Global column actions trigger wrong single item action for comprsd items [M952]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?:
    Every time.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    1:Scan a zip folder with a single detectable file (example attached to this post).
    2:Notice that the global dropdown menu in the column header has these options: Clean, Ignore Once, Add to Trusted Files, Report as a false alert, and add to exclusions
    3:However, each of the detected items only has the following options: Clean, Ignore once, and add to exclusions
    4:“Add to trusted files” and “Report as a false alert” are only available in the global dropdown menu on the column header
    5:Moreover, “Add to trusted files” and “Report as a false alert” trigger the “Clean” option for the dropdown menu of the single items, while “Add to trusted files” and “Report as a false alert” both state that you don’t want to remove files.
  • If not obvious, what U expected to happen:
    There should be “Add to trusted files” and “Report as a false alert” options for the single items too
    OR
    “Add to trusted files” and “Report as a false alert” should at least trigger a different option than “Clean” for the single items (Ignore once?).
  • If a software compatibility problem have U tried the conflict FAQ?:
    NA
  • Any software except CIS/OS involved? If so - name, & exact version:
    NA
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    See the attached screenshot for clarification.
    [/ol]

B. YOUR SETUP
[ol]- Exact CIS version & configuration:
CIS 7.0.313494.4115, default configuration profile

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    Firewall enabled, anti-virus enabled, defense+/hips disabled, autosandbox/bblocker disabled.
  • Have U made any other changes to the default config? (egs here.):
    No
  • Have U updated (without uninstall) from CIS 5 or CIS6?:
    No
    [li]if so, have U tried a a clean reinstall - if not please do?:
    NA
    [/li]- Have U imported a config from a previous version of CIS:
    No
    [li]if so, have U tried a standard config - if not please do:
    NA
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    Windows 8.1 Pro, 64-bit, default UAC settings, default account type, no virtual machine.
  • Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
    a=none b=none
    [/ol]

[attachment deleted by admin]

Thank you for submitting this. Please edit your first post so that it is in the format provided here:
https://forums.comodo.com/bug-reports-cis/required-format-for-reporting-bugs-t102284.0.html
Just copy and paste the code. Then put your responses after each colon. Do not change anything else about the formatting.

Let me know if you have any questions.

Thanks.

? It already uses this format https://forums.comodo.com/bug-reports-cis/resources-for-bug-reporters-t26980.0.html;msg456515#msg456515

The page you linked with unencoded bbcode is unreadable.

I think there is a misunderstanding. I have just edited your first post so it is in the required format. Take a look at what it looks like. Then choose to modify the post to see what the code looks like. This makes it very easy for the devs to read, and once you get used to it it’s actually very easy to use.

I did change a few parts, so make sure that everything is correct. If it isn’t then please change the wording to something more appropriate.

Also, please attach a diagnostics report to your first post. If you have any questions about how to do that please feel free to ask.

Thanks.

Ok… I think you could:

  1. Update this post to the latest format https://forums.comodo.com/bug-reports-cis/resources-for-bug-reporters-t26980.0.html;msg456515#msg456515

  2. Add a version of this post with encoded bbcode https://forums.comodo.com/bug-reports-cis/required-format-for-reporting-bugs-t102284.0.html;msg743135#msg743135 as it’s difficult to read the content between many bbcode tags (yes, I could also use the “preview” feature to parse the bbcode)

I did change a few parts, so make sure that everything is correct. If it isn't then please change the wording to something more appropriate.

I think it’s ok now.

Also, please attach a diagnostics report to your first post. If you have any questions about how to do that please feel free to ask.

This is a computer with highly sensitive data, the account username and the user directory path are sensitive too, what does a “diagnostics report” exactly contain? I can see a .dmp file with binary data. I need to verify the exact content.
Moreover, this is basically a GUI issue, the attached screenshot should be more than enough, it’s not a crash or such with something to diagnose.

Thanks for pointing this out. I had not realized that this page was not updated. I have just updated it. Let me know if it seems okay.

I used to have a copy like that. However, what I found was that too many users were just copying the way it looked instead of the code. That’s why I got rid of it. However, I did edit the format post to specifically instruct users to use Preview when filling it out. Do you think that would be sufficient for you, or is more needed? I appreciate your help with this.

Okay, in that case I’ll forward this.

Understood. In that case I won’t force you to attach a diagnostics report. However, if the devs, or myself, contacts you later please be prepared to supply this. However, in that case it will be handled in such a way that it will not be visible to forum members. I hope that is okay.

Thank you.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

I had a similar issue with a V6 build, the difference being that it was “Ignore Once” that was missing, it was fixed by re-installing CIS for me. Also I can’t replicate this in the latest release of CIS. That might not bring much, just wanted to point out that it could be an installation issue/corruption.

[attachment deleted by admin]

Thanks for pointing that out.

ekerazha, please try reinstalling CIS by following the advice I give in this topic and let me know if the issues continue even after that.

Thanks.

OK I have some interesting info… I tried with a plain Eicar file and I couldn’t see the bug anymore.

But this bug definitely appeared when the detected file was this file: http://camas.comodo.com/cgi-bin/submit?file=e3b2b94f02714c64b05fce4ebf93248ce0ac8907d14a16177fb9d2a80444e79d

It was a strange file as CIS detected a .DLL file inside a “zip” file with .PNG extension (yes, it had a .png extension but it was an archive file).

So… I tried to compress the Eicar file et voila…
I attached the test file which you can use to reproduce this issue. Use CIS to manually scan the ZIP file (don’t decompress it).

[attachment deleted by admin]

I can replicate with that file.

Okay, I can now replicate this as well. It looks like this happens only for compressed files. I understand why it would not be able to add the zip file to the trusted files list. That explains why that option is gone for the single file. However, I still don’t understand why it wouldn’t be possible to Report as a false positive.

Also, there still shouldn’t be a discrepancy between the two lists, at least if there is just a single file scanned. Thus, this does seem like a legitimate problem.

I will update the first post and the tracker.

Thanks.

The devs have informed me that apparently this is by design. For this case, if you scan a zip file the actions are to be applied ONLY for the zip file, and not for its content. Apparently the designed approach is that if you want to investigate its content you should extract the files and then scan it. CIS AV is not currently mean to extract files in order to implement actions per item.

I will therefore move this bug report to Resolved. If you have any questions please let me know and I will do my best to answer them.

Thank you.

This doesn’t explain why the global “Report as False Positive” option triggers the “Clean” option on the single file, it should at least trigger the “Ignore” option as the concept is that the file isn’t really malware.

That is a good point. I have now re-opened this bug with respect to the fact that the zip files is removed if “Report as False Positive” or “Add to Trusted Files” is selected. I will therefore move this back to the Format Verified board.

Thank you.

The devs have requested a video showing this. Are you able to create a video showing yourself replicate this behavior?

Thank you.

Thank you. I have added the link to the tracker.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.

We have a problem. I tried to reproduce the issue, but COMODO can’t detect the EICAR ( http://www.eicar.org/86-0-Intended-use.html ) file anymore. I’m going to report it as a false negative.