Small remark from The Netherlands, iv’e downloaded CCAV yesterday to complement the Icedragon browser.
I’ve installed it next to Avira Antivirus Pro, [always have a plan B]
Looked Nice and lean, but than to take it for a testdrive I downloaded PKE.4.12.0.rar file from sanet.st.
Most of the time you know that this means trouble aka Viruses, Malware, Trojans & Rats :D.
In this archive there are a couple of files, a cracked version and a portable version of PKE.
So I ran [Right-Click] “Scan with CCAV” and everything seems well & neat.
Files Scanned: 3 Threat(s) Found: 0 – Threat Name Action
But what than happens is quite remarkable.
Instantly Avira AV slams the breaks and reports :
03/29/2019 5:40 PM Malware found
The pattern of TR/Injector.mshuh [trojan]’ detected in file ,C:\Windows\Temp\PKE.4.0.12.0-13228\Portable\Product Key Explorer Portable.exe’.
Action performed: Move file quarantine, User SID: S-l-5-18
Is this caused because it’s running next to Avira and CCAV is working partialy (real-time protection switched off???)
Or is it something else which I’m missing ??
CCAV should sandbox the malware when it doesn’t have signatures for it. Can you see what happens when you disable the resident shield of Avira?
Detection only brings us but so far. The detection rate of Comodo Internet Security is on par with its peers so I assume CCAV also is. Protection comes in the first place from proactive protection like a sandbox or HIPS. An AV is nice to have.
Detection always comes after the fact of a virus seeing the light. It then takes time to get the hands on a virus and to produce signatures. There is so much malware being produced making it very hard to catch them all. That’s why it is better to rely on a sandbox or HIPS or both as first line of defense. Don’t fixate on detection rate it only brings but so much protection.
What I forgot to mention, that in this case afer the detection took place, Avira real-Time protection was switched OFF, by some programme or process!!!
I think Windows Defender is the main target to look at.
I had to reboot my laptop to get the Real-Time detection working again.
So there is/was (to my opinion) some interaction between CCAV and Avira.
I agree on the fact that Detection is allways trailing behind the present situation.
hxxp://nitroflare.com/view/3170A9D938239E0/SaNet.st_PKE.4.0.12.0.rar or
hxxps://rapidgator.net/file/ed47465834ebb8c0dc121e67f58b948d/SaNet.st_PKE.4.0.12.0.rar
attached my scan of the file and the result os a scan with Avira + The Quarentine of Avira
i’ve re-downloaded CCAV yesterday as ccav_installer_chid33220011.exe.
The file that you have mentioned is being detected from our side.
Case 1:
You are using Avira and CCAV in the same time. So it’s possible that this file is blocked by Avira and CCAV can’t compute the hash for checking FLS.
Case 2:
Sometimes for performance optimization AV stores previously received verdicts, during next rescan it will pick cached verdict. Also, we are facing some sync issues in the recent days, may be due to this reason, you may be seeing the previously stored verdict.
May I ask you to do this small test to confirm the reason for this problem, change system date to one month later and scan again, you can revert time back after scan.
Having 2 realtime AV can have potential to create weird issues. Even though its not recommended, At the very least put all of avira files on comodos scan exclusion list. And put all of comodo files on Aviras exclusion list.