Is there a reason why COMODO whitelists the recycle bin (and prefetch folder) as scanning and monitoring location?
This has happened since a very long time, and has also been reported on wikileaks: Comodo Recycle Bin Defeat
I know it’s very difficult to throw something in the recycle bin/prefetch and run it (because something else running from another location must do that), but you never know…
In the prefetch folder, only .pf files are excluded, everything else is scanned.
Regarding the recycle bin, if you haven’t disabled containment, there is a default blocking rule for it, so you can’t run anything from there unless you allow it yourself.
Which of the 4 containment default rules you refer to?
But the recycle bin is also in the exclusions… Which should override the containment blocking rule
How did you come to the conclusion that it happens this way and not the other way around?
Why should the two override each other at all?
Because exclusions in all antivirus programs are made to override certain locations or files and consider them as safe… Otherwise their existence would be not useful at all
This only applies to those where there is only antivirus, or you only install that one, just like with Comodo you can only install the antivirus.
