Infected - COMODO Proactive Protection did not react at all...

Hi… So I’ve run an infected file from the internet, named msw.exe…

And COMODO has allowed it to run! No sandboxing, no firewall prompt - not anything!

I am running a full scan with Emsisoft Emergency Kit right now.

I have manually blocked the file through firewall while I scan my system. The file keeps connecting to port 1604…

Questions: 1) why did firewall NOT react? 2) why did auto sandbox NOT react?

The file does not have a digital signature. The MD5 hash is 6f05a213907d3afbb5e41813496f9359

I have submitted the file to COMODO through the Interface.

My problem is that this is not the first time when COMODO sandbox/Firewall let files run without prompt…

It’s a problem. - as I had auto sandbox, Viruscope, Firewall and Antivirus components activated…

why are files that keep evading comodo’s protection (auto-sandbox and firewall)?

More: Just now the AV component popped in: What is this, a money stealing Trojan?

It’s not the same file, it is most likely another component that msw.exe downloaded from the Internet.


Please export the Defense+ logs and upload it here (or take a screenshot of the relevant entries)

Also, could you PM me the file?

I have sent you a PM. Tell me if it is enough :slight_smile:

If this helps, these are CAMAS results:

I just tested it with proactive configuration, it got auto-sandboxed as fully virtualized and I got firewall popups for the file.

Do you use proactive or internet security config?

How did you download and run the file? (for example downloaded a zip file and extracted and ran, or downloaded before CIS was installed etc)

Also please go to the file list in advanced settings and tick all filters (so trusted, unkown and malicious is showing) then search for the file and see what CIS rates it as.

My configuration is set to COMODO - Internet Security.

the file was downloaded through firefox… I suspected that it was something fishy, but I hoped that COMODO would sandbox it.
That part got me surprised.

Yes, I did run the file “as is”, after i tried to download some software on the internet. I thought that was the correct file to execute, but I realized too late that it was malware.

EDIT: I went to “settings → File Rating → File List” and I found the entry at “Unrecognized files” (the status as of now after I have submitted the file)

I have kept a packed copy of the executable. I want to see how long it takes until COMODO recognizes it :slight_smile:

I’m not sure why they file was allowed to run then, sorry. :-\

well… I guess it must be something with my comodo config…

what config did you run the exe in? A default one, or a custom one? :slight_smile:

A custom one built upon proactive configuration.

OK, so I’ve reset the config to Proactive Security… then run the program again.

Apart from a firewall notification, apparently I still got nothing from HIPS/Sandbox…

EDIT: the file appears in sandbox, but I got no notification.

If i remember correctly you only get one alert per file, are you sure you didn’t get an alert earlier?

make sure you didnt deselect the option to show cis notification. a lot of users deselect it and cis no longer prompts any popups…

update: I have submitted the file to comodo 3 days ago, but the file still isn’t classified as malware.

I am sure it is malware… CIS still does not react to it.

Is it possible that the file is mistakenly listed as trusted in the file list? Or an auto-sandbox rule to ignore the executable? Any HIPS and or firewall application rule defined for the file in question?

-no msw.exe entry in the File Rating List
-no msw.exe autosandbox entry : I only have a few apps/games there that I have specifically ignored
becaused I knew they were harmless (an old game and a sysinfo utility, which have been scanned with third party
AV engines, so they are safe)

-block malicious apps
-block suspicious locations
-run All unknown apps virtually
-sandbox unknown shared space binaries
-run sandboxed folders virtually

Basically stock settings (with the apps I specifically allowed), but no msw.exe anywhere…

I have yet again manually scanned the file - while I had checked and i had no file exclusions in settings.
File reported clean.

Here is CAMAS result on the file (I have scanned it again to see if there was something new to report):

If there is someone that has tested the file and it got caught/isolated automatically, I would really
appreciate if they PM me with their comodo config to see where the flaw resides in mine.

I reckon that if this file doesn’t get caught from my side and it gets caught at other people’s side, then
it may be something wrong with my config that could prevent effective protection with similar/other
incidents in the future for me. I have tried resetting the config/applying presets, still it didn’t work.
Any tips would be helpful.

Thank you very much :slight_smile:

P.S. Would reinstalling CIS help?

Can you send me the file so I can test it? Also if you want re-installing CIS should help in case you have a corrupted install that the diagnostic doesn’t detect, btw have you ran a diagnostic report from within CIS? What version of CIS and windows are you running?

hi, futuretech.

I am using COMODO latest version (

Diagnostics didn’t find any errors.

I will send you the file via PM.

Thanks for your support :slight_smile:

@futuretech PM sent :slight_smile: