Avast! flagged install of Microsoft Update (08/09/2011) .NET as Untrusted

Running XP Home SP3 2GB RAM P4 2.8 Avast! 6.0.1203.

Have Avast! set to notify me when an installer or executable tries to modify a protected service or program.

This is an optional task, but one that offers more granularity and control over processes that may be running ATM.

Default setting w/o this setting is ‘Allow’.

I had about twenty or more alerts re a change to a service protocol. (Not using the computer ATM as below will explain.) Each dialog box indicated a .TMP file was trying to run and was trying to modify the service program XP uses to start needed services. I clicked ‘allow’ in each case.

When the XP updates were finished, I restarted the machine as asked.

Machine failed to complete restart and stalled when Secunia PSI was loading. Desktop and explorer were running but system hang was evident after ten minutes, as mouse was busy the entire time.

Force shutdown and reboot did bring everything back to somewhat normal, but still sluggish.

The following programs were affected:

  • Avast!
  • TrendMicro RUBotted
  • COMODO Internet Security v 5.5 Firewall only
  • Microsoft Windows Defender
  • Secunia PSI loaded but failed to connect to the Internet
  • Firefox 5.0

There were more than that listed above, but all were flagged by COMODO Defense + as either unknown or untrusted programs, and were sandboxed as partially limited, especially when Internet access was requested.

System file dates were changed from date of install to then current date of 8/10/2011 when I looked at file properties of these files. I have been running XP since February of 2010 without running into this sort of problem.

I have changed permissions for each of the above to trusted, but still getting flags thrown by COMODO. Programs are no longer sandboxed.

There was a brief power surge that occurred when .NET update was downloading, but I have an USP power supply that prevented the computer from shutting down or rebooting when this happened. Lights in my house flickered rapidly for about a second or so, then power resumed.

Any ideas?

mchain

You do not need Microsoft Windows Defender on XP Home SP3.

Mchain.

I have had Avast alerts when Net Framework patches are being installed by Microsoft updates. It seems normal if running XP. This does not happen for Vista or Win 7.

My reboot was without problems, but my PC BSOD next day (Wednesday) 15 min after boot. A hiccup, may be, caused by MTU (Microsoft Tuesday Update). Who knows !

I run Comodo (firewall/D+) and I have read and participated in many posts in its forum with complain about XP and freezing. I had to work to really train Comodo to my XP. A lot of files and programs being sandbox. Right now Comodo is running smoothly in Custom and paranoid mode.

May be something in MTU reset Comodo and it has to be re-trained again.

BTW there was a Comodo alert caused by MTU when installing; “update.exe” I do not remember if for firewall or D+ and I could not find it in my logs. This is the first time I get an alert by Comodo doing Microsoft Tuesday.

Good luck

iroc9555,

Quite right there re COMODO CIS and XP. Over at the COMODO forums, I attempted to work out the issue in order to be able to provide a guide or path for others to try or follow in case they had the same sort of problem.

Turns out you have seen this before. I was unaware of this.

If one wishes to view or peruse the thread, go here: http://forums.comodo.com/defense-sandbox-help-cis/numerous-sandbox-defense-alerts-after-m-updates-for-8092011-t75270.0.html

In the end, I had to cut the chase short, as one setting change really compounded the problems I was having with the impact of CIS on the system. It finally got to be too much.

I suppose if this OS was, say, Windows 7, and this sort of problem occurred, this work might be more relevant, but still, strategies and techniques one learns along the way, can help others.

Interesting thing was, even the video driver was affected, as text on the screen would have minute dots within the letters themselves and not be as sharp as they are now after image restore.

Mchain.

Yes, I have been reading your thread in Comodo´s. EricJH and Ronny could be right when they say that a corrupted update from Microsoft (During the surge) or a corrupted Comodo white list could have been the cause of your problems.

However keep in mind what I told you about Avast alerts when installing .NET files next Microsoft Tuesday. They will show up again.

Comodo, well, like I said; This is the first time an alert showed up during MTU, and I run CIS in Custom and Paranoid mode.

Regards.