Cloud lookup only alerts a single time a file is malicious (EICAR-test)

Hi everybody,

Long time user, never had any issues but now I decided to really test my configuration. I hope you can help me with a question though :slight_smile:
When the cloud scanner picks up EICAR, it only alerts once to its presence with a pop-up. Yet, I had clicked “ignore once” logically thinking that it would alert me every time I try to execute Eicar.exe.

It is a setting because Comodo does seem to prevent me from excecuting Eircar yet I CAN delete it so I’m not quite sure about this?

Kind regards,

That is not happening here. Can you tell us more about your system? What OS, what version of CIS, what other security programs are installed and which one of them run in the background and which one are on demand only.

You say you tried to start eicar.exe file. I assume you mean

Hi Eric,

Sure fire away with questions. I’ll also retest what I did to double check it was not a fluke.

  1. OS is Windows XP SP3 - fully up to date
  2. For real time AV I’m running NOD32 v5.2.15.0 but I had to disable its real time component as it would otherwise interfere with CIS testing. HIPS on NOD32 is also disabled as Comodo is the preferred choice.
  3. I also run MBAM and Spybot - Search & Destroy but only on demand. They therefore cannot interfere unless I’m mistaken about that.
  4. And yes, I meant Sorry about that.

Now for the test:

I just clicked and the cloud scanner is showing the dialogue.
I then pick ignore where I can choose between “Ignore Once” and “Ignore and Report as False Alert”.
I’m going to pick ignore once.

Now, I can click on until my arm gets tired but the cloud scanner dialogue is AWOL.

Windows then pops up a notification that “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”.

Another test:

Note I’m actually executing a REAL virus but it is easy to contain if you know what you are doing

  1. On the first execution attempt of the virus, Comodo Cloud scanner alerts that it has detected a malicious file. I choose to “ignore once”.
  2. Subsequently trying to execute this file again works: it loads into memory.
  3. Terminating the file using the Windows Task Manager works.
  4. I can then again execute the virus and it will load into memory. Not a single peep from Comodo’s cloud scanner.

I don’t know how long this takes, but after a while the Cloud Scanner will detect the file again. During the period of “non-detection” it does not detect the file, as Comodo Kill Switch reports the file as trusted.

Really, is no one concerned about this?

My reply here —

I found out more about the bug.

Please try to reproduce the steps in my bug report at Comodo forum.
I hope I am allowed to post this link……-t91218.0.html
Edit/Delete Message