CIS don't remember my choice to ignore (in subsequent scans) a possible threat

Link to formatted bug report:;msg790460#msg790460

CIS v. dB 20375 - Windows 7 Ultimate SP1 64bit updated

I’m not entirely sure it’s a bug, because it was already present in CIS5. I’m more inclined to think that it’s my wrong approach.

When I make a scan of the entire disk at the end of the scan, is shown the report indicating the detection of a possible malware in C:\Users\MyUser\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe.

In two pull-down menu, are offered - as you know - the following choices: “Remove”, “Ignore Once”, “Add safe files”, Report as false positive" and “Add to exclusions”.

If I imposed the choice “Add to exclusions” (knowing that it is not a malware, and in any case making bear the consequences), for EACH next scan the message is always repeated.

What happens is correct, or should not be so ?

It is not correct, it should not be like this.
According to the Comodo Internet Security - Version 8.0 - English - help, in the section
General Tasks –> Introduction → Processing Infected Files

either of the choices “Add to Trusted Files” or “Add to Exclusions” should
permanently stop any further complaints about the file in question:

I can confirm that this also happened to me, when I was using CIS 8.0.

It also happened when I did not scan, but browsed with Windows Explorer to any folder containing a false positive file.
The AV was set to its default; “Stateful”, and so when the real-time AV looked at the file,
it created the pop-up window where it told me that it had found the file to be a threat.

Whenever I chose either “Add To Exclusions” or “Add to Trusted Files”,
the pop-up window went away, just to re-appear a few seconds later.

For me, the only thing I could do to stop these pop-up windows from re-appearing,
was to manually open the list of Exclusions;
Tasks → Advanced Tasks → Advanced Settings → Security Settings → Antivirus Settings → Exclusions

  • then add the false positive file to the list, and then click OK.

Thanks for your response :slight_smile: . . .
So you agree with me when I say that it may be a bug …

I considered several times the possibility of excluding declaring “false positive”, but so I thought I sent the incorrect information to the servers of Comodo. I did not say “false”, but only “not correct”, because as you know, there are some software that integrate some options not really malicious, but determined as such by some antivirus.

I remember that this issue was already CIS 5, so… I think that the development team of CIS should take care of …

Hi . . .

Please use the required format.
Also, the attached screenshot does not ilustrate your report very well since you did not select the mentioned action (“Add to Exclusions”). A video might be more suitable, actually.

Thank you.

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
? Yes: simply find an application recognized as suspected by Comodo during a scan. [Sorry for my bad google english :(]
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:? When the scan of the CIS is finished and CIS has detected one or more malware, you have five choices [single (per item) or global (unique choice for all items identified as suspects)].
2:? these five choices are: “Remove”, “Ignore Once”, “Add safe files”, Report as false positive" and “Add to exclusions”
3:? choosing “Add to exclusions” in subsequent scans the threat is always identified and are again proposed the five choices. Always.
One or two sentences explaining what actually happened:
? Quite simply: after selecting the choice Add to exclusions the element/elements for which I have decided to add to the exclusions and that the common interpretation of the choice, should no longer be detected by CIS, instead, every time you start a new scan these items (which should be ignored) are replicated each time.
One or two sentences explaining what you expected to happen:
? Very simple: if I decide knowingly to accept the risk, because I am convinced that the item is not a real malware, that is not really dangerous, or do not annoys me - for eg. - that the home of my browser is replaced by another, the choice “Add to exclusions” is one that should do for me. unfortunately it does not work as I expect
If a software compatibility problem have you tried the advice to make programs work with CIS?:
? Nothing to report
Any software except CIS/OS involved? If so - name, & exact version:
? The problem occurs with any software. For example, it can be reproduced with PowerISO 6.0 64bit (
Any other information, eg your guess at the cause, how you tried to fix it etc:
? The problem is not solvable. One way “hasty” and “perfunctory” would be to select the “Add files safe” or “Report as false positive”, but I do not seem to be the best choices and / or more correct …

Exact CIS version & configuration:
? v. dB 20407 - configuration attached . . .
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
? All: D+ (yes), HIPS (yes), Autosandbox (yes), Firewall (custom rules), AV (Optimized)
Have you made any other changes to the default config? (egs here.):
? No
Have you updated (without uninstall) from CIS 5 or CIS6?:
? No
if so, have you tried a a a clean reinstall - if not please do?:
? read on
Have you imported a config from a previous version of CIS:
? No… I make manually myself and verified manually step by step correctness, consistency, and congruity with new CIS
if so, have you tried a standard config - if not please do:
? I can try, but I’m not very convinced to do it, but I want to continue using my configuration
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
?- Win7 Ultimate 64bit SP1

  • UAC disabled,
  • Account Administrator,

  • Ali SEASONIC 80 Plus Platinum 1000W
  • MB Asus Z97,
  • CPU INTEL i7 4770K,
  • RAM Dominator® Platinum with Corsair Link Connector — 1_65V 16GB Dual Channel DDR3 Memory Kit (CMD16GX3M2A2400C10),
  • VideoCard Palit nVidiA GeForce GTX 770 JetStream
  • 1 HD SAMSUNG SSD 840 (O.S. and program)
  • 2 HD Western Digital Red 1TB RAID 1
  • 1 HD Western Digital Red 1TB redundancy backup
  • Liquid cooling for all…
    Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
    a=? b=?
    No… I use Only CIS. My Windows Firewall is disable.

ok done …

I’ll merge these so all the info is together and create a link to the formatted report if that’s OK

Kind regards


Thanks very much, that’s a good bug report. (I assume you use ? as a prompt not to indicate doubt).

But could you please append an export of your tailored configuration file (Settings ~ General ~ Configurations), as it may be needed to replicate this bug. Also please run diagnostics (Help ~ Diagnostics) and append the file.

(I realise one other person has found this, but I have not observed it on my system, so there may be a config difference.)

Then I will forward to Format verified and QA

Kind regards


Since a week has gone by and config file has not been appended im going to move this to incomplete. Once you attach the file requested we will continue to process this bug report.