a file was marked as a false positive and now I can't access

I have a .exe file which is a false positive (nod32 and others never encountered any virus/malware on this file). Somehow CIS changed the owner of the file in such a way that even the admin user cannot access it.

I have added exclusion (inside scanner settings) to all files in a particular folder and one of the files included is the one mentioned above.

any ideas on how to get my file back? and how do I make exclusions work?

thank you :slight_smile:

Hello jarthel, have you looked in the “Quarantined Items” section of CIS to see if said file is there.

Was the alert you received an Anti-virus alert or a Defence+ alert?

Have a look in Defence+/Advanced/Computer Security Policy/See if the .exe is listed in there and set to Isolated application, if it is highlight it and select Remove, then APPLY

Matt

I have looked at the quarantined section and it’s not there. :frowning:

I’ll try the other suggestions. thank you :slight_smile:

Comodo found another file :frowning:

This time the file appeared in “quarantine items” (under antivirus) and I decided to select the “restore” option.
My file cannot be access by anyone including the admin account! :frowning: I suppose the only way to get it back is booting to safe mode :frowning:

Could this be a bug?

Thanks again

Let Consider If Its Not A FP, Its A Suspected File And You Have Restored The File, If You Execute The File, The System Might Get Infected. So It’ Should Be Designed In A Way To Remove The Permissions Once Its Restored, So That No One (Even Admin) Can Execute It Even Accidentaly Until You Take Ownership Of The File

Why don’t you upload the file to VirusTotal and see what happens.

Whether or not the file has bugs or not, why won’t AV restore the file properly? What’s the point of allowing a restore if I still can’t use the restored file. With the 1st file, I actually created exclusion before fixing it.

Why won’t AV let the user take control of the system/files when the user specifically wanted control?

another file was found and it’s Perc6i drivers (executable winrar compressed file). now this file is useless (til I fix it) because restore doesn’t really restore.

You have to disable the AV in order to restore the file corectly.

I’ll try that.

But the workaround seems wrong since i’m exposing myself for that short period. :frowning:

ps. the suggestion work! :slight_smile:

I just encountered something similar with a DLL for the game Zen of Sudoku. One of its file, bass.dll, was flagged as ‘Heur.Packed.Unknown’, so I password-rar’d it and sent it in per the instructions here. I also think it’s silly that we have to disable and re-enable our AV to regain access to the files.

Edit: After further inspection, it seems that adding files to ‘Exclusions’ prevents you from accessing them until you restart the AV, however, if you add them to your Safe Files, then it doesn’t obscure any permissions.

I noticed this behaviour as well yesterday. To me this is a bug and moved the topic to the AV bug board.

I also have this problem. I recently had a file detected by CAV and I could not restore it from quarantine without disabling CAV.

It is a file which has never been detected before and I think that it IS a virus and I wanted to submit it to virustotal etc

Also, I want to upload to CIMA and see what it does and if it has infected me before when I was using a different AV. :frowning: