Broken Option :- "Do not scan files larger than 20 MB"

I find a 20.8 MB file appears to be scanned.
Even a 700 MB file is scanned ! ! !

I have configured Manual Scan thus :-
UN-checked Scan Memory
Checked Scan archive
UN-checked Auto Update
Heuristics LOW
Do not scan larger than 10 MB

Also as above excepting 1000 MB limit.

When I use Windows Explorer to select a file, and right click, and choose “COMODO Antivirus”,
Nothing happens for 3 seconds, and then Scan Completed will pop-up,
and it tells me it scanned 1 object with a duration of 00:00:00.

There is a 3 second pause with a 00:00:00 duration when :-
Testing 20.8 MB file using 10 MB limit
Testing 20.8 MB file using 1000 MB limit
Testing 700 MB file using 10 MB limit
Testing 700 MB file using 1000 MB limit

It seems to me that :-
“Do not scan files larger than …” is ignored when manual scanning ; and
It takes the same time to scan/not-scan for both a 20.* MB and a 700 MB file.

Please advise.

Alan

Does the same thing happen when you activate another configuration under Miscellaneous -->Manage My Configurations?

What happens when you load a back up configuration from the CIS installation folder (give it a new name like Comodo Internet Security Test or so)? Does the same thing happen?

I changed from Proactive Security Security to Firewall Security and observed that Antivirus Security Level remained at Stateful.
I then set Antivirus Security Level to Disabled.

I still get the same 3 second pause before the pop-up announces Total Objects scanned “1”.

Is this “Do not scan files larger than …” intended to apply when I select a specific file for scanning ?
Or is it only a filter to bypass the larger files when I select a folder or a group of files for scanning ?

I am using 3.14.*.587 with XP Home edition SP3.

Until just now the settings have all been the installation defaults,
and I was surprised to see that “COMODO - Firewall Security” Configuration had Anti-virus set to Stateful.

Regards
Alan

The ERUNT registry backup holds files that are 20.87, 12, and 9 MB, plus another 13 off that are less than 1 MB.

I have now observed that when I select today’s ERUNT backup parent folder and right click and scan,
After 3 seconds I get the pop-up which says it has scanned 16 items and a 00:00:00 duration.
It does this regardless of whether I set the “… larger than …” limit to 1 MB or 100 MB.
It makes no difference whether Heuristics are High or Low,
It makes no difference whether “AV Security Level” is “On access”, “Stateful” or “Disabled”.

Conclusion - When I select a file of folder in Windows Explorer, and right click and choose “COMODO Antivirus”, every file is scanned regardless of whether the configuration parameters should have excluded it.

What use are the Manual settings ?
Is it intended for something other than right click - e.g. does it only apply to the “Run a Scan” menu ?

Today I observed that Process Explorer saw CAVSCAN activate during the scan,
and did not terminate until I closed the pop-up.
Although the pop-up said a duration of 00:00:00,
Process Explorer said that it consumed 2.864 Seconds CPU Time

When I selected one off 168 KB file and scanned it
Process Explorer said that it consumed 2.864 Seconds.
CMDAGENT is shown as taking no CPU Time

QUESTION Is CAVSCAN responsible for the real-time scanning ?

When the computer starts-up I get control after about two minutes, but the CPU Time of all the processes (including System Idle process) is only about 1 minute.
There are 60 Seconds of “Alien Abduction” of which it has no recollection.
Is it likely that start-up includes the launch of 20 or 30 executables that caused Comodo concern, and for each of them CAVSCAN did its thing and took 2 or 3 seconds, and those 2 or 3 seconds would have been seen by Process Explorer if cavscan.exe had not closed down.

Ouch - that hurt - you never warned me ! ! !

I disabled Virus Signature Updates for two reasons :-

  1. To prevent CPU spiking due to unexpected updates from delaying my keystrokes in some buffer;
  2. To avoid variations in performance due to “improved” signature databases having different speed.

So I switched to a different configuration, and whilst also working on my ERUNT problem I saw cmdagent taking almost no notice of the ERUNT backup - and then suddenly it went ballistic. I was in a “Northern Ireland” type power sharing conflict ! ! !

When I disabled automatic AV signature updates, I did this for “Real Time”, “Manual”, and “Scheduled” scanner settings - but only within the “Proactive Security” configuration. What I had NOT expected was that changing to a different configuration the Scanner Settings reverted to the previous default and it sneaked one in - actually it sneaked in one hundred updates - everything since last Monday ! ! !

Adding extra insult to injury - another CPU spike - the new configuration let CFPupdat.exe run loose again.
/rant end

I sort of understand that there is a twisted logic that AV settings are applied only to the active configuration.
SO WHY DOES A SETTING APPLY TO ALL ? ? ?
I am referring to the “Do not scan files larger than …” option.
Whatever I apply within the Proactive configuration is also applied in the “Firewall” configuration.

It is a strange feature that each Scan Settings may be altered separately for each configuration,
with the exception of the “Do Not Scan …” limit. Should this be added to the BUG LIST ?

Regards
Alan