Don't want any of these pseudo malware warnings.

Hi,
I didn’t install the antivirus from comodo.
Sandbox is disabled.
Defense+ is disabled.
Only firewall is enabled, on safe mode
Then why comodo bother me from time to time, by telling me that a file , might be a malware ?
I just want comodo to work as a firewall, I already have my antivirus, and I’m not interested by false alerts.

Hey and warm welcome to comodo forums:)

the firewall has cloud scanner. What file are we talk about?

I strongly recommend you to have defense+ and all of its features on. If defense+ gives you a hard time please post and people will help you.

Enjoy your stay here at comodo.

Regards,
Valentin N

Hi,
what a fast reply.

What file are we talk about?
Well, it's often exe that are packed with upx, aspack or whatever. Usually, not very legal stuff downloaded on the net, sorry.
I strongly recommend you to have defense+ and all of its features on
Well, I remind that defense+ was conflicting with microsoft security essential, making the browsing with firefox, unbearably slow. I don't know if the issue has been fixed, will try again.

add MSE in detect shellcode injection and this is how you do it; CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…

Regards,
Valentin N

add MSE in detect shellcode injection and this is how you do it; CIS ---> Defense+ ---> Defense+ Settings ---> Execution control Settings ---> Detect shellcode injections (i.e. Buffer overflow protection) ---> Exclusions ---> Add ---> Browse...

done, thanks
But I think that MSE , is well known, and should be supported “out of the box” , by comodo firewall.

The cloud scanner had nothing to do with the firewall. I recommend you to download malwarebytes and hitman pro. When you’re done with the scans tell me what they found

P.S don’t forget to update Malwarebytes and make a quick scan

Regards,
Valentin N

When you don’t use the av of CIS but use the cloud look up you will get notified when something is a (possible) virus. Comodo considers this an extra service to the user. It is hard coded.

I recommend you to download malwarebytes and hitman pro. When you're done with the scans tell me what they found
Well, why not. I've done a full scan with Malwarebytes, after updating it. Only main C partition, or it would be too long. Malwarebytes found nothing.

However , I’ve then scanned file that was detected as problematic by Comodo (on an other partition). Malwarebytes say it is infected by “trojan.agent.ck”.
I believe it’s fine.
You can see a more detailed report at virustotal.

The problem is probably because the exe was compressed by PECompact according to Virustotal.

Then I’ve done a scan with “hitman pro”. This one found a lot of “tracking cookie”.
A patch.exe file, I forgot to delete was detected as:

trojan
“high risk worm”
backdoor.generic.543395
Trojan.IRC.Backdoor.SdBot4!IK

Well , I notice the word “generic”, and I just suspect an other false alarm.

Otherwise, the software I’ve patched , was detected as having an invalid digital signature (off course).

When you unpack the file, that is packed with a packer most av solutions don’t seem to like, and upload the .exe to VT. What do the scanners say then? I have seen the judgments change notably.

To get rid off the CIS av alerts from the cloud I guess it is best to simply install the av, disable it from on access scanning, remove the scheduled scans and add the flagged files to the AV Exclusions.

When you unpack the file, that is packed with a packer most av solutions don't seem to like, and upload the .exe to VT. What do the scanners say then? I have seen the judgments change notably.
Well, just for curiosity's sake, I've found a working unpacker for the file that Comodo has detected with the "cloud" , and then uploaded the uncompressed exe at virustotal. You can [url=http://www.virustotal.com/file-scan/report.html?id=a3ea7defba0ac86eb18046018b543de36008a46323e1c68484852ded30030d22-1294366324]see results here[/url]. Few alerts, but not from the most popular av , and I usually rely on NOD32 & Kasperky, and no alert from them.
To get rid off the CIS av alerts from the cloud I guess it is best to simply install the av, disable it from on access scanning, remove the scheduled scans and add the flagged files to the AV Exclusions
Ok, I think, I rather keep the default cloud behavior, and exclude files, each time there's a problem. I was just expecting a firewall, to not behave like an antivirus.

Welcome to the Era of Cloud Computing… :smiley: :wink: