Comodo CCAV vs Avira

Hi Guys,

Small remark from The Netherlands, iv’e downloaded CCAV yesterday to complement the Icedragon browser.
I’ve installed it next to Avira Antivirus Pro, [always have a plan B]
Looked Nice and lean, but than to take it for a testdrive I downloaded PKE.4.12.0.rar file from
Most of the time you know that this means trouble aka Viruses, Malware, Trojans & Rats :D.
In this archive there are a couple of files, a cracked version and a portable version of PKE.

So I ran [Right-Click] “Scan with CCAV” and everything seems well & neat.
Files Scanned: 3 Threat(s) Found: 0 – Threat Name Action

But what than happens is quite remarkable.
Instantly Avira AV slams the breaks and reports :

03/29/2019 5:40 PM Malware found
The pattern of TR/Injector.mshuh [trojan]’ detected in file ,C:\Windows\Temp\PKE.\Portable\Product Key Explorer Portable.exe’.
Action performed: Move file quarantine, User SID: S-l-5-18

Is this caused because it’s running next to Avira and CCAV is working partialy (real-time protection switched off???)
Or is it something else which I’m missing ??

Please advice.

Cees van Soest

running 2 antivirus at same time not a good idea nor b plan
if you configure ccav properly probaly you dont need avira one

My point is, why didn’t CCAV detect it, and Avira did.

ergo CCAV is free & Avira is a payed License :o

CCAV should sandbox the malware when it doesn’t have signatures for it. Can you see what happens when you disable the resident shield of Avira?

Detection only brings us but so far. The detection rate of Comodo Internet Security is on par with its peers so I assume CCAV also is. Protection comes in the first place from proactive protection like a sandbox or HIPS. An AV is nice to have.

Detection always comes after the fact of a virus seeing the light. It then takes time to get the hands on a virus and to produce signatures. There is so much malware being produced making it very hard to catch them all. That’s why it is better to rely on a sandbox or HIPS or both as first line of defense. Don’t fixate on detection rate it only brings but so much protection.

What I forgot to mention, that in this case afer the detection took place, Avira real-Time protection was switched OFF, by some programme or process!!!
I think Windows Defender is the main target to look at.
I had to reboot my laptop to get the Real-Time detection working again.

So there is/was (to my opinion) some interaction between CCAV and Avira.

I agree on the fact that Detection is allways trailing behind the present situation.

Hi Sushi1960,

I believe this is the file you have mentioned,

And I could see the proper detection of this file(ref enclosed CCAV image).

If not, then we would like to investigate the exact file reported by you. Could you please provide us the download link.


The links are:

hxxp:// or

attached my scan of the file and the result os a scan with Avira + The Quarentine of Avira
i’ve re-downloaded CCAV yesterday as ccav_installer_chid33220011.exe.


Hi Sushi. I broke the url’s linking to the malware. We do that as a protective measure for novice users.


Hi Sushi1960,

The file that you have mentioned is being detected from our side.

Case 1:

You are using Avira and CCAV in the same time. So it’s possible that this file is blocked by Avira and CCAV can’t compute the hash for checking FLS.

Case 2:

Sometimes for performance optimization AV stores previously received verdicts, during next rescan it will pick cached verdict. Also, we are facing some sync issues in the recent days, may be due to this reason, you may be seeing the previously stored verdict.

May I ask you to do this small test to confirm the reason for this problem, change system date to one month later and scan again, you can revert time back after scan.



experiment(s) done:

Exp1: changed date to apiril 22nd 2019.

config: Avira RTP [ON] CCAV RTP[ON]
Result: CCAV no Detection, Avira reports Threat, places the file in Quarantine

config: Avira RTP[OFF], CCAV RTP[ON]
Result: CCAV Detects threat, asks to put the file in Quarantine.

Exp2: changed back the date to present april 3rd 2019.

results are exactly the same as with the date shift.

So it looks like Avira interacts with CCAV, but the strange thing still is.
Avira reports it after CCAV is ended

Having 2 realtime AV can have potential to create weird issues. Even though its not recommended, At the very least put all of avira files on comodos scan exclusion list. And put all of comodo files on Aviras exclusion list.

I’ve solved the situation, by removing one of the two.
Thanx for the info & Tech support

Cees van Soest

Or disable CCAV’s AV and use it as a sandbox or exe blocker.