Comodo is malware in itself

[Guest]

[akama1]

owh lol at first when i used to use comodo antivirus i thought that unclassifedmalware was some kind of sophisticated comodo technology in detecting malware.... never knew its from the database lol

[Chiron]

Heuristic detections have "Heur" and/or "Suspicious" label.
Unclassified malware origins from signature database.

pls correct me if im wrong 

This is correct.

[MJR1]

Only one thing wrong the unclassified malware and suspicious are all false positive at least they have always been on my machine.

[Chiron]

Only one thing wrong the unclassified malware and suspicious are all false positive at least they have always been on my machine.

It is true that they are most likely to be false positives, at least from what I've seen. However, they are also highly likely to catch new malware.

It's a trade off. However, I do think that Comodo still needs to work to reduce the number of false positives.

[robbie73]

ok,
Does anybody that has posted know how to temporarily disable components completely? without completely uninstalling CIS?
Nothing I can seem to do without re-starting safe mode and renaming/deleting cis related files will turn the thing off without uninstalling. It's a nightmare. It's altering/preventing my use of my pc with my files. Even with everything including hueristics and defense+ permanently disabled or turned off turned off.
 In avast, if i turn it off for ten minutes, it is off for ten minutes. Yes, i have to confirm i want it turned off via a UAC style prompt.. but that's perfect! CIS does an APPLE and tries to control everything...subvertly in some instances.  Like apple if Comodo is going to try that, then at least get it right.

Oh, a point of interest. Since i used a file which comodo FP on and gave it an "unclassified" status
the other day when i started this thread.. that same file now has a classification! funny old world. It was without for months. Unfortunately it should be considered at worst a PUP and not a trojan, and give the user the choice to ignore or quarantine ...


SO, tell me how to temporarily but completely disable the product you all claim to not be malware? I'm pleased to listen ...

[Chiron]

ok,
Does anybody that has posted know how to temporarily disable components completely? without completely uninstalling CIS?
Nothing I can seem to do without re-starting safe mode and renaming/deleting cis related files will turn the thing off without uninstalling. It's a nightmare. It's altering/preventing my use of my pc with my files. Even with everything including hueristics and defense+ permanently disabled or turned off turned off.
 In avast, if i turn it off for ten minutes, it is off for ten minutes. Yes, i have to confirm i want it turned off via a UAC style prompt.. but that's perfect! CIS does an APPLE and tries to control everything...subvertly in some instances.  Like apple if Comodo is going to try that, then at least get it right.

Oh, a point of interest. Since i used a file which comodo FP on and gave it an "unclassified" status
the other day when i started this thread.. that same file now has a classification! funny old world. It was without for months. Unfortunately it should be considered at worst a PUP and not a trojan, and give the user the choice to ignore or quarantine ...


SO, tell me how to temporarily but completely disable the product you all claim to not be malware? I'm pleased to listen ...

Right click on the icon for CIS (it should be on the lower right hand corner of the screen). From there you can select "Antivirus Security Level". Click on Disabled. Right click on "Firewall Security Level" and set it to disabled. Right click on "Defense+ Security Level" and set it to disabled. Right click on "Sandbox Security Level" and set it to disabled.

Also, open the CIS interface and go to Antivirus => Scheduled Scans. Then you can delete the scheduled scans, assuming these are also a problem for you.

If after this the components of CIS are not completely disabled then you likely have a problem with your installation or there is a bug specific to your particular configuration.

[robbie73]

Right click on the icon for CIS (it should be on the lower right hand corner of the screen). From there you can select "Antivirus Security Level". Click on Disabled. Right click on "Firewall Security Level" and set it to disabled. Right click on "Defense+ Security Level" and set it to disabled. Right click on "Sandbox Security Level" and set it to disabled.

Also, open the CIS interface and go to Antivirus => Scheduled Scans. Then you can delete the scheduled scans, assuming these are also a problem for you.

If after this the components of CIS are not completely disabled then you likely have a problem with your installation or there is a bug specific to your particular configuration.

Hi thanks for replying  Chiron. This is a fresh install download and installed yesterday to make sure i was not woroking with a faulty version. I did all those things before and it still picked up this file.

however, i will admit to a mistake of mine here. I thought i had gone from tab to tab in the antivurs scanner settings section and turn of hueristics. It appears that i should click apply before moving to a different tab. anyway after doing this, the file was not automatically quarantined and i was prompted to ignore or quarantined. but this was with EVERYTHING turned off according to your instructions above.

if everything was turned off it wouldn't have picked it up at all. oddly, when i it did prompt, it was then "unclassified". so hueristics give it a classification or trj ..etc etc , but dectection signatures, without hueristics give it 'unclassifed'. Again, this is with everything supposedly turned off.  This is a 64 bit windows 7 home premium installation.

