Infected files removed from "Trusted Files" are not scanned any more real-time

Infected files removed from “Trusted Files” are not scanned any more real-time


A. The bug/issue
1. a) Try to execute an infected file (executable).
b) On the virus removal prompt choose the option to to add to “Trusted Files”.
c) Thereafter remove it form “Trusted Files” list.
d) Thereafter try to execute the infected file (executable).
2. a) After choosing the option to to add to “Trusted Files”, the executable cannot be launched from Explorer. The Explorer is frozen. Only killing and restarting explorer.exe allows the execution.
b) The infected file is executed without any virus alert! However a manual scan recognizes again the infection. So the infected file is executed without virus alerts, even though is removed from the “Trusted Files” and even though is infected according to manual scan.
3. This is dangerous behavior. I expected a normal behavior: attempt to execute and virus removal prompt (like in 1.). Evident: it’s a rare situation to declare an infected executable trusted file, but there are many false positives, so this is not an excluded scenario to mark them trusted, and after that – from some reasons – exclude from the database.
5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: N/A
6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): N/A
6. The used infected files were leak-test executables downloaded from matousec site.
7. The problem is reproducible (with steps described in 1.).

B. Files appended
1. Defense+ active processes list.
4. CIS config file.

C. Set-up
1. CIS version: 5.10.228257.2253; AV database version: 13268.
2. a) CIS no updated; clean CIS install on clean Windows install.
3. No imported config from a previous version of CIS.
4. Configuration: Proactive Security.
5. D+=Safe, Sandbox=Enabled, Firewall=Custom Policy, AV=Stateful.
6. Windows 7, SP1, 64bit, UAC=Always Notify, account type=Administrator.
7. Other security and utility software currently installed: No one.
8. Other security software previously installed at any time since Windows was last installed: No one (clean Windows install).
9. Virtual machine used: No.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse