When I scan my computer with Autorun Analyzer, and select option to hide safe entries, I sometimes get message “there are no items to show”, sometimes there are few entries marked as unknown, and sometimes there are 60+ marked as unknown. When I open AA several times in a row (I wait for scan to finish first), I often see different entries marked as unknown each time. When I ran AA in Windows safe mode (without network) there were exactly 63 entries marked as unknown each time.
It works similar for Kill Switch, only there are fewer entries.
How should I interpret such results? Are these files actually trusted/whitelisted by Comodo, and if so, why do they sometimes appear as unknown? Or should I post all 63 files for whitelisting (as I believe they are all safe)? Is there a possibility that some malware is interfering, and that’s why I’m not seeing all the results?
This is purely technical question about how these programs work, because before I start help request thread I wanted to know what these results mean.
Due to the unreliable nature of the internet sometimes packet loss and latency can affect the file rating cloud lookup results. So what is happening is every time you open autoruns or use killswitch, they will perform a hash lookup to determine each items file rating using comodos file lookup service and if the results don’t come back for a particular file (packet loss) or it comes back too late (packet latency) then it will default to unknown file rating.
That explains why all 63 entries appeared as unknown when I was offline.
Can I ask for confirmation, that if a file is listed as trusted after some Autorun scans, but not every single scan, then it is considered trusted by Comodo?