Friend of mine inserted a USB drive on to my PC and CIS detected plenty of viruses but not all. After that viruses began to spread on to my USB and on to my other computers also protected with CIS. I removed CIS and installed Kaspersky internet security 2012 trial version and it found plenty of viruses as seen in a picture below.
PS: This is the first time since I have started using CIS some 2 years ago that my PC got infected.
Now I have inserted my clean (cleaned on PC 1 with Kaspersky) USB drive on to my PC 2 protected with CIS and return to PC 1 and Kaspersky detected following virus.
Montenegro here
I say it is unfortunate CIS failed in securing your PC.
Did you restart your PC to clear any sandboxed processes?
Is there anything in “My Pending Files”?
I have a lot’s of friends that use my PC’s, even when I’m not there, so that might have happened.
I’m pretty sure that my PC’s got infected from USB drives.
File Autorun.inf use to be deleted automatically when I had CIS 4, but when CIS 5 arrived it didn’t detect it as a virus any more. (I’ve already posted about that problem)
In my experience, CIS 5 just blocks autorun.inf but it does not delete it.
It just shows a popup in a corner about malicious file with red ugly bug
and that’s it, dissapears after several seconds…
Nevertheless I’m not talking about a D+ problem, I’m talking about a viruses that haven’t been detected. Only acceptable explanation for CIS to skip this many viruses would be that they are added to exclusions, and they where not.
I am confident that you already know that no antivirus is perfect and that there is no 100% detection rate or realibility, speaking from antivirus point of view.
It is a sad example of relying on signatures and also needing user submission of samples for analysis.
First few people do get burned in benifit of others.
My concern would be why Defense+ did not react the way it should be. It could be only two possibilities:
a) incorrect/poor configuration
b) incorrect/poor usage
Since various people have access to your computers I would advice to disable all autoruns for external devices and enable the sandbox. It is not in the way once you have made your D+ rules for the programs you normally use. That will make your system much more friends proof.
We may not exclude the situation here where D+ may have alerted but that your friends allowed things that should not be allowed. Other than that Comodo’s detection is steadily improving but it is not in the top league.