I was cleaning a friend computer from viruses and worms today (he had a nice collection ;D), I used my USB key on his computer to install cleaning softwares, so I knew my key would be infected with the same autorun worm he had. I did not remove the worm from my key once I finished cleaning his computer just to see how Comodo would handle it on my own computer.
This worm installs itself in DRIVE:\Recycled\INFO.EXE and add an autorun.inf pointing to this file.
I’ve disabled autorun on my computer so I ran a manual scan on the usb flash drive.
Comodo did detect the autorun.inf as “unclassified malware” but not the INFO.EXE in the “Recycled” folder…
A quick look in the exclusions tab in the Virus scanner settings and I found that all files placed in directories beginning by “Recycle” were excluded by default!
I moved the INFO.EXE to the root of the drive and Comodo detected it but crashed when I quarantined it :-\ (right after moving the file to the quarantine). I had to run a diagnostic to re-enable the virus scanner components, I think that Defense+ too had stop working (even if “All system [were] active and running”… :-\ )