I just tested it with proactive configuration, it got auto-sandboxed as fully virtualized and I got firewall popups for the file.
Do you use proactive or internet security config?
How did you download and run the file? (for example downloaded a zip file and extracted and ran, or downloaded before CIS was installed etc)
Also please go to the file list in advanced settings and tick all filters (so trusted, unkown and malicious is showing) then search for the file and see what CIS rates it as.
My configuration is set to COMODO - Internet Security.
the file was downloaded through firefox… I suspected that it was something fishy, but I hoped that COMODO would sandbox it.
That part got me surprised.
Yes, I did run the file “as is”, after i tried to download some software on the internet. I thought that was the correct file to execute, but I realized too late that it was malware.
EDIT: I went to “settings → File Rating → File List” and I found the entry at “Unrecognized files” (the status as of now after I have submitted the file)
I have kept a packed copy of the executable. I want to see how long it takes until COMODO recognizes it
Is it possible that the file is mistakenly listed as trusted in the file list? Or an auto-sandbox rule to ignore the executable? Any HIPS and or firewall application rule defined for the file in question?
-no msw.exe entry in the File Rating List
-no msw.exe autosandbox entry : I only have a few apps/games there that I have specifically ignored
becaused I knew they were harmless (an old game and a sysinfo utility, which have been scanned with third party
AV engines, so they are safe)
-block malicious apps
-block suspicious locations
-run All unknown apps virtually
-sandbox unknown shared space binaries
-run sandboxed folders virtually
Basically stock settings (with the apps I specifically allowed), but no msw.exe anywhere…
I have yet again manually scanned the file - while I had checked and i had no file exclusions in settings.
File reported clean.
Here is CAMAS result on the file (I have scanned it again to see if there was something new to report):
If there is someone that has tested the file and it got caught/isolated automatically, I would really
appreciate if they PM me with their comodo config to see where the flaw resides in mine.
I reckon that if this file doesn’t get caught from my side and it gets caught at other people’s side, then
it may be something wrong with my config that could prevent effective protection with similar/other
incidents in the future for me. I have tried resetting the config/applying presets, still it didn’t work.
Any tips would be helpful.
Can you send me the file so I can test it? Also if you want re-installing CIS should help in case you have a corrupted install that the diagnostic doesn’t detect, btw have you ran a diagnostic report from within CIS? What version of CIS and windows are you running?
