New to CIS5 -- Heur.Corrupt.PE on MSIxxx.tmp files?

[Guest]

[kaborka]

I just installed CIS5 for the first time and ran a scan.  It reported problems in \windows\installer\ files with .tmp extension.  Before, I was using KAV, which detected no problems. 

Questions:
1) What does Heur.Corrupt.PE[at]-1 mean?
2) In general, how can I look up the definitions of reported warnings?
3) I saw only a button to Disinfect or Quarantine all detected threats.  How can I disinfect one file only?  Right-click did not work.
4) When I tried to pause the scan to do some work, I got a popup message: "Pause failed.  Error 0x800705aa Insufficient resources to perform action."  Same with Stop.  Why?  I had to reboot.

[EricJH]

It is a detection by heuristics.Did you set the Heuristics of CIS to high? That is not recommended as it makes CIS awfully chatty. What happens when you set Heuristics to the default low?

3)Are you talking about the result screen you get after a manual scan? You can select individual files using the checkbox

4)Sounds like the scanner may have crashed. Are you willing to report this as a bug?

Please file a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Also follow How to determine which file is causing a manual scan to hang  to determine what file was causing the scanner to be hung. Please add this information to your bug report.

[kaborka]

Heuristics are set to Low.

The flagged files are listed in two places:  Antivirus Events screen and on the Log Viewer, which is accessible via the "More" button on the Events screen.  Neither screen has check boxes next to the individual files, nor responds to right-click.  So how can I disinfect individual files?

And where can I find definitions of the various AV result codes such as Heur.Corrupt.xxx and Heur.Suspicious.xxxx?  I searched the Comodo website, but nada.

[Tags:]