Because it is stopping at the first detection in the memory block, not continuing to scan it. What is the point in reporting each and every signature it finds in that memory block loaded by the same process.
For the umpteenth time is isn’t an alert on cmdagent.exe, but the signatures it loads into memory. You are now aware that is what it is doing so you have two choices, don’t do a memory scan or b) ignore results for the memory block detections loaded by cmdagent.exe.
You are probably one of very few doing a custom scan (with memory), which is almost a paranoid scan as it scans everything, most of which is either dormant or inert and can safely be left to the resident on-access scanners. All of which I’m sure you already know from reporting it before and the topics you have read, I just can’t see why you need to run a custom scan including memory and probably archives as well.
The Quick and Full System scans are designed to a) only scan files that are at risk of infection or b) if infected present an immediate risk, e.g. executables, etc.
See the attached picture in the opening post of this query from February, 2010:
[url=http://forum.avast.com/index.php?topic=55354.0] Scan Results: Select the required action for each result and click “Apply”
I know.
cmdagent.exe is carrying out a process which loads virus signatures/fragments into memory. These signatures/fragments are then detected by avast!, which in turn throws up an alert over the apparent viruses it think cmdagent.exe has planted.
a) Turn off a legitimate threat-detection tool.
b) Just don’t question scan results in future.
“+130 million registrations and growing” …I always run a memory (and archive) scan as part of my ‘custom scan’ configuration. Why would I want to limit ways of detecting malicious code?
You and I once had an argument over the virus targeting option. I’d still use it if it were available.
Look, I know that cmdagent.exe hasn’t loaded full-blown viruses into my memory. I just wish that avast! wouldn’t randomly start telling me I have infected files. This is the third (or fourth?) time this issue has occurred with me. It’s every nine months or so, and it usually lasts until avast! issues a: “This VPS update contains only fixes to existing definitions or removal of false alarms.”
Look, I know that cmdagent.exe hasn't loaded full-blown viruses into my memory. I just wish that avast! wouldn't randomly start telling me I have infected files. This is the third (or fourth?) time this issue has occurred with me. It's every nine months or so, and it usually lasts until avast! issues a: "This VPS update contains only fixes to existing definitions or removal of false alarms."
This is a comodo problem and not Avast's if comodo uses unencrypted virus data then they will get caught. Avast can do nothing about this - it is a Comodo problem. If Comodo encrypted the data then Avast would not see it, Avast cannot differentiate between the virus signatures that Comodo is loading and the real thing
I’m not sure how it’s a Comodo problem. I don’t know why cmdagent.exe puts virus signatures into memory, but it does, and (apparently) always has. My firewall hasn’t changed since I installed it in June, and avast! was quite happily ignoring those cmdagent.exe processes until the virus definition updates of 8-Oct-2010 - (101008-0). Then avast! started reporting Process 11xx [cmdagent.exe], memory block 0x00000000023C0000, block size 4xxxxx > Threat: Win32:FakeVimes-B [Trj]. This is a problem which avast! has created by reporting things which it had previously ignored.
no need for me to start a new topic, i have avast 6.0 the newest version and i did a definitions update before i did a full scan of everything and it detected my cmdagent.exe(comodo firewall), as infected with Win32:FakeVimes-B [Trj]. and ya i told comodo forums about it .
i just did a virus total scan too and it said it was clean, i even did a scan of just that file with avast and it said it was clean, lol, but when i scan whole computer, then it said it was infected .
Kissbaby, I still receive the process [cmdagent.exe], memory block, Win32:FakeVimes-B [Trj], ‘high severity’ threat notification whenever I complete any scan which includes a high-sensitivity memory check.
I’m satisfied that Win32:FakeVimes-B [Trj] is merely a fragment of the actual virus which Comodo loads into memory as part of a legitimate process. It’s irritating to see it flagged with every Avast! scan, but I can live with it.
Please don’t post in multiple topics about the same thing, it just duplicates the efforts of those trying to help. I have replied in your other topic also.
Hey that’s a good idea Giogio, set exclusions to to memory scans from always detecting things that are harmless but that it regular flags.
I just ‘caught’ one of those Win32:FakeVimes-B [Trj] heavy alerts in AVG, I figured it was harmless but since it’s been a while since I discovered anything I could delete I did so and later checked that AVG is OK, which I keep for backup manual AV scanning, mkay.