TDIMon conflict, sudden reboot, Web Shield blockin the connection??

Avast Free Antivirus / Premium Security
1

I started the TCPView to check the ports. I closed it and then started TDIMon. Suddenly my connection stoped (I wasn’t disconected, just there was no transfer of data).

I closed the TDIMon, but still the same thing. When I tried to run it again there was the message that you can’t open two programs at the time (but there was nothing in the memory - probably some mess with drivers). During that time avast displayed message internet connection time out - continue waiting - Y/N.
I rebooted a couple of times and then everything was normal, until I opened TDIMon again. After couple of minutes occured instant reboot.
After reboot connection was again with no traffic, so I tried to disable the firewall, nothing! Try to disable the avast resident providers and immediatelly connection was ok again!

I’m afraid to use the TDIMon again :slight_smile: :-[
Anyone?

P.S.I posted on Sysinternals Forum as well…

Windows XP SP2
avast! Professional
Zone Alarm Free
System Safety Monitor
Mozilla Firefox 1.5
Mozilla Thunderbird 1.5

2

I too have encountered problems with TDIMon used with avast intercepts active.

I reported this back in May 2005 and tried to raise a general inssue on port intercepts … though I probably did it in a way that confused too many issues at the time. There was no response from the avast team at that time.

I’ve even managed to get some blue screens with both TDIMon and avast together so I avoid TDIMon now.

3

Very interesting issue /conflict nice to know what the answer/problem is ??

4

Hello alanrf, tednelly.

alanrf, do you know what is the difference between the TCPview & TDIMon, in general? Never got to compare & now I’m afraid to start those programs.

5

Sorry Zagor
I only know what I have read on sysinternals about TCPview & TDIMon. I have been using TCPview for quite some time as an added secuirty tool to see whats happening when connected to the net only one computer mine. I consider TDIMon to be of most use in a networked enviroment

6

I think the basic difference is:

TCPView gives you a (very frequent) periodic snapshot of the state of your current network connections. It just displays the state of the connections and does not get involved the real time activity of the connections.

TDIMon reports on the real time activity on your network connections, which requires it to intercept that activity to analyze and report it as it happens and so it is much more invasive than TCPView.

I use a function called ActivePorts in place of TCPView and an open source product called Ethereal in place of TDIMon for tracing real time network activity. So far, I have encountered no conflicts between avast and Ethereal.

7

Zagor, you said that an “instant reboot” has occured. During this reboot (which should be a blue screen with automatic restart) a minidump should have been created in your c:\windows\minidump folder. Can you send me that file? We can have a look what is happening there.

TDIMon filters TDI API calls (I believe by hooking the functions) and you have several beasts running on this interface, including ZoneAlarm, Avast Network shield a probably some redirects for WebShield and Internet Mail via aswrdr.sys and TDIMon has certainly some problems unloading itself since it was not able to load again… well, let’s see the dump.

8

alanrf, precise & to the point, thank you.

Lukor, you are right. Check your mail…