Long time user, never had any issues but now I decided to really test my configuration. I hope you can help me with a question though
When the cloud scanner picks up EICAR, it only alerts once to its presence with a pop-up. Yet, I had clicked “ignore once” logically thinking that it would alert me every time I try to execute Eicar.exe.
It is a setting because Comodo does seem to prevent me from excecuting Eircar yet I CAN delete it so I’m not quite sure about this?
That is not happening here. Can you tell us more about your system? What OS, what version of CIS, what other security programs are installed and which one of them run in the background and which one are on demand only.
You say you tried to start eicar.exe file. I assume you mean eicar.com?
Sure fire away with questions. I’ll also retest what I did to double check it was not a fluke.
- OS is Windows XP SP3 - fully up to date
- For real time AV I’m running NOD32 v18.104.22.168 but I had to disable its real time component as it would otherwise interfere with CIS testing. HIPS on NOD32 is also disabled as Comodo is the preferred choice.
- I also run MBAM and Spybot - Search & Destroy but only on demand. They therefore cannot interfere unless I’m mistaken about that.
- And yes, I meant eicar.com. Sorry about that.
Now for the test:
I just clicked EICAR.com and the cloud scanner is showing the dialogue.
I then pick ignore where I can choose between “Ignore Once” and “Ignore and Report as False Alert”.
I’m going to pick ignore once.
Now, I can click on EICAR.com until my arm gets tired but the cloud scanner dialogue is AWOL.
Windows then pops up a notification that “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”.
Note I’m actually executing a REAL virus but it is easy to contain if you know what you are doing
- On the first execution attempt of the virus, Comodo Cloud scanner alerts that it has detected a malicious file. I choose to “ignore once”.
- Subsequently trying to execute this file again works: it loads into memory.
- Terminating the file using the Windows Task Manager works.
- I can then again execute the virus and it will load into memory. Not a single peep from Comodo’s cloud scanner.
I don’t know how long this takes, but after a while the Cloud Scanner will detect the file again. During the period of “non-detection” it does not detect the file, as Comodo Kill Switch reports the file as trusted.
Really, is no one concerned about this?
I found out more about the bug.
Please try to reproduce the steps in my bug report at Comodo forum.
I hope I am allowed to post this link…