[BoredNow]

There is one program that always sets off alarms with CIS when I update it (manually) - so I always temporarily disable CIS before updating - it always works for me.
Maybe there are remnants of Avast that is conflicting with your CIS installation...?
Just a guess.

As for CIS being malware, please stop with the drama - just ask for help - or leave a post explaining why you are uninstalling.
Being rude won't get you the help you need - on this forum or in real life - fyi

[Chiron]

Please try uninstalling all security programs. Then reinstall Comodo by following the advice given in Most Effective Way to Reinstall CIS to Avoid/Fix Problems. Be sure to read every step closely.

After this, and don't forget to run the programs to remove remnants of any other security programs you ever had installed, please let us know if the problem persists.

Thank you.

[robbie73]

There is one program that always sets off alarms with CIS when I update it (manually) - so I always temporarily disable CIS before updating - it always works for me.
Maybe there are remnants of Avast that is conflicting with your CIS installation...?
Just a guess.

As for CIS being malware, please stop with the drama - just ask for help - or leave a post explaining why you are uninstalling.
Being rude won't get you the help you need - on this forum or in real life - fyi

i have what i need. i'm giving feedback. I have not been rude. I have never had avast or any other AV or ISS on this machine since clean build.Comodo from scratch. so I'm certain that avast wouldn't be interfereing with the comodo . fyi I've never had two AV coexist on one machine because i'm aware of the implications.
Question: If a product behaves like malware, stealthily reporting personal information to data collection servers, disables the users ability to make decisions regarding their computers security, deletes files i consider safe without prompt as a default setting from fresh install, continues to scan when everything is supposedly disabled,intentionally or not. What label would you give it?
If you didn't know it was comodo i was talking, how would you label the software that behaved in the way I have described?

 

[BoredNow]

*borednow*

I noticed that you have a history of calling CIS malware.

From Nov 2010....
http://forums.comodo.com/format-verified-issue-reports-cis/cmdagent-consumes-100-cpu-for-long-periods-even-with-d-perm-disabled-nbz-t64943.0.html;msg457325#msg457325

If I were you I would have uninstalled CIS long ago...why do you torture yourself like this?

 

[spainach_12]

Let me try to address the original problem first.
I encountered a problem since the product that was detected by comodo. Nevertheless, I attempted to recreate the problem. Here are the results:

Huge memory consumption validated.
Automatic deletion of unclassifiedmalware unvalidated. It was quarantined. Not deleted altogether.
No prompts for file deletion after scanning through context menu unvalidated. Mine prompted for it.
Unable to stop service validated. Only when a scan is in progress. (Since you did say it was scanning at the time, I considered it validated.) Otherwise, I can terminate it with ease using Windows Task Manager.

Take note that the results may vary since the product in question is not the same.

Now let me try to address the problem presented (which is on the question of whether or not comodo is a malware as implicated by the title).

Please forgive if others have been rude. Allow me to voice out my own (opinion) on this. (Emphasis included herein were added by poster spainach_12)

i have what i need. i'm giving feedback. I have not been rude.

In a forum and generally when discussing products, feedbacks are constructive criticisms. Basically, it is information about a particular product regarding its use and results, in other words, an evaluative response. Opinions are welcome, but labeling is irrelevant and, at most, unethical. It's the same as labeling someone a criminal without a fair trial.

Question: If a product behaves like malware, stealthily reporting personal information to data collection servers, disables the users ability to make decisions regarding their computers security...

With this basis, nearly all products are considered malware. Likewise:

...deletes files i consider safe without prompt as a default setting from fresh install, continues to scan when everything is supposedly disabled,intentionally or not.

if it was not the intention of the software to do such things, then it has been misused or faulty. That doesn't validate it as malware. Malware was designed to intentionally do such things. Definition from Microsoft:

"Malware" is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al.) .

If you didn't know it was comodo i was talking, how would you label the software that behaved in the way I have described?

If it had not been known by both you and the members of this forum, then it would be labeled as probable malware, because identity is one of the criterias used to judge a program. If the product has no validated identity (by which I mean that it has not been tested nor a significant amount of testimonies and/or reviews of it is available), then it is more probable that it is a malware. But the fact is, the identity is established and validated. Then it falls under either probable misuse/faulty installation/incompatibility issues or false positive.

