At first - sorry for my bad English 'cause it’s not my native lanquage.
So, to the subjekt. When I’m purchased new keyboard (A4Tech X7 G800MU) I for sure want to use all functionality so downloaded required software from vendor’s website. When installation begun, CIS alerts me that there are “keyboard hooks”. Thanks, baby! I know it! But I have not any choice - CIS grabbed some .dll’s and move them to quarantine. Clearly understand, 'cause “keyboard hooks”.
Well, let’s add installation files to “trusted” files. And reboot mashine. Just in case…
Did not help.
Well, add the destination directory to the “trusted” files. Did not help. Understand, but…
Well… Power off the Net, power off the CIS, try to install needed software - OK. Add again install directory to “trusted” files, tell the CIS “It’s learning mode now!” ;D Reboot the mashine.
When boot is complete - all needed .dll’s are grabbed and moved to quarantine…
I’m then detected “suspicious” .dll’s and add them separately to the “trusted” files ('cause some of them fly to Program Files (x32) and System32 folders) - :-TD no way…
■■■■… I’m almost ready to change keyboard…
I’ll be glad to hear any helpful opinions 'cause I’d rather change keybord than CIS.
I forgot to say that I report that issue to A4Tech support with proposal to connect with some authority from Comodo Team in meaning to correct current and maybe future issues between each other’s software.
1st the short message:
As soon as you install any security Software (and I mean - any) you have to go through all setting and disable automatic quarantine/deletion. Period!
You should not allow any security to automatically delete/quarantine anything. Set it only to Alert you.
That will make life easier in order to investigate particular case in the first place, but ultimately that will someday save your system being damaged beyond repair
As for your request - you did not provide much info about your system and particular keyboard
Well, if you can restore those DLLs from quarantine and send them to Comodo developers together with an additional information about the keyboard/manufacturer/the site, etc. they will be able to fix some stuff (let’s hope)
Thanks for fast respond!
Sorry but I wrote about keyboard
I’m purchased new keyboard (A4Tech X7 G800MU)
Previous KB was Logitech Media (Y-BH52), served me well six or seven years.
About hardware - my fault.
AMD Phenom II X4 980 (overclocked drom default 3.2 Ghc to 4.5Ghc)
WDC WD1500HLFS-01G6U1 as System disk and 4 other HDD’s
3 ODD (2 DVD writers and one reader)
Creative Sound Blaster X-Fi
OS is Win Seven Pro x64 enough fresh installed (about two weeks).
About disabling automatic quarantine & deleting… Thank Gods - I rarely have any threats 'cause I’m as accurate as possible on the Net so don’t ever think about turning off that function.
Thanks, I’ll try that way. And for sure - report results. Maybe will be helpful to somebody.
Tryin’ but have not the option to disable Auto quarantine or deleting detected threats. Only “Block” or “Quarantine”… Or turning off the scaner. Screenshot 1.
Version of CIS. Screenshot 2
Auto quarantine is disabled by default. You say you have added the files to trusted and that didn’t work. Have you tried to add them to exclusions under the scanner settings tab ? Disable the AV, remove files from quarantine if there, add them to exclusions, enable the AV, and reboot. See if that helps.
OP (Yezhishe) posted an images. The language is Russian
I don’t see the default auto-quarantine being disabled there
The drop-box options are (translated by me):
Put(move) dangerous files into quarantine
Block dangerous files
Probably that is wrong window
Can you please provide an image of that one, with the default “No auto!” / “No blocking” included, but just “Notify” I was talking about
I’m sure Yezhishe will get it or I will translate it
Your correct with the new installer it does enable this unless you do a custom install. Seems like this needs to be unchecked and the files added to exclusions for scanning and that should fix his problem.
As for the default install options the firewall ,defense+, and sandbox option seem beneficial for a novice user. The disable alerts for the AV (auto Quarantine) seems a little careless. If the AV happens to have a false positive with a crucial system file then it could be trouble. Just my opinion.
But hey this is their taco stand, I’m just going to shut the hell up and fold the burritos. ;D
Sorry for some misunderstanding, but by “wrong window” I meant that maybe there is another one. My bad
Well, I gave up on Comodo’s AV looong ago
Point was that all AV’s I’ve tested have those settings for the actions re: suspects - quarantine; delete; or just alert/notify/report whatever you can call it
This is to inform you that the file you have submitted to us has been checked.
The files detected in the package submitted by you aren’t malware, but are detected as potentially dangerous applications.
If you plan to further use this application, you can add the detected files to your “Exclusions” list.
Sure that “keyboard hooks” are potentially unsafe 'cause they seem as keylogger or something like - but how it may behave if program must use additional keys? ;D
So - well. Thanks for participating, I think the problem is almost solved as much as it possible…
The files detected in the package submitted by you aren't malware, but are detected as potentially dangerous applications.
Pretty much weak answer from the developers IMHO, therefore indeed it’s “[i]almost [/i]solved”, since if the keyboard driver Software installation is legit that must not happen...
I have changed dozens of keyboards from many vendors – no issues;
I have many of those “hooks” from 3rd party vendors, since using audio editing with many VST/Directx Plugins & standalone “keyboard aware” instruments.
To make the story short – currently (stressing) none of AV’s I’ve tested are flagging those
… hmm … since you responded I would like to argue & disagree by saying: - that’ s another weak point
So, what you are basically saying: Comodo AV will easily miss any malware signed by Microsoft
(like “Flame” … similar will follow) or
probably by other “legit” vendors like Adobe & …, etc. Very long list actually (how many are found every day, as a matter of fact? , I hope, as an expert, you do know ~ figures) or
system files signed by MS but being modified by polymorphic (or other) infection like