Heuristics don't recognize dual extensions if spaces used between extensions


  1. What you did: Scanned file with dual extensions using real time scanning and using a right click scan
  2. What actually happened or you actually saw: Antivirus didn’t detect dual extensions and didn’t show alert if whitespace sequence used between extensions
  3. What you expected to happen or see: Antivirus must recognize dual extensions if heuristics is enable
  4. How you tried to fix it & what happened: Increased level of heuristics but this didn’t help
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?: I haven’t compatibility problem
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): File with dual extension is appended
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Yes, just scan file with dual extensions again using a right click scan
  8. Any other information (eg your guess regarding the cause, with reasons): See file with dual extensions which heuristics bypassed in attachment. This is not malware, it’s only test that I wrote myself to illustrate the bug.

B. FILES APPENDED. (Please zip unless screenshots).:

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Appended
  2. Screenshots illustrating the bug: Appended
  3. Screenshots of related CIS event logs: Appended
  4. A CIS config report or file: Appended
  5. Crash or freeze dump file: No crashes or freezes so not appended
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Appended


  1. CIS version, AV database version & configuration: CIS version 5.9.219863.2196, database 11328, default Internet Security config (Firewall, Defense+ and Antivirus default)
  2. a) Have you updated (without uninstall) from a previous version of CIS: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: Yes
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: Yes
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
  5. Defense+, Sandbox, Firewall & AV security levels: All default (D+=Safe, Sandbox=Enabled, Firewall=Safe, AV=Stateful, Heuristics=Low)
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP Pro, SP3, 32 bit, No Uac, Admin
  7. Other security and utility software currently installed: None
  8. Other security software previously installed at any time since Windows was last installed: None
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: No

[attachment deleted by admin]

Thank you very much for your very helpful bug report in standard format.

We would appreciate it if you would edit you post to add a little more information regarding exact steps to replicate the bug in A.7. Forexample, are you using a right click scan?

Is the file live malware (hopfully it’s test malware, as live malware should not be appended, instead please describe where ro aquire it).

We would be grateful if you would add these items of information so we can forward this post to the format verified board.

Best wishes


Mike, I have added required info as you asked.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again