comodo update false positive??

Discussion in 'ESET NOD32 Antivirus' started by dr pan k, May 22, 2008.

Thread Status:
Not open for further replies.
  1. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    just got this. kind of strange..dont think that comodo updates r dangerous.

    using 3.0.650 with signature 3120. anybody else with the same fp?

    22/05/2008 12.58.36 HTTP filter file http://eu3.download.comodo.com/cfp/download/updates/release/x32/cfp.exe probably a variant of Unknown virus connection terminated - quarantined Threat was detected upon access to web by the application: C:\Programmi\COMODO\Firewall\cfpupdat.exe.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're on the ball, the problem is being investigated and should be resolved shortly with a newer engine update. If some files have been mistakenly quarantined, you can restore them manually.

    We apologize for the inconvenience.
     
  3. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    ok marcos. tnx for the fast response. im sure eset will come up with a quick solution. :thumb:
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The problem has been identified and fixed with update 3121. It was not actually a typical false positive caused by signatures or heuristics, hence it took us some time to figure out the cause.
     
  5. grumbledook

    grumbledook Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    This patch comes to late for me. My system froze several times due to the ESET vs CFP battle. (I couldn't do anything. The system hung immediately. Right after login the NOD32 warning popped up.) After all those hard resets I had run chkdsk and it turned out that the repeated freezing and resetting damaged the file system. The repair is still going on but I don't know if it will be successful. :doubt:
    EDIT
    chkdsk is replacing security tags for *each* file with the standard tag on my system now! Thank you, ESET, well done!
     
    Last edited: May 22, 2008
  6. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    Marcos, I have an open case against this issue but experienced the lockup scenario described by grumbledook. After I gained control of the system from SAFE mode I have disabled NOD32 services completely. How exactly am I to download update 3121?

    Also, is there anything in this problem related to XP SP3 which seems to be giving some other AV vendors major fits?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unfortunately I'm not from the US so I don't have access to your case. Generally deleting the content of the "C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon" folder (or C:\Users\All Users\Application Data\ESET\ESET Smart Security\Charon on Vista) should help. After booting to normal mode and updating to the current version (v. 3122 should be available within a few minutes), everything should work fine.
     
  8. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    Well, the use of "Charon" as the folder name is certainly appropriate.:mad:
     
  9. webbasica

    webbasica Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    11
    Had to uninstall nod32, really annoying.

    I'm thinking about going back to v2.7, I remember it was not that buggy.

    (another case)
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In this case it was a bug from v2 which caused the problem with v3.
     
  11. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Hmm, that's nice. Are v2 users also at risk then?
    What was the bug exactly?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, this problem would not occur with v2. V3 is not affected any more.
     
  13. webbasica

    webbasica Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    11
    It doesnt make any sense, the bug is from v2, but somehow v2.7 it's not affected?

    By the way, I uninstalled nod32 v3 2 hours ago ... you mean *now* everything is ok?
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Right. The problem was fixed with the update 3121. Should the problem persist on someone's computer, download the latest update and restart the computer.
     
  15. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    OK, but is it possible that this same bug will cause problems for v2.7 users in the future?
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, it shouldn't. Despite the bug, these situations are handled correctly in v2. V3 has this problem already fixed.
     
  17. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Thanks Marcos. :thumb:
     
  18. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    So just to be clear, please, Marcos. What are users of NOD32 AV-only product supposed to do? The Security suite recovery instructions did not reference one file or folder other than the appropriately named "Charon" that I could find on my machine.:blink:

    As it stands I have the ESET service disabled, the ekrn.exe version is 3.0.621.0 and the installation is configured to seek out updates upon startup. Should a user in this situation uninstall, and reinstall; or simply re-enable the service?o_O
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  20. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    Thank you Marcos. I restarted the service after deleting files in Charon with NDB and NFI extensions. I restarted the GUI, updated the signature and rebooted.There was an awful lot of disk activity for about 10 minutes after restarting, but everything seems OK.

    I had to disable the service because the system would freeze almost immediately after the false positive and an abend in ekrn.exe.

    Thank you.:thumb: ::cool:
     
  21. webbasica

    webbasica Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    11
    Actually, when I uninstalled, the base was 3121 and everything was sluggish.
    I had to boot on safemode, uninstall nod32 and now no problems at all.

    Please check what you are saying.

    Either way, I'm going back to v2 ... MUCH better
     
  22. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    i wouldnt step down to v2 if i was in your place webbasica. v3 is much better in terms of safety and not only.

    for me updating the signature database didnt help at all but by deleting the content of the charon folder like marcos said did it!!

    everybody having problems with comodo or msn live messenger should try exactly what marcos said.
     
  23. webbasica

    webbasica Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    11
  24. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    this problem with wmp seems pretty strange. have you contacted eset??

    anyway its up to u to choose the best 4 your pc. i liked v3 since the betas and havent changed it since (took me huge patients). the bug reported in the last days is something extraordinary, dont believe it has to do with v3, could hapen to all versions.
     
Thread Status:
Not open for further replies.