Bug in Stateful mode of Realtime protection in CIS

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

A. The bug/issue

  1. What you did: I’ve downloaded the EICAR test file from here: http://eicar.org/download/eicar.com. Comodo’s Realtime scanner was set to “Stateful”. It detects the malware, but the file can be downloaded, appears on my Computer, and it is blocked from running.

Using the “On Access” option in Realtime scanner, the antivirus detects the malware and the browser can’t fully download it and the virus doesn’t really get into my computer.

It this the intended behaviour or a bug?

  1. What actually happened or you actually saw: It detects the malware, but the file can be downloaded, appears on my Computer, and it is blocked from running.
  2. What you expected to happen or see: the antivirus detects the malware and the browser can’t fully download it and the virus doesn’t really get into my computer.
  3. How you tried to fix it & what happened: I’ve switched to “On Access” setting.
  4. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: No
  5. Details & exact version of any software (execpt CIS) involved (with download link unless malware):
  6. Whether you can make the problem happen again, and if so exact steps to make it happen: It happens everytime in Google Chrome for example
  7. Any other information (eg your guess regarding the cause, with reasons):

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Attached
  2. Screenshots illustrating the bug:
  3. Screenshots of related CIS event logs:
  4. A CIS config report or file.
  5. Crash or freeze dump file:
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version. - Attached

C. Your set-up

  1. CIS version, AV database version & configuration used:
  2. a) Have you updated (without uninstall) from from a previous version of CIS: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+, Sandbox, Firewall & AV security levels: D+= Safe Mode, Sandbox= Enabled , Firewall = Safe Mode, AV = Stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 SP1 Home Premium, 32 bit, UAC disabled, Administrator account.
  7. Other security and utility software currently installed: None
  8. Other security software previously installed at any time since Windows was last installed: None
  9. Virtual machine used (Please do NOT use Virtual box): None

[attachment deleted by admin]

2

Previously I too have mentioned this bug. I dont know if it was corrected or not.

3

Stateful is an on-access setting. What are you really changing?
What you’re saying is the AV detects it but you allow it to DL and complain because it successfully DL’d the file? (CIS did prevent it from running, you stated).

No disrespect intended, this is how I am reading this.

4

With all respect to you, you have no idea about Comodo’s configuration or features. Please study this matter and then come with a solution :wink:

5

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post

  • B1. Screenshots of the Defense plus Active Processes List (Required for all issues).
  • C4. Have you made any other major changes to the default config?

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again

Mouse

6

I’ve made the required modifications. I really hope version 6 will not have this bug.

7

Us too! Forwarding now.

MOuse

8

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse