I’m cleaning up the CBO/BOC FAQ and moving posts out of this area.
It will eventually be locked.
We will need to have a submissions process in place.
Any suggestions on items to include (sources appreciated) please IM me.
I’m cleaning up the CBO/BOC FAQ and moving posts out of this area.
So far I have this…
Comodo BOClean Knowledgebase
Download Link, Install/Uninstall Instructions, & User Guide
BOClean manual in het Nederlands
Prior to uninstalling you must shut BOClean down in order to stop the service so it may uninstall correctly. You can do this using the “Shut down BOClean” button on the user interface located in your task tray (alt click on the icon).
Register for free licence
Q: Do I have to remove BOClean and reinstall to get the Free Licence or will it be sent to my email address instead?
A: It’s been advised that prior releases of BOC and CBO be uninstalled prior to installing new releases. (see "Uninstall"link?)
When installing Comodo BOClean (CBO), you are prompted to enter an email address which is where the license will be sent.
Which Version ?
Q: How can I tell which version of BOClean I have?
A: If your systray icon looks like a little vacuum cleaner, you have BOClean version 4.22 or earlier.
If, however, the systray icon looks like a little computer screen with some kind of thingie on it, then it’s CBO 4.23 or later.
Right clicking on the BOClean icon in your task tray will bring the GUI up displaying the version or you may browse to the .exe in it’s install folder and view it’s properties/version there.
At this time the GUI of CBO does not display the version.
What the tray icon colours mean.
Green=examining startups (goes fairly quickly)
Blue = examining processes, threads and dependencies
Black = quiescent (nothing going on)
Red = detection has occurred OR you’ve opened the menu and BOClean is on hold until you close it.
On starting the system, it will be blue for quite some time as BOClean actually starts green but that’s usually over by the time the traybar icon appears on bootup. Blue sits there for quite a while as BOClean examines every single process, thread and dependency at startup. Once all is done, it settle into black unless something is started or it does its every ten second “recalibration” … when this happens, you’ll see a fast green or blue flick - starts green, goes blue but it happens so quickly if nothing’s happened in the past ten seconds that you might see one color or the other or a combination of both (particularly on LCD screens) … if anything starts or changes, it doesn’t wait for that ten seconds so you’ll see that flick should ANYTHING move or start.
Where does BOClean “quarantine” files?
C:\Documents and Settings\All Users\Application Data\BOC425\evidence.boc
Suspected False Positives?
Q: Where do we send the files that are being alerted on that we suspect are FPs?
A: You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.
How To Zip & Password Protect a File For Submission
To zip and password a file do this:
Right click on the file in question and choose “Send To: Compressed Folder”.
Then double click on the newly created compressed folder to open it in Windows Explorer.
In the toolbar at the top left choose “File”, Add a Password".
You’ll now have a password prompt box to type in “infected”.
COMODO BOC thinks MIRC is a trojan?
BOC vs CBO? What’s Changed?
What exactly is BOCore.exe?
Q: What is BOCore.exe?
A: Quoting Nancy McAleavey on the release of BOclean 4.21:
What's new in BOClean 4.21? Note the new BOCORE service, a kernel monitor designed to catch nasties before they can "root." And for those who managed to grab "root," BOClean 4.21 can see them when your antivirus, antispyware and firewall CANNOT as BOClean always has been able to. The latest nasties can live at "kernel level" and hide from "user level," but BOClean 4.21's BOCORE *lives* in the bunker of the kernel level, unlike any other antimalware can do. BOCORE is only the beginning. We've seen the newest of nasties that can even hide at ROOT level, and that's the reason for BOClean 4.21 and the rush to get it out. When rootkits can hide from the kernel, there's serious nastiness ahead and BOClean 4.21 is ready once again with its baseball bat to take them out.
Q: Does it have to be running all the time or can it be stopped without ruining Boclean’s effectiveness.
A: In order to be effective it must be running.
Where’s the scanner?
Q: Does Comodo BOClean have a Scanner that scans for malware?
A: CBO doesn’t have a scanner in the way you might be used to thinking of.
It scans your system for you at startup and then every 10 seconds it recalibrates (checking that nothing has changed) while at the same time running resident in memory as a shield waiting for malware to uncloak before it can be processed.
CBO’s standing guard in memory watching what code actually does, (not what it says it’s going to do or looks like it’s going to do) gives it a very good shot at catching what AV’s commonly call a “zero day” which are generally a simple repack of already known variants.
Any other scanning functions that may have been included were “hidden” and only for testers to avoid redundant submissions. It was never an all inclusive scanner that showed what BOC detected and shouldn’t be relied on in determining if a file is malware.
Can I use Comodo BOclean as my only dedicated antispyware application.
A: While some may run it in this mode it’s suggested that most use CBO as part of a layered defense along with their anti-virus.
There are several posts on update problems with helpful answers.
Please read these first.
If you need to post after going through these, please include OS and CBO client information.
Is IE in “Offline” mode?
Did you try the Updater in the startup folder?
Did you give “Modify” and “Write” rights to the Limited users?
Did you install in admin mode?
Have you rebooted?
The issue was IE - not Outlook Express - see:
Both links describe the IE issue. Interesting to note that the first linked KB article was last reviewed yesterday. Even though they both refer to IE 4 and/or 5, evidently the issue continued in IE6.
Also worthwhile noting that the issue does not appear to be resolved by MS, the registry change may not stick and they admit to such in the KB article.
HKEY_USERS\SID\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline to 0 resolved the issue on all the boxes in question.
Here’s another solution to get Comodo BoClean to update.
Shutdown BOClean from systray.
Go to C:\Program Files\Comodo\CBOClean
Right-click BOC423.exe then click Properties.
Click the “Compatibility” tab
Under Privilege level
Check the box “run this program as administrator”
Click OK then close the properties.
Launch BOClean, right-click then click check for updates.
BOClean Database Is Corrupted
Sometimes it is possible to get a bad download - usually the very last packet getting somehow dropped.
BOClean checks its database before starting it and it has to be good.
Whenever this situation arises, the solution is to go to the start menu, programs listing, look for the COMODO group, COMODO BOClean and in there, is an item marked “Updater.” If selected, the updater will go fetch another copy of the database.
Start BOClean again and it should work.
It’s also been reported that
they need to stop BOCore and BOC425 before this fix will work.
4.22 End of Support