, 10:37:57 PM »
Full details of the detection of screenshot of the scan results window would help determine what it is.

Did you do a Memory scan as a part of that custom scan ?
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline MaxReed

  • Full Member
  • ***
  • Posts: 100
  • Amo tutto ciò che funziona come dico io!
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #2 on: July 04, 2011, 11:06:26 PM »
I'm sorry for the error in the previous post...the process isn't "cfp.exe", but "cmdagent.exe".
In this moment I can't post a screenshot or full details of the scan on my laptop.Now I can tell you that the deep scan that I have created is a custom scan with all possible scan areas that you can find in custom scan parameters.
On my "home pc" I have just now find the same problem.This is the results:
-Process 816[cmdagent.exe],block memory 0x00000000047C0000,block dimension 2097152- -Severity:High- -Threat:Win32:FakeVimes-B [Trj]-
I tried to translate the results because my AV is in italian ;D
-Asus N61Jv | Intel Core i5-540M | nVidia Geforce Gt 325M | 6GB RAM DDR3 | Win8.1 Pro x64 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version
-Asus T100Ta | Intel Atom Z3740 | 2GB RAM DDR3 | Win8.1 x86 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #3 on: July 04, 2011, 11:14:18 PM »
I get the same error when I run an Avast memory scan. Avast forum people told me not to worry; the alert is from Comodo loading unencrypted signature into memory.

My theory is cmdagent.exe at boot time does tons of hook injections to minimize Defense+ alets. What is left in memory is the leftover from that process.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline MaxReed

  • Full Member
  • ***
  • Posts: 100
  • Amo tutto ciò che funziona come dico io!
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #4 on: July 04, 2011, 11:45:53 PM »
Ok Thanks!! Now I can stay quiet!!!  ;D
-Asus N61Jv | Intel Core i5-540M | nVidia Geforce Gt 325M | 6GB RAM DDR3 | Win8.1 Pro x64 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version
-Asus T100Ta | Intel Atom Z3740 | 2GB RAM DDR3 | Win8.1 x86 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82691
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #5 on: July 05, 2011, 12:21:57 AM »
Detections in Memory as this one is - come from doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

So either don't scan memory in the custom scan or understand that you can get detections like this on other security applications loading unencrypted signatures into memory.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7467
  • No soporte por PM.
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #6 on: July 05, 2011, 02:10:00 AM »
Max, Donz.

I also run Comodo, Firewall and D+, but I have never ran Comodo AV. When I do a memory scan with Avast, I do not get any unencrypted virus signatures into memory from Comodo. I get Windows Defender though because it is running. I wonder, have you ever had Comodo AV running in your machines?

Regards.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82691
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #7 on: July 05, 2011, 02:20:04 AM »
Defence+ also uses signatures as far as I'm aware (it was my believe it was only the AV, but I was corrected), so it would be cmdagent.exe which would load them into memory as and when used.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7467
  • No soporte por PM.
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #8 on: July 05, 2011, 02:45:50 AM »
DavidR.

Defence+ also uses signatures as far as I'm aware (it was my believe it was only the AV, but I was corrected), so it would be cmdagent.exe which would load them into memory as and when used.

Thank you for the info, but still Avast is not detecting cmdagent.exe unencrypted virus signatures in my PC just Win Def sigs.  ???
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82691
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #9 on: July 05, 2011, 03:01:20 AM »
I don't know why that is as I have never used any comodo product, been very happy with my firewall for many, many years.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline MaxReed

  • Full Member
  • ***
  • Posts: 100
  • Amo tutto ciò che funziona come dico io!
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #10 on: July 05, 2011, 10:03:26 AM »
For iroc9555:
I have never installed Comodo AV on my PCs.

For DavidR and iroc9555:
So, what should be the problem? Is right what DonZ63 wrote? Or the cause is the unencrypted virus signatures into memory?
However, Can I stay quiet or I have to worry?

Thanks for the help!!!
-Asus N61Jv | Intel Core i5-540M | nVidia Geforce Gt 325M | 6GB RAM DDR3 | Win8.1 Pro x64 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version
-Asus T100Ta | Intel Atom Z3740 | 2GB RAM DDR3 | Win8.1 x86 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3270
  • Avast shall conquer the whole world
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #11 on: July 05, 2011, 11:59:34 AM »
For iroc9555:
I have never installed Comodo AV on my PCs.

For DavidR and iroc9555:
So, what should be the problem? Is right what DonZ63 wrote? Or the cause is the unencrypted virus signatures into memory?
However, Can I stay quiet or I have to worry?

Thanks for the help!!!

MaxReed go to Comodo forum and ask someone IF they ever come across the same problem as you, and you might get an answer I don't think is related to Avast it might be Comodo FW unless your settings is not setup correctly. If your not a member please register and join it free ;)

https://forums.comodo.com/help-cis-b127.0/
« Last Edit: July 05, 2011, 12:02:58 PM by SpeedyPC »
ASUS G75VX-T4153H - Avast Premier v20.1.2397 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird 64bit - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline MaxReed

  • Full Member
  • ***
  • Posts: 100
  • Amo tutto ciò che funziona come dico io!
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #12 on: July 08, 2011, 10:00:18 PM »
Ok I've asked about this problem on Comodo forum and they said that is a false-positive of Avast.I hope that Avast Team solve the problem.

Thanks to all!!!
« Last Edit: July 08, 2011, 10:02:26 PM by MaxReed »
-Asus N61Jv | Intel Core i5-540M | nVidia Geforce Gt 325M | 6GB RAM DDR3 | Win8.1 Pro x64 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version
-Asus T100Ta | Intel Atom Z3740 | 2GB RAM DDR3 | Win8.1 x86 | Avast Free Latest Version | MBAM Latest Version | Firefox Latest Version

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82691
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #13 on: July 08, 2011, 10:21:49 PM »
Sorry, but I honestly don't see how this can be considered a false positive, you ask avast to scan in memory for virus signatures and it has done as you asked.

Avast as I have said isn't alerting on cmdagent.exe but the unencrypted signatures that it has loaded into memory.

I have no idea what question you asked in te comodo forums, but if it didn't ask 'Does cmdagent.exe (for defense+) load virus signatures into memory.' Then you won't get an accurate answer as I feel they are simply saying there is nothing wrong with cmdagent.exe, avast isn't saying it is infected, just that it is responsible for loading those signatures into memory.

As I said before:
Quote from: DavidR
So either don't scan memory in the custom scan or understand that you can get detections like this on other security applications loading unencrypted signatures into memory.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3270
  • Avast shall conquer the whole world
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #14 on: July 09, 2011, 07:47:01 AM »
@MaxReed if I'm not mistaken if I understood correctly what DavidR saying I hope ??? virus signatures should not be loaded into memory by cmdagent.exe (for defense+), sometime this can cause problem to PC having to many virus signatures loaded into memory can slow down your PC so it shouldn't in most cases.

@MaxReed please check your Comodo FW setting for me please trust me I have been using Comodo FW for nearly 6 years from v3.0 to v5.4 I'm not using Comodo FW any more, I'm currently using Outpost. So go to Comodo FW in the defense+ settings:

1. Go to Firewall Behavior Settings and tick Create rules for safe applications

2. Go to Defense+ in general settings have you picked Create rules for safe applications

3. In Execution Control settings un-tick the following settings:
  • Perform cloud based behavior analysis of unrecognized files
  • Automatically scan unrecognized files in the cloud

4. In Sandbox settings disable Comodo Sandbox is not required while you have Avast sandbox running ;)

5. In Sandbox settings un-tick the Automatically trust the files from the trusted installers

6. In Monitoring Settings make sure you pick everything.

And reboot your PC after that go back to Comodo FW and go to More Options section right at the end

7. Run the Comodo Diagnostics just to make sure everything is okay

8. After Diagnostics go to Manage My Configurations and backup your Comodo settings in a different name and keep it in a safe place, just in case if the new Comodo FW version might come out in most cases you could loose all your settings everything and it easy to restore them back into Comodo FW.

And do another Avast custom scan the memory and I'm pretty sure everything should be clean out by cmdagent.exe (for defense+) ;)

Please let me know.
« Last Edit: July 09, 2011, 08:04:25 AM by SpeedyPC »
ASUS G75VX-T4153H - Avast Premier v20.1.2397 - W8.1 64bit - Avast SecureLine VPN - Avast Secure Browser - Firefox 64bit - Thunderbird 64bit - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition