Author Topic: How should I interpret Autorun results?  (Read 1556 times)

Offline torbuk

  • Newbie
  • *
  • Posts: 13
How should I interpret Autorun results?
« on: May 09, 2017, 07:35:52 AM »
When I scan my computer with Autorun Analyzer, and select option to hide safe entries, I sometimes get message "there are no items to show", sometimes there are few entries marked as unknown, and sometimes there are 60+ marked as unknown. When I open AA several times in a row (I wait for scan to finish first), I often see different entries marked as unknown each time. When I ran AA in Windows safe mode (without network) there were exactly 63 entries marked as unknown each time.

It works similar for Kill Switch, only there are fewer entries.

How should I interpret such results? Are these files actually trusted/whitelisted by Comodo, and if so, why do they sometimes appear as unknown? Or should I post all 63 files for whitelisting (as I believe they are all safe)? Is there a possibility that some malware is interfering, and that's why I'm not seeing all the results?

This is purely technical question about how these programs work, because before I start help request thread I wanted to know what these results mean.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4090
Re: How should I interpret Autorun results?
« Reply #1 on: May 09, 2017, 09:54:55 AM »
Due to the unreliable nature of the internet sometimes packet loss and latency can affect the file rating cloud lookup results. So what is happening is every time you open autoruns or use killswitch, they will perform a hash lookup to determine each items file rating using comodos file lookup service and if the results don't come back for a particular file (packet loss) or it comes back too late (packet latency) then it will default to unknown file rating.

Offline torbuk

  • Newbie
  • *
  • Posts: 13
Re: How should I interpret Autorun results?
« Reply #2 on: May 09, 2017, 12:00:23 PM »
Thank you for your quick answer.

That explains why all 63 entries appeared as unknown when I was offline.

Can I ask for confirmation, that if a file is listed as trusted after some Autorun scans, but not every single scan, then it is considered trusted by Comodo?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4090
Re: How should I interpret Autorun results?
« Reply #3 on: May 09, 2017, 01:00:19 PM »
Thank you for your quick answer.

That explains why all 63 entries appeared as unknown when I was offline.

Can I ask for confirmation, that if a file is listed as trusted after some Autorun scans, but not every single scan, then it is considered trusted by Comodo?
Yes. If you want to be sure you could always submit the file in question to valkyrie.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek