Are unrecognized files submitted automatically? If so, when? And when not?

Sorry, I’ve just searched the FAQ and other topics but couldn’t find the answer.

Yes, they are. In most circumstances they are submitted almost immediately.

Despite their size?

I’m not sure if there is a maximum size. Are you having problems?

I’ve seen files that say they’re too large to submit.

Me too, when trying to submit manually. Though I don’t remember of having found any info about what is the limit. Besides, I never got an info saying that a file to be submitted manually had already been submitted automatically. This is why I got unsure about whether the auto-submitting was being done. Additionally, AFAIK, Defense+ docs says that an automatic submitting causes an automatic analysis at comodo, while a manual submitting causes a manual, human-made analysis to be done. Additionally, this manual analysis has more priority than the automatic ones. Am I right?

I think the file size limit is 10 MB.

There is no difference between submitting a file manually or automatically:

Unrecognized files are simultaneously uploaded to Comodo’s Instant Malware Analysis servers for further checks:

Firstly, the files undergo another anti-virus scan on our servers.

If the scan discovers the file to be malicious (for example, heuristics discover it is a brand new variant) then it is designated as malware. This result is sent back to the local installation of CIS and the local and global black-list is updated

If the scan does not detect that the file is malicious then it passes onto the next stage of inspection – behavior monitoring.

The behavior analysis system is a cloud based service that is used to help determine whether a file exhibits malicious behavior. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all actions that it takes will be monitored. For example, processes spawned, files and registry key modifications, host state changes and network activity will be recorded.

If these behaviors are found to be malicious then the signature of the executable is automatically added to the antivirus black list.

If no malicious behavior is recorded then the file is placed into ‘Unrecognized Files’ and will be submitted to our technicians for further checks. Note: Behavior Analysis can identify malicious files and add to the global black list, but it cannot declare that a file is ‘safe’. The status of ‘safe’ can only be given to a file after more in-depth checks by our technicians.

Src: Unknown Files: The Sand-boxing and Scanning Processes from the online Help pages.