Block threats

Hi all,

Just out of curiosity, if a user choose “Block Threats” in Real Time Scanning > Do not Show Antivirus Alert and found afterwards that CAV has blocked a file needed by one of his software and that it was a FP, how can he unblocked it?

Thanks

Boris

Have you tried rescan manually. Should provide you with options.

Ralph

Thanks oldCoCo3user,

I will shape my question differently. If a threat is quarantined, you’ll find it in the quarantine container. If a threat is blocked, my question is where is it to be found? Is there a container for blocked files?

If I’m not mistaken, your answer suggests that the threat is not really blocked if it re-appears with a manual scan.

Boris

i wonder if they get added to defense + block list under computer security policy

Hi wasgij6,

I was asking because in the international forum a user had a file automatically blocked by CAV which was flagged as .Heur.suspicious [at] 1. The suspicious file was one of his iPhone which wasn’t anymore recognized by iTunes. He uninstalled CIS (hence no more logs!) and iPhone/iTunes work as usual . He re-installed CIS and his iPhone again isn’t recognized hence my search to find where the file could be located and unblock it.

Boris

There will be no entry in the defense + blocked files. The file should have been in it’s original location as was in this case was download folder. Nothing prevents deletion.

As far as I know of there is nothing wrong with my installation. Don’t know the method of blocking. I don’t claim knowledge other than my having used this feature for a short period, and it reported blocked Eicar file.

Ralph

Hi oldCoCo3user,

I’m sorry if you felt offended by my answer, be certain it was not at all my intention. I’m just trying to better understand the functioning of the “block threat” feature.

Boris

At Boris:

I was not, and am not offended. Just being open that I am average user. I am just being careful not to give impression I am portraying myself to be very knowledgeable.

Ralph

If a file is blocked i will not be allowed o execute and yo can find i here (see screenshot)
You also need to add it in antivirus exception list so that it doesn’t get detected again
hope his helps

[attachment deleted by admin]

loverboy-lion,

I know the blocked file section of Defense+, but here I’m speaking of blocked threats by CAV. Are you positive that they go to the blocked files of Defense+? If yes, i have my answer. Wasgij6 also thinks that they go there.

I have tested on two different computers, and the file is not displayed in defense+ blocked files.

Boris3. Have you tried scanning the files manually, and then move it to trusted files from pop up? This works for me. I will be quite now.

Ralph

Thank you Ralph,

as soon as the user has re-installed CIS, I’ll tell him to do a manual scan and let you know if that works for him too.

Boris

Well Ralph, I won’t be able to confirm that it works for the OP because after re-installing CIS with deactivation during install of Cloud Base behavior analysis and the “do not show alerts”, his iPhone/iTunes work again. Thanks anyway.

I tried as you mentioned but couldnt unblock once antivirus has blocked and couldnt find the blocked file anywhere and the file refused to open it only opens when antivirus is disabled
Must be because i am using 5.9 must be working on 5.8 can anyone else conform

You are right. Despite being able to add to trusted files, or to exclusions list, I I could not do anything with file with exception to deleting. I get a notice saying I need Administrator privileges to access the file, but entering Administrator password does not unlock the file.

Maybe Devs can help here. Otherwise this is a dangerous setting. Man will probably have to uninstall, and reinstall his application with CAV block unchecked otherwise.

Ralph

I guess the file is just kept blocked at its original place for that session. Restart & check again.

And I guess Blocked Files under D+ is for manual blocking & moving files from Unrecognized Files to Blocked Files. Not for AV blocked & D+ blocked files through popups.

Thanx
Naren

Still blocked with restart. I also unchecked do not show antivirus alerts before restart.

Odd that version 5.8 manual shows enabled as default setting.

Ralph

Looks like a dead end here. The question was asked in Beta Forums.

https://forums.comodo.com/empty-t74771.0.html;msg534048#msg534048

There is no suggestion to using this setting here.

https://forums.comodo.com/antivirus-help-cis/new-alert-reduction-settings-in-cis-58-t77287.0.html

Maybe OP would like to have this thread locked.

Ralph

I think we could conclude that as far as we know when the “do not show antivirus alerts” is activated with the option “block threat” chosen, if a file is in the blacklist of CAV or found suspicious by heuristic analysis, it will be block silently and can’t be unblock by the user. The file will be automatically unblock by CAV if the file becomes recognized later as safe by CIS (FP for instance) and is moved from the blacklist to the whitelist.

Boris