CIS version 10 (fully up-to-date)
OS Windows 10 Pro (awaiting restart for one update)
File found in C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrustedInstaller.exe
Comodo flagged it, and not thinking about it, I added it to exclusions, because it said trusted installer. On a second thought, I tracked it down, and found it in that location with a file size of 440kb. I believe it is malicious, but when I looked in settings > Advanced Protection > Scan exclusions it’s not found in paths, applications, or certificate authorities. How do I remove it from exclusions, and tell CIS to quarantine this file?
Included screenshot shows details of the file. I compared details to the same file located in C:\Windows\Servicing\TrustedInstaller.exe and that file has a different original file name (TrustedInstaller.exe) where the file listed above has an original name of Installer.exe. Version numbers also do not match. The version number of the one located in C:\Windows\Servicing starts with 10.x not 8.x
You sure you added it to exclusions from the anti-virus alert? Can you go to C:\ProgramData\Comodo\Firewall Pro and attach the cislogs.sdb file? Also go to the file list and check what its rating is for the path of the the startup folder. Use the magnifying glass to search for the file path column.
I’m absolutely sure I added it to exclusions from that alert, and no place else. There was another file that popped up shortly after I ran the file listed above inside a Comodo container, which I didn’t add. That file has also since been removed.
the database you’ve requested has been attached in a zip file. the cause was probably added to my PC within the last few days, but there are a few things I’ve added, so tracking down what created this file might be difficult.
File rating for C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrustedInstaller.exe is rated as malicious by Comodo, but is no longer detected by scans.
Malwarebytes detected this malicious trustedinstaller.exe file as malicious, calling it Riskware.BitCoinMiner
EDIT: A restart of the computer (after running malware scans with multiple scanners to clean infections) not only removed the problem file, but also allowed me to remove the file from exclusions. Apparently, a restart was all that was needed to update exclusions. Devs might want to look into this.
According to your logs, it was detected and you choose to clean file which then caused it to be quarantined, then you restored the file from quarantine without adding to exclusions which caused it to be detected again, in which you kept answering ignore once until you selected add to exclusions. Then you tried to scan the file again which did not get detected as it was already added in exclusions. I know in some cases where CIS will ask you to reboot after using clean option to finish the cleaning process, did that happen and did you select postpone? If you did then maybe it bugged out from restoring from quarantine then adding to exclusions before the reboot.
It never requested a reboot. I added it to exclusions, so I could right-click the file, and then ran it in a Comodo container. After that, I tried to remove it from exclusions, so the AV could detect, and remove it. Since I couldn’t do that before a needed reboot (for windows updates), I removed it (and 1 associated file) another way.