Author Topic: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4  (Read 12363 times)

0 Members and 1 Guest are viewing this topic.

MaxReed

  • Guest
I performed a couple of deep scans with custom settings with Avast! and in the results it tells me the COMODO's process cmdagent.exe as a virus.This only happens on the laptop.
On the "home PC" it doesn't detect nothing unusual.
Someone can tell me something about this behavior?
« Last Edit: July 08, 2011, 10:04:01 PM by MaxReed »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #1 on: July 04, 2011, 10:37:57 PM »
Full details of the detection of screenshot of the scan results window would help determine what it is.

Did you do a Memory scan as a part of that custom scan ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MaxReed

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #2 on: July 04, 2011, 11:06:26 PM »
I'm sorry for the error in the previous post...the process isn't "cfp.exe", but "cmdagent.exe".
In this moment I can't post a screenshot or full details of the scan on my laptop.Now I can tell you that the deep scan that I have created is a custom scan with all possible scan areas that you can find in custom scan parameters.
On my "home pc" I have just now find the same problem.This is the results:
-Process 816[cmdagent.exe],block memory 0x00000000047C0000,block dimension 2097152- -Severity:High- -Threat:Win32:FakeVimes-B [Trj]-
I tried to translate the results because my AV is in italian ;D

DonZ63

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #3 on: July 04, 2011, 11:14:18 PM »
I get the same error when I run an Avast memory scan. Avast forum people told me not to worry; the alert is from Comodo loading unencrypted signature into memory.

My theory is cmdagent.exe at boot time does tons of hook injections to minimize Defense+ alets. What is left in memory is the leftover from that process.

MaxReed

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #4 on: July 04, 2011, 11:45:53 PM »
Ok Thanks!! Now I can stay quiet!!!  ;D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #5 on: July 05, 2011, 12:21:57 AM »
Detections in Memory as this one is - come from doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

So either don't scan memory in the custom scan or understand that you can get detections like this on other security applications loading unencrypted signatures into memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

iroc9555

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #6 on: July 05, 2011, 02:10:00 AM »
Max, Donz.

I also run Comodo, Firewall and D+, but I have never ran Comodo AV. When I do a memory scan with Avast, I do not get any unencrypted virus signatures into memory from Comodo. I get Windows Defender though because it is running. I wonder, have you ever had Comodo AV running in your machines?

Regards.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #7 on: July 05, 2011, 02:20:04 AM »
Defence+ also uses signatures as far as I'm aware (it was my believe it was only the AV, but I was corrected), so it would be cmdagent.exe which would load them into memory as and when used.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

iroc9555

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #8 on: July 05, 2011, 02:45:50 AM »
DavidR.

Defence+ also uses signatures as far as I'm aware (it was my believe it was only the AV, but I was corrected), so it would be cmdagent.exe which would load them into memory as and when used.

Thank you for the info, but still Avast is not detecting cmdagent.exe unencrypted virus signatures in my PC just Win Def sigs.  ???

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #9 on: July 05, 2011, 03:01:20 AM »
I don't know why that is as I have never used any comodo product, been very happy with my firewall for many, many years.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MaxReed

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #10 on: July 05, 2011, 10:03:26 AM »
For iroc9555:
I have never installed Comodo AV on my PCs.

For DavidR and iroc9555:
So, what should be the problem? Is right what DonZ63 wrote? Or the cause is the unencrypted virus signatures into memory?
However, Can I stay quiet or I have to worry?

Thanks for the help!!!

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #11 on: July 05, 2011, 11:59:34 AM »
For iroc9555:
I have never installed Comodo AV on my PCs.

For DavidR and iroc9555:
So, what should be the problem? Is right what DonZ63 wrote? Or the cause is the unencrypted virus signatures into memory?
However, Can I stay quiet or I have to worry?

Thanks for the help!!!

MaxReed go to Comodo forum and ask someone IF they ever come across the same problem as you, and you might get an answer I don't think is related to Avast it might be Comodo FW unless your settings is not setup correctly. If your not a member please register and join it free ;)

https://forums.comodo.com/help-cis-b127.0/
« Last Edit: July 05, 2011, 12:02:58 PM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

MaxReed

  • Guest
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #12 on: July 08, 2011, 10:00:18 PM »
Ok I've asked about this problem on Comodo forum and they said that is a false-positive of Avast.I hope that Avast Team solve the problem.

Thanks to all!!!
« Last Edit: July 08, 2011, 10:02:26 PM by MaxReed »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #13 on: July 08, 2011, 10:21:49 PM »
Sorry, but I honestly don't see how this can be considered a false positive, you ask avast to scan in memory for virus signatures and it has done as you asked.

Avast as I have said isn't alerting on cmdagent.exe but the unencrypted signatures that it has loaded into memory.

I have no idea what question you asked in te comodo forums, but if it didn't ask 'Does cmdagent.exe (for defense+) load virus signatures into memory.' Then you won't get an accurate answer as I feel they are simply saying there is nothing wrong with cmdagent.exe, avast isn't saying it is infected, just that it is responsible for loading those signatures into memory.

As I said before:
Quote from: DavidR
So either don't scan memory in the custom scan or understand that you can get detections like this on other security applications loading unencrypted signatures into memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Probable Conflict between Avast! 6.0.1125 and Comodo Firewall 5.4
« Reply #14 on: July 09, 2011, 07:47:01 AM »
@MaxReed if I'm not mistaken if I understood correctly what DavidR saying I hope ??? virus signatures should not be loaded into memory by cmdagent.exe (for defense+), sometime this can cause problem to PC having to many virus signatures loaded into memory can slow down your PC so it shouldn't in most cases.

@MaxReed please check your Comodo FW setting for me please trust me I have been using Comodo FW for nearly 6 years from v3.0 to v5.4 I'm not using Comodo FW any more, I'm currently using Outpost. So go to Comodo FW in the defense+ settings:

1. Go to Firewall Behavior Settings and tick Create rules for safe applications

2. Go to Defense+ in general settings have you picked Create rules for safe applications

3. In Execution Control settings un-tick the following settings:
  • Perform cloud based behavior analysis of unrecognized files
  • Automatically scan unrecognized files in the cloud

4. In Sandbox settings disable Comodo Sandbox is not required while you have Avast sandbox running ;)

5. In Sandbox settings un-tick the Automatically trust the files from the trusted installers

6. In Monitoring Settings make sure you pick everything.

And reboot your PC after that go back to Comodo FW and go to More Options section right at the end

7. Run the Comodo Diagnostics just to make sure everything is okay

8. After Diagnostics go to Manage My Configurations and backup your Comodo settings in a different name and keep it in a safe place, just in case if the new Comodo FW version might come out in most cases you could loose all your settings everything and it easy to restore them back into Comodo FW.

And do another Avast custom scan the memory and I'm pretty sure everything should be clean out by cmdagent.exe (for defense+) ;)

Please let me know.
« Last Edit: July 09, 2011, 08:04:25 AM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip