I downloaded the application from there website here:
https://www.7-zip.org/
As Igor P doesn’t sign these applications (either the 32 or 64 bit msi or exe forms), both the installer as well as the GUI app (7zFM) should result in a Containment alert. The only reason that it would not is if it was already installed in the past on the system.
ps Just installed 7zip 23.01 on a fresh CF beta 2 system and the applications were contained as expected.
Sorry but that’s not supposed to happen as they are considered trusted by cloud lookup service and has been for the last 7 months.
“fls”: {
“timestamp”: “2024-01-25T21:34:17.069Z”,
“verdict”: “Safe”,
“transport”: “DirectFls”
Advanced File Analysis System | Valkyrie (comodo.com)
Although somethings you can get different rating results with valkyrie verdict but as seen below it is also trusted:
Valkyrie Verdict (comodo.com)
I guess it needs to be said that digital signatures is not the only way to determine file rating, as CIS also relies on file hash lookup through fls, and in certain cases local whitelist AV signature, which can happen with or without having the anti-virus component installed.
You must have been using a very old version of CIS as the shellcode setting moved out from the HIPS section a long time ago, unless you are having issues finding it using the new themes.
Miscellaneous Settings, Virus Protection Software | Internet Security | COMODO
About the 7zip “issue” (not really an issue)- I, as many here know, use CF only. For CF, when either the installer or the GUI app is run both will be contained.
However if CIS is used (adding the AV component) both will be recognized as valid even WITHOUT a digital signature as both have been previous vetted by Comodo within the AV database and thus allowed.
The CF component alone is without this database asit lacks the on-demnd AV component, so thus an unsigned application is automatically contained.
It has nothing to do with the AV as it was trusted by file lookup service(FLS) which is always checked regardless whether or not you have the AV installed. Only time it is not used is if you disable ‘enable cloud lookup’ option in the file rating settings.
I’m not sure why you are forgetting about the cloud lookup feature and think that without the local AV, an unsigned application will be contained when the AV is not the only factor in determining a file rating.
Unknown Files: The Scanning Processes, Containment Process | Comodo Internet Security
But just checked with only having the firewall installed, and it was correctly rated as trusted and thus not auto-contained.
That way I have always understood how Cloud Lookup worked without installed AV component.
Hello,
In “Applications to unlock”
Below, an error from “Comodo CIS” which displays an aberrant data for the SHA-1 of a blocked process
Other info:
CIS Antivirus found an infection on my PC:
No right-click on each of the 3 lines below allows you to obtain information on the processes concerned, nor their SH-1, nor any details.
So I don’t know where the infection comes from, nor by what, nor by whom?
So I can’t know either if this has anything to do with the bizarre and recurring connections I had to Russia (Explained above)
Trying to figure out where this could be coming from, I did some additional analysis with Hitman Pro. Here is the result below:
But, there is no way of knowing if they are the same infections, since Comodo CIS does not give any details.
If there was an SH-1, or an MD5, I could have gone to virustotal.com to get some information.
So I find this missing a lot in the antivirus event log results.
Another problem: Scans of the entire C: never goes to completion.
Each time it ends with “STATUS: Interrupted analysis”
Hi cruelsister,
We have downloaded the same version of 7zip and found that it doesn’t contained in CIS/CFW.
Thanks
C.O.M.O.D.O RT
Hi Varan-de-C0m0d0,
Thank you for reporting.
We will check and report this to the team.
Thanks
C.O.M.O.D.O RT
Hi Varan-de-C0m0d0,
Thank you for reporting.
We are checking on this.
Thanks
C.O.M.O.D.O RT
Hi Varan-de-C0m0d0,
We have tested and found that the scans of the entire C: completed successfully.
Thanks
C.O.M.O.D.O RT
Thank you C.O.M.O.D.O_RT for the answer.
I suspected you were going to answer that. For us beta testers, the software’s reactions can be unique. Everything is fine with you and not with me.
What matters is knowing what’s wrong with specific configurations.
Why is it blocking me and not others? Prorated to the number of beta testers, this should not be obvious. I guess there aren’t many beta testers, because we are always the same on this part of the forum.
I’m waiting for a Comodo employee to walk by and be a little curious as to why it’s like this on my PC.
It would be interesting to know if file and folder names of 256 characters (and longer if possible) can cause the analysis to fail.
Also having a Linux partition mounted as a Windows disk via Paragon Linux File System
Hi Varan-de-C0m0d0,
Are you using any other security software other than CIS ? if not kindly share us your CIS Tasks log for further investigation.
Thanks
C.O.M.O.D.O RT
Hello C.O.M.O.D.O_RT,
Thanks for your interest.
SO…
To start… :
I encounter the same problem whether Comodo CIS is alone or not.
Even better, if I stop and stop CIS, (CIS is completely shut down and is no longer present in the taskbar), the exclusions window remains open to spin in the void (then, I am asked to stop it and the system says that this will be transmitted to Microsoft. (which I hope). sends you the information afterwards)
Finally, to answer your question, I have always (since the beginning), (+10 years) run CIS with other security software, and this has never caused any problems for me.
For greater fluidity, I whitelist (exclusions) the files with each other.
To be more specific in my answer:
Permanently, second line: MalwareBytes
Third line RogueKiller.
On another Webroot Anywhere machine.
I have also been using the free version of Glasswire for a long time.
I also have a PC where all this works together without any problems, but under Windows 10 and with the official version of Comodo CIS.
It would be a real shame if this version of Comodo CIS no longer supports running with so-called “second line” software…
I don’t know if this is normal, so I ask:
Is it normal that the viral database is so small, despite the fact that I update it daily? (On the site it is 661778 KB)
Likewise, I don’t know if it’s normal to have two recognizers of the same size in the same folder. Same version recognizer v12.2.1.8104.dll?
Another problem:
Comodo Antivirus notifies me of an infection called “COMODO DISABLE”.
Since this came at the same time as the update request requiring a reboot, I initially thought it might be legitimate.
But, in this case, why would Comodo CIS self-report as an infection?
Then, I wanted to analyze it with virustotal to find out what was going on, but as you can see, it created an error.
Do many user have such a lot of problems with this beta-version? Is the betaversion so immature?
I didn’t clear the log list. The firewall is in its own policy mode. The files blocked by firewall are only two, it shows the total number of these files blocked by firewall, but they come from trustworthy providers.
