Author Topic: why avast detects the process of comodo firewall as virus?  (Read 9831 times)

0 Members and 1 Guest are viewing this topic.

Offline Hellion

  • Full Member
  • ***
  • Posts: 138
  • Success is commemorated; Failure merely remembered
Re: why avast detects the process of comodo firewall as virus?
« Reply #15 on: August 11, 2011, 07:30:50 AM »
Hi Corsair,

It's not really a problem as this is only an issue encountered with memory scans and even after detection there is nothing you can do. (there is no option of deleting/Quarantining the detection)

I did try your suggestion now, I added the exclusions for both manual/auto scans and File system Shield, But this had no effect.

Regards,
Hellion

Offline Corsair

  • Jr. Member
  • **
  • Posts: 33
Re: why avast detects the process of comodo firewall as virus?
« Reply #16 on: August 11, 2011, 07:51:04 AM »
Just a query:

Do your avast! settings and file system shield exclusions look like the attachments below?
« Last Edit: August 11, 2011, 08:01:42 AM by Corsair »
avast! Free Antivirus
OS: Windows 10 Pro 64-bit - MOTHERBOARD: ASUS Maximus VI Formula (BIOS 0804) - CPU: i5-4670K - RAM: 16GB - HDD: 250GB SSD - Video Card: Gigabyte GV-N770OC-4GD

Offline Hellion

  • Full Member
  • ***
  • Posts: 138
  • Success is commemorated; Failure merely remembered
Re: why avast detects the process of comodo firewall as virus?
« Reply #17 on: August 11, 2011, 12:47:45 PM »
Hi Corsair,

Yes, they look EXACTLY like that.

It's very hard to screw something like that up :)


Regards,
Hellion

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85964
  • No support PMs thanks
Re: why avast detects the process of comodo firewall as virus?
« Reply #18 on: August 11, 2011, 02:10:24 PM »
Excluding comodo in avast won't make a difference in this case as:
a) this isn't an alert on any comodo file
b) is in memory, not a file or comodo location
c) whilst you can exclude a file from being scanned, you can't exclude its actions, e.g. in this case the insertion of unencrypted signatures into memory.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: why avast detects the process of comodo firewall as virus?
« Reply #19 on: August 11, 2011, 02:28:18 PM »
Well, I believe you probably could exclude the memory detection, but you'd need an advanced magic for that ;)
Let me know what exactly the detection says in the first column, I'll try to make the exclusion mask.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85964
  • No support PMs thanks
Re: why avast detects the process of comodo firewall as virus?
« Reply #20 on: August 11, 2011, 02:37:23 PM »
I think the simpler option would be not to do the memory scan as you have on numerous occasions, if it gets into memory it is a bit late ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Corsair

  • Jr. Member
  • **
  • Posts: 33
Re: why avast detects the process of comodo firewall as virus?
« Reply #21 on: August 11, 2011, 05:56:35 PM »
Ah. I see now.  :P

Just an FYI - it sounds similar to this: http://forum.avast.com/index.php?topic=78142.0
avast! Free Antivirus
OS: Windows 10 Pro 64-bit - MOTHERBOARD: ASUS Maximus VI Formula (BIOS 0804) - CPU: i5-4670K - RAM: 16GB - HDD: 250GB SSD - Video Card: Gigabyte GV-N770OC-4GD

Offline Hellion

  • Full Member
  • ***
  • Posts: 138
  • Success is commemorated; Failure merely remembered
Re: why avast detects the process of comodo firewall as virus?
« Reply #22 on: August 12, 2011, 07:51:06 AM »
Hi Igor,

This detection only occurs when you do  memory scan with "test whole files" option.

The detection reads...

File Name:
Process 884 [cmdagent.exe], memory block 0x0000000004b00000, block size 2097152

Severity:
High

Status threat: win32:fakevimes-b trojan

Hi Corsair,

Yes that thread has pretty much the same discussion going.


Regards,
Hellion

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: why avast detects the process of comodo firewall as virus?
« Reply #23 on: August 12, 2011, 02:19:36 PM »
You can set the exclusion (e.g. for the particular scan you created) as follows:
*PROCESS\*\cmdagent.exe
- then the Comodo process won't be scanned at all.

Offline Hellion

  • Full Member
  • ***
  • Posts: 138
  • Success is commemorated; Failure merely remembered
Re: why avast detects the process of comodo firewall as virus?
« Reply #24 on: August 13, 2011, 09:07:37 AM »
Hi Igor,

What about people that are not computer savvy? I think this it what the OP was getting at.

This never bothered me since I know that the Comodo process is not a threat, but some other people might be confused by it.

BTW, Thanks for everyone's input,

Regards,
Hellion

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: why avast detects the process of comodo firewall as virus?
« Reply #25 on: August 13, 2011, 06:10:28 PM »
A thousand kudos to Igor!

The *PROCESS tip works like a champ. I have added cmdagent.exe and mbamservice.exe to any scan that uses the memory scan option. No more signature alerts from Comodo and MBAM Pro.

Plese post this tip as a FAQ at the top of this forum for others.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8