CIS4 keeps warning me about the same FP I add to Exclusions/Safe Files!

This is really frustrating… Why won’t CIS4 accept that a file is safe and stop bothering me every time I move it to a new location? AHHHHHH! It’s the same EXACT file just in a new location (or in the process of moving) and CIS4 will keep notifying me no matter what I do! I could see if the file itself had changed somehow, but if it is just in a different folder, then I should not have to keep hearing about it!

I don’t really know what the difference is between Add to Exclusions / Add to Safe Files, but I have tried each one and neither permanently ignores the file (at least when detected by the background scanner). Please address this in future versions or please explain to me why this is a GOOD thing or how to easily PERMANENTLY stop warning me about certain files…

I might submit them to Comodo sometime, but since there are so many of them (all Heuristically found or AV-related files - Combofix, etc), it would take awhile. I like having an AV scanner that is more cautious than less, but I want to be able to stop the annoyances if possible!

Thank you!

Hi drewcu,

Could you please submit the detected file at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year.


Not exactly safe or recommended, but an exclusion of ?:*\filename.ext would force the AV to ignore it.

In addition, Exclusions are for the AV and Safe Files are for Defense+.

I have a similar problem.

I use UltraVNC ( in the computers of our VPN, and have configured Comodo Antivirus Free the folowing way:

  1. Antivirus → Scanner Settings
    1.1 Heuristics Scanning/Level : Off (in all 3 types of scanning)
    1.2 Exclusions List : Added the 3 reported files to the List (vnchooks.dll / winvnc.exe / vncviewer.exe)
  2. Defense+ → Common Tasks
    2.1 My Protected Files: Added the 3 reported files to the List (vnchooks.dll / winvnc.exe / vncviewer.exe)
    2.2 My Own Safe Files: Added the 3 reported files to the List (vnchooks.dll / winvnc.exe / vncviewer.exe)
  3. Defense+ → Sandbox
    3.1 Sandbox Settings : Sandbox Security Level: Disabled
  4. Defense+ → Advanced
    4.1 Computer Security Policy : Added the 3 reported files to the List (vnchooks.dll / winvnc.exe / vncviewer.exe) as Trusted Application
    4.2 Defense+ Settings : Defense+ Security Level : Safe Mode
    4.3 Defense+ Settings : Checked option Create Rules for Safe Applications

After alll this configurations i get frequent warnings about the files. I’ve already chosen every ignore options available in the warning messages, but still have the problem.

Comodo had this problem before, but solved it already in latest subversions of version 3. Will this be solved too in version 4?

Thanks in advanced,

Where do these files reside?

Are they on the OS partition, on an encrypted container partion or on Removable media?

These files are on C:\program files\ultravnc
And C:\ is the OS partition.

Thanks in advanced.


I added the folowing to the Antivirus Exclusion List:

And i still get the messages. Plus, i am starting to see duplicates in the AntiVirus Exclusion List (due to the repeated answers to the messages).

Looks like the Antivirus Exclusion List and the Defense+ Safe Files are not being considered.



I would remove them from the AV exclusions list & The protected files and ONLY place them on the My Own Safe Files list, with full path.
That should do the trick.

I have the same problem realVNC 4.1 or 3.3 are detected as malware / virus and deleted(quarantine) or blocked even if i put it on exception list (add to my safe files) or exclude them. Its very annoying. I can resend them to you…I 've disabled sandbox and defense+.

In these cases the best option is usually to report it as a false positive here:

This way you don’t have to worry about adding it to the exclusion list and the entire community will benefit.

Ive just uploaded files with comment that is false alarm in comodo. real VNC on GPL licence version 3.3.6 i can upload 4.1 version too its on GPL too and named VNC 4.1.3 free

Files uploaded by me contains code marked as unsafe :frowning: and nothing can be done.
Problem still lays in configuration of comodo av, beacouse warings are displayed after add VNC to safe applications.