As had been mentioned before, since it is not the intention of the software to produce such a result, then there must be external factor affecting the performance of the product which may be misuse (when looking at the exclusions problem, you had said that comodo has already labeled it as a threat and would not let you restore it, if I understand correctly. This is most possibly because it had already created a rule for that file based on its configurations and prior use), a faulty installation/bug (if there was no prompt or it had already been properly configured, then it could be a faulty installation which may be due to the installer itself or the system. Or it could also be that there is a bug in the program. If you wish to help, see if you can reproduce the problem and post it on bug reporting. Updates also are problematic. I always do a fresh installation of comodo since updating it via the program itself makes the product unstable), a false positive (this is highly likely since it was already confirmed that the product is relatively safe. At the same time, this is least likely to be the cause of the bug or the other difficulties such as automatic deletion and huge memory consumption since this is signature related), or incompatibility (not with other programs though likely, but with the system itself. Mine for example. I have been using comodo firewall for a few years now on the same system. But reinstallation of either system or program may sometimes yield problematic results. This is because of hardware problems as I soon found out. Other systems also pose the same problem but can be easily remedied as I had done more often than not).

Comodo is not malware. I rest my case.

Hope I had been of some help. Good day.

[clockwork]

I hope you are sure that you didnt set up your other computer related things like "malware"

Before i use something, i make the settings. And of course i make sure that a program doesnt send things that i dont want. If it does still perform actions that i dont want, i will look, why?

When i would load malware, there isnt a setting. It has an intention beyond my consent.
You make fun of your problem with your headline. And you accuse others for your failures. "The program must be malware, because i can not understand the settings!"

Why not asking: How can i prevent comodo from sending files for malware analysis? How to disable auto quarantine?
People could answer to that question. But its very time consuming to discuss world-views, and strange thoughts next to it.

When you call a program malware, just because your setting doesnt correspondent to your plan, here is a car example :
You can call a car a weapon, because people who dont know how to handle it are bringing other people in danger.
Or you can simply learn the rules of driving.

If theres a problem, dont rant. Solve it.

Edit: According to your theory a lot of antivirus programs would be malware, if not all. Otherwise i had suggested you nice ones. Now, i would suggest you to run your computer unprotected, then you have to deal only with real malware. Or you should run your computer without any operation system. So you can be sure that no process does something without your permission.
Just tried to get to the point.

[clockwork]

I can set for example avast in a way, that it would automatically ERASE things, that it sends data to the cloud, that it never asks, that it scans online for pages which i am about to visit, that it scans LINKS before i even think about to click them, that files get send.
I can set it to erase whole archives if only one thing was found in them. If i dont look what i am clicking, i send all findings to avast.
Sorry if i missed something.
Some settings are opt in, some are opt out. The most settings which are opt out are enabled to let novices be protected.


BUT, this is not making avast malware. It would only prove, that my setting is wrong. Wrong in my case. Why are these settings in such a program? Because there are circumstances where people COULD have a benefit by knowingly choosing them.
Settings are serious and vital. Settings are part of good antivirus programs. Even those settings which you dont want, which you CAN disable in those good ones.

[robbie73]

thank you for you comprehensive replie spainach_12.  I too could argue a whole plethora of others quotes..
here's but one from a developer. : http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/

but thats pointless. it has the potential of never ending debate. Between developers, with end users stuck in the middle.  My argument with that is that If i choose to run a program, i should be prompted by the the program supposedly protecting me if i wish to continue.with huerstics enabled, comodo doesn't provide that choice. when i turn off hueristics and set all to disabled, then i am finallly prompted. note i have to disable everything ..including defense + which requires a restart and then go tab apply by tab apply to disable hueristics and even then, i am still prompted with a "do you want to continue". this is on every machine i tried comodo on. So why then, is it still prompting with everything disabled. It's intention might be good. but i turned it off. It's not possible to disable the service for "access is denied"
don't tell me thats settings. that malware. it'sown self defence module prevents a user form disbaling a service. the only choice is uninstall.
that's just one point. go deeper.. why isn't it showing me a detailed report of the data it is sending to data collection servers??  thats spyware. whats more... if turned off.. it will still send that data and create new connections to the web, this is already verifed by other users on this very forum.
It's MY machine comodo, my data. not yours.   

And i have not been rude. i don't dare be rude because all that does is invalidate my creditbilty. I have made no personal remarks about anybody. although i receive them. I remain solid on the point is comodo behave like malware and spyware. the default settings of uneducated users leave them vulnerable to exposing data to comodo and are also refused by the product to disable that data extraction. Many strong virus prevent other virus getting on their drone machine, because it raises suspicion and they both get detected. 
The only difference in this case is that you are provided with a uninstaller. (which may also be questionable given the products activities) 

[Tags:]