CIS Test

CIS 5.9 Latest Test with Default Settings on real system XP SP3
No other security software
CTM Beta installed

I did a rightclick scan on 281 zeroday malware from last 7 days. Of which CIS missed 70 malware.

I run all 70 malware. Few were autosandboxed & I clicked block on all the D+ alerts.

After restart KillSwith showed no Unknown/Malware active processes.

After restart few changes -

2 files start automatically, rfw1973124 & Virtual-Families

2 desktop icons

1 msconfig-startup entry i.e rwf1973124

1 icon in C Drive, DelUS

Internet Explorer Favourite changed i.e chinese entries

21 files in Trusted Files of which 4 were scanned & found safe by cloud.

Attached are all the related screenshots.

Are the files safe or malware? In Trusted Lists coz of TVL or Internal TVL?

Can anyone check this? I have 21 files zipped.


File Link - hxxp://
Password is pass

[attachment deleted by admin]

Testing it will let u the results as soon as possible
By the way you used the stock setting right no change

your submited ‘21 files’ is all safe exclude ‘speeder.exe’

this file is re-submitted.

this is my analyzed result, COMODO Analysts’ opinions may vary.

I bet this file is safe, look at the first time it was seen on VT, 2006. And only 6 detections, only one of those vendors anti-vir is reputable and I can bet that it is a FP.

Ok i did the test on winxp 32bit updated till date 1GB of ram only CIS with default settings and time machine installed and these are the results

  1. half the files are installers and mostly signed by trusted sources that’s why they are trusted

  2. some files contain or download malwares during installation or execution and some are detected by CIS (see screenshot)

  3. most of the files are detected by other vendors (check malware link below)

  4. some files are not detected or are completely safe (check safe file link below)

  5. some files are unknown to CIS and are sandboxed (see screenshot)

  6. during the test the computers performance was not affected except for when “speederxp.exe” was executed inside the sandbox the computer came almost to a halt

No Detection or Safe files






Malware DEtection

















[attachment deleted by admin]

Yes stock settings. And I clicked block on each & every D+ alerts.


So 16 out of 21 files are detected as malware. Are these really malware? And they were in Trusted Files coz of TVL? Its very tough to check the TVL. There should be a search function.

Thanxx for the test.

Yesterday I was testing CIS Suite Free latest on real system XP SP3. I ran 50 zeroday malware.

And yesterday I came to know why executing malware test is better than rightclick scan.

Out of 50 malware Comodo AV detected 27 & the amazing part was Comodo Cloud AV detected more 10 malware, so thats 37/50. Same samples tested against Kaspersky IS 2012 26/50. Others got popups & few missed.

But the reason of the post is here.

While testing a full screen malware appeared. I wasn’t able to get to the desktop. I tried alt + tab but was not possible. I tried to open KillSwitch as I have replaced taskmanager with KS. It initiated but started behind the fullscreen malware. I wasn’t able to get KillSwitch on top of full screen malware. Then again I was trying alt + tab I saw Comodo Cloud AV alert & it appeared on top of full screen malware. 4 alert were there & I clicked clean & the full screen malware was gone, great work by cloud av.

Nothing including KillSwitch was able to be on top of full screen malware but Cloud Alert was which solved the thing.

How Cloud Alert was able to appear on top of malware?
Why KillSwitch was not able to appear on top of malware? In this situation how can I access killswitch so that I can kill the malware?

was this enabled in killswitch
option > always on top

This was not enabled.

I think this should be enabled by default.

Enabled this & checking now.

Hi Naren. Thanks for the test and yes it is daft not having on top in killswitch enabled by default as these full screen malware are sneaky little devils and its only common sense in my opinion to have it enabled.Can you imagine the bother a less knowledgeable person would have if he was infected by such and did not have it enabled.


I dont have the full screen malware now.

But I have the same malware, not full screen but rectangular window.

This malware does not allow me to take the cursor out of its window so I am not able to access KillSwitch when it is opened.

But if the KillSwitch position is not by the side of this malware window but on top of the malware then you can access KillSwitch & kill it i.e KillSwitch position should be on the top of malware when you open KillSwitch as the malware does not allows the cursor outside of its window & if KillSwitch position is by the side of malware when it is opened then you cant access KillSwitch.