I re-installed today CIS after many months of using PC Tools and I have now forgotten some elements of CIS, and the AV is blocking my PDF application. Appreciate any help please…
During opening MS Word which has on its toolbar a PDF editor known as “expert PDF 6” the Comodo AV alerted me that C:\Program Files\Visagesoft\eXPert PDF 6\TMSlite100.bpl was Backdoor.Win32.Hupigon2.ai[at]25572460.
I was asked if to quarantine or not, so decided to check this file on the web for more info. Whilst doing so the AV popup disappeared and I had no chance to answer the question, which would have been to allow the file since it is integral to this pdfeditor, so I think it is a false positive.
I checked the AV quarantine, but the file is not there, so not sure what the status is other than the file is shown in the AV events history as a successful detect, but not clear what has happened since not showing in quarantine.
Why am I asking? Well now I cannot open the pdf editor at all, it is blocked. When I disable AV then it opens fine. Why does Comodo AV not show a file as quarantined whilst clearly blocking the file, and how do I get the AV to unblock the file. I even added the file as a trusted one, re-booted, but still the same problem.
Any help appreciated, thanks
What happens when you add that file to the AV exclusions?
It made no difference when I added to exclusions, the pdf editor remained blocked.
Strangely though, I just removed from the exclusion, and now I can open the pdf editor - but AV again warning that the .bpl file is a backdoor. This time I opted to add to exclusions at this prompt, and so far the pdf editor is being alllowed to run without problem.
Any more glitches and I will report as an error.
This sounds like a false positive with the .bpl files.
I will move this topic to the false positive boards.
The false positive was fixed with DB 1744. Please check and confirm.
Works fine now, thanks.
I must admit, overall CIS is working more smoothly and quicker since last year, big improvement. Good job everyone.
Where can I see some effectiveness rates as well as get a clear overview as to what functions are included but others excluded, e.g. ■■■■■■ overflow protection and boclean were out last time.
You could have also navigated to the file itself and checked it’s properties. It would have shown that it was being blocked by another application and you could have removed the block that way. Just for future reference. ;D
I had the same thing happen with a file that also was a FP. I would tell it to quarantine but the file would never show in the quarantine list to be recovered. It was however blocked from opening. The really strange thing was that while it was blocked, a right click scan showed no threats. That was very strange. Oh yeah, it was also a Microsoft file, signed by them. Namely wmfdist95.exe which installs the 9.5 windows media codecs.