I have yet installed Comodo Internet Security 4.1 -
After installing and rebooting, I tested the AV against an Eicar file to check if it was working. It detected, and cleaned. So, I tested against some real Malware, some of them got caught by the AV Engine, and others were sandboxed.
So, I restarted, and everything was fine. No viruses in RAM.
3 Days after, I tested again on an Eicar file, the AV didnt detect it at HTTP download as it 3 days earlier(NO SETTINGS CHANGED!)
In fact, the EICAR file got Sandboxed, and I could see it in my Download Folder.
Please help me fix this issue! I had this problem with several other Products like…
There could be several issues here as I can see it:
1) Eicar can be tested by security as just a file included as a test signature only;
mainly most of the security (AV) will catch it… depending how you set it up
… meaning that most of them where “onAccess” is set will catch it;
2) The main Eicar test is not checking it just by the signature (when inactive), but when you execute it
So if you have feature as “onExecution” It will (should) block it as well and you will not see the message that Eicar suppose to display when you run it;
3) on x64 you cannot test execution because it is 16 bit application
I am not sure about the language but that is probably what your last image depicted
You still can execute it on XP 32bit though;
4) As I can see you are using Chrome (Am I right?)
What I found with few AV’s tested is: you will be alarmed during the download and file will be quarantined if you choose (or have that option set as “auto-”)
In this case the file will not be downloaded into your default location… but that is the case when you are using, say FireFox or IE (probably Opera… not tested by me)
… but if you are using Chrome - you have an Alert by security … at the same time you do not have the following “download / save/ run” dialogue for some obscure reason
… and the file will be downloaded into Chrome default download location anyway ???
I have no idea why & did not investigate that deeper than that because I am not using Chrome & not going to … just having it for some testing
Cheers!
p.s. Well , the title is " CIS …- Not finding anything"
Cannot comment on that since not using Comodo’s AV , but I have doubt that it is correct statement in any case … the download by Chrome can be a special issue as I tested & pointed above
i hope you didnt test on a computer that you are using, real malware.
comodo is there to try to protect you if you have unluck. you should not play roullette with testing malware.
i mean, what did you try to test? if its stopped, or if you get infected? and how would you decide, if you are infected or not, when something slipped through?
no benefit, high risk.
some people found fake antivirus products, that are installed even if “sandboxed”. just for example.
and comodo doesnt find the archived versions of eicar… it doesnt scan archives with the guard.
you can use comodo firewall, defense+
and for antivirus
you can use the free edition of avira.
works perfect together, scans archives, and has a lot of good functions that are missing in comodo antivirus.
i returned after tests always back to avira. before you think too much about comodo antivirus to become good, just let it develop and use until then one of the better products out there.
you dont have to pay for good protection.
avira free edition is only for private using!
go through the settings, activate expert mode (to get all possible settings visible). and disable the antivirus part of comodo while you use something else.
CIS does not have a “webshield” so it won’t check when it is actually downloading a file. It will only check when it is opening the file or opening a folder where the file is in.
May be the behaviour that you saw was that the eicar file got picked up when it was moved from a temporary download folder to the final destination folder.
Can you give us steps to reproduce what happened? What browser did you use? Is the browser cache cleaned before downloading?
it doesnt need a “web shield” that things are “catched” before the download is finished.
when i load the eicar file(s), it is catched before the download even was started. before i press in the firefox pop up on “ok, load it”, i get a virus message.
that is still before i could decide the download location… so it is not moved before detection.
using not comodo.
i hope comodo will be one day the best combination in itself
im a bit wondering… when you say, it is not usual to detect things before they are opened on the drive, how could comodo protect us against a website that is running a virus? without defense+ you are lost then? why is comodo then a standalone installable antivirus?
Despite some correct points, as I can see it -
like not scanning archives, which is indeed waste of time as any scan during the download… you are not executing yet anything & that can be just an FP & so on…
there ate few things that were missed:
the browser is Chrome as I can see it & posted the question about it (that’s what Eric asked again);
according to my tests some security that are scanning archives (compare to CAV) being downloaded
will fire the alerts. The user may choose to quarantine … but as I said if you use Fox or IE despite those are still displaying the standard dialogues about saving - the file (Eicar in this case) will be quarantined
That is not the case with Chrome as I can see it here
Please correct me if I am wrong, but I do not have any dialogue when using Chrome and confirming “Quarantine” … as a result the file will be downloaded into default location anyway.
another question that was asked whether CAV (that I’m not using) will stop the execution of Eicar (.com or .exe) and prevent its message about printing being displayed
the latter as I understand can be tested on XP … rather on 32 bit platform but not on x64 platform… therefore was my question about the message
It seems like that was the one depicted … about inability to run 16 bit Application
(can anybody translate it properly?)
Eicar is not a proper test in any case, but sure not the test for x64
1st despite Eicar is really very old / out-dated test and mainly unneeded test any more - most if not all AVs are still detecting it (just a tradition that will die soon)
Then, the issues that you were missing unfortunately:
[b]
[/b]testing execution (stressing!) Have you try to Execute it ?
Have you seen this message produced by Eicar:
“EICAR-STANDARD-ANTIVIRUS-TEST-FILE!” when you run it ?
That’s what has to be stopped
2) testing download … That is a separate issue… since different approach of scanning just a file (txt / com / dll / exe… it does not matter…) or scanning the archives;
3) the problem ( as I can see it) with Chrome itself - it will download the file even if some security will flag it during download & even if user choose to quarantine it
4) Finally - x64 platform & the Execution of Eicar
… the message - can you confirm the translation about 16 bit DOS Application ?
with eicar testfiles you dont test if your antivirus is catching an old virus.
you test with it, if your antivirus is running!
and when you use another product together with comodo, you are testing, if there are questions from defense+ left, before the guard can work right.
