Author Topic: Why does Comodo keep asking to restart when it cleans something like a virus?  (Read 702 times)

Offline cheater87

  • Comodo's Hero
  • *****
  • Posts: 700
I downloaded malware in a zipped file, I unzipped it and it was detected after I did a right-click scan, then Comodo asked me to restart the computer, it hasn't done that before.

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2827
  • Security Saskquatch
Was anything run inside the container? Have you tried "Reset Container" under Tasks>>Containment? Is it in Quarantine? Have you tried manually deleting the .zip file if it hasn't been removed by CIS? I'd try resetting the container and deleting the file from Quarantine to see if that works.

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline cheater87

  • Comodo's Hero
  • *****
  • Posts: 700
Nothing was in the container I downloaded the zip file, unzipped it, ran a right click scan, took a bit longer than usual, AV is set to quarantine for that and then when it finished it asked for a restart.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26213
Assuming the file has a specific signature the removal instructions that come with the signature may require the reboot. If the virus would be allowed to run and it would install a kernel mode driver, to facilitate some form of cloaking, then a reboot is needed to remove that driver as with all kernel mode drivers.

Offline cheater87

  • Comodo's Hero
  • *****
  • Posts: 700
Assuming the file has a specific signature the removal instructions that come with the signature may require the reboot. If the virus would be allowed to run and it would install a kernel mode driver, to facilitate some form of cloaking, then a reboot is needed to remove that driver as with all kernel mode drivers.

I never run them, I just scan.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26213
We can't assume when a virus gets seen either by a scan or upon execution it may already be running before CIS got installed with a rootkit component blocking CIS from seeing it; we cannot assume the system is clean. You may know it to be clean but the program cannot assume.

The reboot indicates the malware may be self protecting and/or having a driver running. The former may need a reboot the latter requires a reboot.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5208
Some cleaning routines require reboot while others don't and it more than likely has to do with what was detected, so certain signature detection have reboot action as part of its cleaning routine.

Offline somerandomcat

  • Comodo Family Member
  • ***
  • Posts: 61
Seems to be a good feature in the long run, but I wonder if whoever added the signature left some instructions out of what memory processes to check for, or if including those instructions isn't practice, and CIS just always 'plays it safe'.

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26213
I guess CIS always plays it safe. It is better to err on the side of cautious than to run the risk of leaving a trace behind. Some malware are capable of resuscitating its self when a running executable gets left behind.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek