Do Not Scan File Over 20MB?

I guess Comodo would not unleash a product that was not safe, but what is the reasoning behind not scanning a file above 20MB? Other than speed.

Have you ever encountered malware that was more than 20MB?

It’s not just rare, it’s very unlikely :wink:

Other than that, it’s for speed. And you can always increase it anyways. Mine’s set to 100MB on real-time, and 999MB (the highest you can set it) for manual and scheduled.

Hope this helps :slight_smile:

The highest is actually 999999999mb now. It gives you an alert that it might affect performance though.
I also have my real-time set to 100mb.

:o That would be a pretty big file :slight_smile:

When we hear back from the OP, you can lock the thread.
Congrats on becoming a mod, btw :slight_smile:

I was going to ask the same question as the OP, and very sensibly looked first :wink:

I thought some viruses could attach themselves to a file, such as exe, and that file could be quite large. So even though the malware itself might be found, if it had infected a file, that may not be even scanned.

This is what I understand. I may well be talking through my hat.


I think its a bit like this.

E.g. a malicious file could be hidden inside a 9l0MB .EXE archve. But Comodo can’t unpack .EXE or .CAB archives so it wouldn’t find it even if it was scanned so by default, no time is wasted trying.

I wasn’t meaning packed exe files, so much as ordinary runnable exe files that have been infected by malware.

Say I had no AV on my system, and installed CIS. While I had no protection, malware had added whatever it wanted to add to a large programme .exe file. I run a scan after I install and while the malware may be picked up, the large exe file is not even examined.


Hi all, my first post, so please be gentle :wink: .
I noticed that 20MB default as well, and would like to emphasise the question from the original post:

what is the reasoning behind not scanning a file above 20MB? Other than speed.
I understand I can change that limit. But, having ■■■■■■ all subject knowledge, I'd really appreciate some sort of explanation, to be able to make an informed decision. What am I really risking by having quicker scan time? How much safety am I gaining by sacrificing the speed?

Because I lack the relevant knowledge the 20MB and 100MB numbers seem like just arbitrary numbers to me. Is there any AV expertise behind these numbers? Or is it just the function of the processing power of my PC and my personal tolerance for slowness? I’m sort of hoping there is some more meaning than that. Otherwise to me it would look like saying:
Look, our product is pretty good, but a bit sluggish. But, if the safety is not your priority, we can make it quick for you by ignoring some files. That would, sort of, defeat the purpose of having AV in the first place.

What do the other AV products do in this regard? Do they have similar file size limits, perhaps hidden form the unsuspecting users?


You aren’t really risking anything. Malware wants to spread quickly and imperceptibly. Malware that is a large file size is pretty conspicuous, not to mention impractical to a malware author. Even with so many broadband users, it’s hard not to notice a 20MB file has just been transferred. It won’t even spread at all in parts of the world that don’t have broadband access.

So really, a 20MB cutoff is quite generous.

I was going to let this go, but it has popped back up.

I am still concerned.

I believe, as I said before, that malware can infect a larger file. The only reply was that since Comodo does scan packed or exe files anyway (and I don;t understand why), there is no point.

But surely it scans exe as in programme files, which could be infected.

If my system was already infected, running a scan that only scans files less than 20MB could miss something.


As far as I am aware an ‘infection’ can be caused in a file of any size.

The reason there is a ‘file size filter’ is to control the amount of time it takes to scan your computer, the larger the file the longer it will take. As always, it’s a trade off.

Virtually every manufacture of malware scanning software includes such an option.

I agree that the limit should be there, but maybe on the first scan there should be a strong warning, or even a scan all files setting on that first run? Just the once after first installing Comodo, because there could be anything on a machine that has not been protected before.


!ot! ?

Superantispyware has a ‘do not scan files larger than 4 Mb’ default setting and they recommend to keep it like that! It is an acclaimed anti-spyware. I pointed out not to justify Comodo but to show the fact that the industry (or companies for that matter) through its own R&D must have decided it.

OK. I will go with the flow.