Everytime i boot my computer there is a file that keeps being put in My Pending files and everytime I have to MOVE the file to My safe files. It’s getting VERY annoying. I have my Defense+ set to training mode. Block all the unknown requests if the program is closed is DISABLED.
mchInjDrv.sys
[attachment deleted by admin]
Hi,
You don’t HAVE TO. Just because a certain file is there does NOT mean you 100% have to take action on it. You should be automatically submitting files to Comodo anyway, By Default… and that is enough… Unless something is critical you need to do.
Anyway… This file your talking about… What is it called?
Josh.
The fact that the file keeps appearing on your Pending Files list means that it is being generated by some other program regularly. The Pending Files list is a list of new files that have been created on your HD and might need review for safety. It is likely also being deleted regularly. Try this: on the Pending Files list, click Purge. If the file appears on the Purge list, it is a temporary file and no longer exists on your system. Moving it to your Safe list does not work for such files.
I thought the files in My Pending Files were locked and unnacessable by the OS until I move them to the SaFE Files.
This was because windows would not install the updates unless I moved the files. I guess CPF was preventing windows from installing the updates until I moved them over.
Odd.
It’s my experience files are locked when you move them to the quarantine list. Just purge, if they remain you could try looking up, or submitting them. If you know they’re safe just remove.
I think that’s how it works. Anyone is welcome to correct me.
I found this on the net:
MchInjDrv.sys is a driver for injecting code to other processes. Publisher is legitimate: http://madshi.net But it is often used by malicious software. Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup.
This is suspicious behavior. If the file is created and deleted in the course of running, it may not be there to delete. You should check the Defense+>Common Tasks>View Active Process List to see if it is there. Right-click it if it is there and select “Show Full Path”. Note what the parent application is (the one above it on the tree list). If you know the application, it may be no problem. You should scan for malware. The Sophos or Panda
scan for rootkits might be a good idea. You can quarantine it by right-clicking the process in the Active Process List and selecting Terminate and Quarantine. Of course, if the file is created on the fly, that might not fix the problem - the program creating it can just generate another copy. Quarantining the parent might fix that problem, but you should try a scan first to see if it is a known piece of malware. There could be other pieces of the puzzle that need to be removed to fix the problem.
No, the pending files are considered not safe and thus you should be asked about them if they attempt to run. But many times you won’t get any alert about one of these files until it’s deleted or modified again, don’t worry about keeping the pending list clean, it’s not necessary.