CIS 5.8 Serious Bug Part 1 & 2 Merged

I tried to download & save some exe malware from MDL, AV reports quarantined but it actually didn’t quarantined them & they were still there in the folder. Antivirus event also shows quarantined.

I tried to download & save 17 malware of which AV reported quarantined for 10 malware but in the quarantine there were only 2 malware quarantined & the rest 8 were in the folder.

Opening the folder & a single click on those malware didn’t yield anything too. Right click scan quarantined them well.

Peformed with Comodo Dragon latest browser Incognito Mode on real system, no VMWare nothing.

Can anyone look into this. I guess a serious bug.

XP SP3 32 Bits
Only CIS Suite Installed (D+ Permanently Disabled)

Thanxx
Naren

Edit - Tried again & the same thing, so confirmed.

Tried the same links with Internet Explorer Inprivate Mode. AV reports quarantined then remove failed window appears for all the malware. Nothing in quarantine & nothing in the folder too where I tried to download & save the malware. Antivirus Events shows quarantine failure. So where does the malware go?

Some serious bug with the AV.

Edit - Few malware is not detected when I try to download & save them. Not even single click yield anything. Dont know if running the malware it will detect. Right click scan detects them.

For example this malware - <LINK REMOVED by moderator - please don’t post links to live malware>

If staff needs the link please PM me or an active Mod.

Edit - Reinstalled CIS.

Dragon prob is still there.

Internet explorer prob I kind of figured out. When trying to download & save malware CIS detects malware & quarantines it, a window appears do you want to cancel your download, if you click no you have to click no 3-4 times & the window disappears. Malware is in quarantine. But if you click yes on the window which I think is the right thing to do, the window disappears, no malware in the quarantine & CIS gives the window remove failed - Not all malware can be removed. Do you need a help of technician? I think this is a serious bug here.

Lets see if i can reproduce what u did hope there is really no bug and everything works fine or 5.8 will be a failure

Thanxx replying bro. Waiting for your reply.

Thanxx
Naren

Downloaded 30 malware through Dragon
CIS quarantined 21 malware successfully
CIS detected but failed to quarantine 1 malware
CIS could not detect 8 malware
uploaded to valkyrie detected all 8 remaining malware
even the file which CIS failed to quarantine was detected by valkyrie

Now testing with Internet explorer tested all the same 30 malware
25 out of 30 got detected by Internet explorer itself CIS did not give any pop up or any reaction
rest 5 were successfully quarantined

Note
Since when Did internet explorer get such good results even better than CIS in detection
anyways i guess this is a bug hope to report it
will try to replicate the error and post in bug section
P.S you are right naren CIS 5.8 Does pose this bug i guess the same bug was reported by languy in the beta
https://forums.comodo.com/beta-corner-cis/58-crashing-during-qurantine-t77037.0.html

[attachment deleted by admin]

Hi Naren, your example is self extracted archive with autorunning malware inside. CIS doesn’t unpack archives on access for performance reasons. So all the packed malwares won’t be detected on archive access, only on malware access or manual scan. Re quarantine: CIS quarantines unpacked malware, not an archive.

I tried 5 times with the same results.

CD - I hope you tried to save the malware with CAV enabled.

IE - I guess you tested on Win 7 which has different IE, so you will not get the window “Do you want to cancel the download” when you try to save the malware & CAV detects & quarantines it.

Thanxx
Naren

Thanxx replying. I am talking of pure exe malware & not any type of archives. I know how CAV treats archives.

Regards
Naren

Naren, the link you posted was also an archive, it did end on .exe but was just a self-extracting archive and is therefor not scanned.

Ok, so AV not detecting the malware is solved.

What about the other probs? Can you shed some light?

Thanxx
Naren

I guess uninstalling would be better for me as nothing seems of help. Installing Avast another favourite of mine.

Thanxx trying to help me frds.

Regards
Naren

Thanks for the explanation. I have one question. Do you mean with on malware access the situation where the malware gets loaded into memory?

Was any put into the sandbox?

MY friend this was a Realtime protection test like we have discussed CIS sometimes fails to remove detected file and gives an error stating Quarantine failed do u want help from geek buddy i could replicate the problem again and again
detection and removal was successful while in manual scan
Please Guys do sometimes Look and reply at the wishlists
I guess no one care about users wishes !ot!

Hey Frds

This was just a simple test on real system. No running malware. Simply downloading & saving .exe malware in a folder from MDL with CAV enabled to see how much it detects.

CD - Trying to download & saving malware with CAV enabled with Comodo Dragon, CAV catches malware & pops up malware quarantined. But when I check the folder the malware is there & quarantine is empty. If I dont run the malware just a single click to see if CAV detects it, it doesn’t. 5.5 use to detect malware if folder containing malware was open.

IE - Trying to download & saving malware with CAV enabled with Internet Explorer, CAV catches malware & pops up malware quarantined, & I get a window do you want to cancel the download with the option yes & no

Yes - if I click yes the window disappears & I get remove failed from CIS - not all malware can be removed, do you need a help of technician. N0 malware in quarantine & antivirus event shows quarantine failure.

No - If I click no the window doesn’t disappears & I have to click on no for 3-4 times & the window disappears. Malware is in quarantine.

I tried 6 times with the same result for CD & IE. I also tried unchecking Dont show popup alerts for antivirus thinking auto quarantine may have bug but the prob remains.

Checked the system with whole lot of scanners in normal & safe mode, nothing found.

XP SP 3 Fully Updated
CIS 5.8 Suite
No other security software
CD latest with no addons
IE latest with no addons

Thanxx
Naren

Sorry for another post but that thread was kind of dead as I wasn’t getting any help there.

Part 1
https://forums.comodo.com/news-announcements-feedback-cis/cis-58-serious-bug-part-1-t77374.0.html

The probs I have mentioned in Part 1

I think I have found the bug. If you guyz plzz check & reply.

The bug is in Stateful Scanner i.e when AV is set to Stateful Mode.

I set the AV on OnAccesss Mode & no prob was there.

Thanxx
Naren

Update - Sent a PM to a Dev, Slava Garelin

I have experienced and reported something similar (or same) during beta 5.8 testing.
There was no official response…

https://forums.comodo.com/beta-corner-cis/comodo-internet-security-582028762065-beta-released-t75462.0.html;msg539545#msg539545

Merged topics as there really is no reason to create two separate threads for the same topic. Doing so does not increase visibility.

Please do not create another thread about this same topic.

I read your beta post. Yes the same prob. But I face this prob with Comodo Dragon for all detected malware & not internet explorer. I face a different prob of remove failed for all malware with internet explorer.

I had also posted something similar at the time of beta but I cant find that post now.

Yes you are right. No official response was there at the beta time & no official response now.

I had sent a PM to a Dev. Lets see if I get any reply or any reply here.

Do you mean now with the final you are not having this prob that you mentioned in beta?

Thanxx
Naren

Naren, we are right!

The same behavior occurs in 5.8 final too.
I haven’t noticed it before cause I always use Proactive Security with AV set to On Access.

But now, when I switched to default settings, it happens again as described in my beta post.

So, devs…is it CIS or my virtual machine?

So you tried it on VM. I tried it on real system as I have mentioned in my posts.

As I was not getting much reply here, so just now posted this in Wilders forum.

Thanxx
Naren