Antivirus Quarantined Sample Before Allowing Chance To Ignore Detection [M1275]

1. The full product and its version:
COMODO Internet Security 8.0.332922.4281 BETA
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
virtual machine : virtualbox 4.3.6 r91406
I have seen this on both windows 8.1 x32 fully updated and windows 7 x32
and in real system :windows 7 x64
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration ,only change was to uncheck the option"Do not show antivirus alerts"
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Clean install
5. Other Security, Sandboxing or Utility Software Installed:
None
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Uncheck the option"Do not show antivirus alerts"
2: Then, I ran the sample. The sample was run in sandbox the sandbox, and then detected by the antivirus or the clouds. Next the sample was automatically transferred to the quarantine before the antivirus popup even came up.
3: After the antivirus popup comes up choose the option"Ignore and Add to Exclusions". However, note that the sample was not restored. It stays in quarantine.
7. What actually happened when you carried out these steps:
If I ran a sample the sample is detected by the AntiVirus and quarantined before I can even click on the option"Ignore and Add to Exclusions". Also, even after selecting that it is still left in quarantine.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
The file should only be moved to quarantine after the user has selected clean.
9. Any other information:
A video showing this behavior is attached to this post.

[attachment deleted by admin]

This is very strange. Can you please attach a diagnostics report to your first post? Also, if possible please create a video showing this behavior. I’m sure it would help the devs considerably.

Thank you.

[attachment deleted by admin]

Thank you very much. I made some changes to your first post. Please look it over and make sure that everything is correct.

Also, please attach a diagnostics report to your first post. Finally, send me a download link for the sample you used. Once I have the diagnostics report, and the download link for the malware, I will forward this to the tracker.

Thanks again.

Everything seems true, thank Chiron to modify the topic

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The issue has been resolved :-TU

I’m very happy to hear that. I have closed this entry in the tracker and will move this bug report to Resolved.

Thanks again.

The problem are back !!!

[attachment deleted by admin]

Ahmad, could you try going to Advanced Settings > Security Settings > Defense+ > Sandbox > Auto-Sandbox then find the rule that says Action - Block ; Target - All Applications ; Reputation - Malware, then right-click that rule and click Edit then click Options and now check if Quarantine program is ticked, if it’s ticked, un-tick it and try again, did that solve it?

(I’m wondering because I had the same issue and it was apparently the setting above that caused it for me, so figured it might be the same for you, maybe not but worth looking into)

Please note I messed up with the red color in the post above and I can not change it, it wasn’t meant to be red and it doesn’t mean anything! Just wanted to point that out so there are no misunderstandings.

The problem is not in the Sandbox rules, the problem is that a notification shows for a moment, and disappears.
I think that the rule No. 2 in the Sandbox unnecessary.

Did you try disabling the setting I mentioned? I had a similar issue that went away when I did. If you tried disabling it and the issue still persists then of course you’ve proven it doesn’t have anything to do with the setting but if you haven’t tested disabling it and testing again then please do as it would eliminate the possibility and would give a definite answer as to if that setting is interfering or not.

After disabling the Sandbox, the problem no longer exist
But this shows that there is a conflict between the cloud scanner and rules Sandbox

So is the issue essentially that sometimes (but not always) the sample is detected by the cloud before it is detected by the local antivirus?

If so, does disabling the option to “Do NOT show popup alerts” under the File Rating Settings solve this problem?

Thanks.

No,The problem arises if you disable the option “Do NOT show popup alerts”

Video to clarify the issue

Thank you for testing this. I have added this information to the tracker and will move this back to the formatted bug reports.

Thanks again.

Hello,

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.

Thank you.

fixed!

In that case, I will move this one to “Resolved” section.
Thank you.