CIS misses some samples often, a reinstall fixes it

[Guest]

[Ronny]

I do not think so...

Since, they are sometimes detected as soon as they are extracted, sometimes only detected during a manual scan.

Do you have a sample to share?

[SivaSuresh]

I am having to come back here often, although I definitely do not want to...

It happened once again. I was just checking some samples that I suspected to be virus on my friends system. I checked them with Valkyrie and Virustotal and found them to be malware. I submitted them to Comodo through Forum and was awaiting the detection.

Lately, after a week from submission I found that they are not still being detected  by my CIS. I thought of resubmission, but accidentally checked again on Virustotal. Surprisingly (the usual/regular surprise for me though) they are all detected by Comodo in Virustotal.

I rescanned those samples again and they are not being detected by CAV on my system.

After a few trials I realised that it could be the old issue, so I opened the Trusted Files list. YES, they are there sitting happily in the list. I am very much frustrated by this...

I removed them from the list. They are now being detected, except one sample.

I could not figure it's entry in the Trusted Files list. There is no search facility in the list either for easy verification and we do not have SHA or MD5 search in case the file exists in the list with a different name.

I am still trying to figure out a way to get it detected by CAV which already detects on all other systems.

Finally, I am very much disappointed with this behaviour of CAV.

I do not still understand why or how it can add or allow a known malware to the Trusted Files list.

I am planning to start a new thread questioning this behaviour with a poll. Please vote if you also want this to be corrected in future versions.

[Ronny]

Also can you please send me
C:\Program Files\COMODO\COMODO Internet Security\database\trusted.db file when this happens before deleting the sample from the trsuted list. LEt me see the source of it.

Did you happen to save a copy of that file before removing them from the TVL?
This can point Egemen to the reason why the files are there...

[SivaSuresh]

Here it is. I made a new topic just explaining this situation in detail. I created a poll too.
https://forums.comodo.com/antivirus-help-cis/isolate-cav-from-d-trusted-filesav-exclusions-and-trusted-files-are-different-t84864.0.html
Please vote.

Did you happen to save a copy of that file before removing them from the TVL?
This can point Egemen to the reason why the files are there...

If you mean the samples then, yes, I did. If you mean the TVL, I did not. I will try to reproduce the issue and save the trusted.db too for reference and analysis.

I can send the samples if you or egemen want them for verification.

By the way, is there any news on proper implementation of "Search functionality" in CIS lists.

I am still unable to find one file in the list that is not being detected by local CAV. (Virustotal says that it is detected by CAV as a Trojan)

[SivaSuresh]

Did you happen to save a copy of that file before removing them from the TVL?
This can point Egemen to the reason why the files are there...

OK, I could reproduce the issue just by scanning those files and clicking "x" in the results windows without taking any action. I did not select "clean" or 'ignore", I just closed the window. The samples happily entered the Trusted files list.

I now have the trusted.db and the samples too.

I am cleaning the list again, I can send you the files if you need.

[kail]

.. By the way, is there any news on proper implementation of "Search functionality" in CIS lists. ..

You do realise that all CIS file lists have search functionality now? It's not great, but it does work. Click on the top title of the list, type "c" (or whatever drive letter the app you're interested in is on), select the file you looking for from the alphabetically sorted drop-down list and hit return. It takes you straight to the selected file in the list (if it's there).

[SivaSuresh]

You do realise that all CIS file lists have search functionality now? It's not great, but it does work. Click on the top title of the list, type "c" (or whatever drive letter the app you're interested in is on), select the file you looking for from the alphabetically sorted drop-down list and hit return. It takes you straight to the selected file in the list (if it's there).

To be more accurate and appropriate and honest, it is called "filtering" and not "search".

But, yes. it works in most cases.

Unfortunately, my file is not in the list, which means I now have some other issue...besides the existing one...

[Tags:]