3.10 AV scans \\?\globalroot\Device\ paths instead of drive letter

Hi, everyone,

I recently added antivirus to my Comodo firewall and HIDS install (and upgraded the whole install from v3.0.25 to v3.10). On the first AV scan it called out a longish list of files as malware that I’m quite certain are OK. Since almost all of these were installer files in my D:\D-content\0-Install\ tree where I archive such things, I just said “ignore” the first time it asked me.

This entire archive tree on D: is backed up daily to my F: drive, which is on a different physical disk, and of course the scan found and called out all the backup copies of all the same files. I said “ignore” again.

Since then whenever the nightly scan runs it properly ignores all the files on the D: drive as it was told to. However it continues to report the copies on F: and it reports those files not with a path starting with F:\ but one starting with \?\globalroot\Device\HarddiskDmVolumes\BlockVolume1.

I continue to select (checkmark) all the harmless-but-reported-anyway files and click “ignore” every morning when there’s a new scan results report. They do all appear in the exceptions list, and the paths in the exceptions list also begin with \?\globalroot.. etc. when they refer to any file that Explorer sees as residing on F:.

Can anyone give me a hint why Comodo sees my F: drive only as a \?\globalroot\device, and doesn’t appear to be able to respond properly to ignore-list entries specified that way?

Thanks very much!

P.S. Comodo is v.3.10.102363.531 running on Win XP SP3. The D: partition is on a basic disk. F: is dynamic (but not part of any RAID), if that helps any. Disk Manager shows both drives as healthy. Chkdsk finds no errors on either one.

I guess the F drive is an external drive. CIS sees them by definition as not safe. That is because they can get connected and disconnected.

Did you install 3.10 with or without uninstalling 3.0? It is absolute recommended to uninstall the old one first.