You can understand the background of this post by going through this topic
I just want to reiterate that Antivirus Exclusions and Defense + Trusted Files are not the same. They should not be overlapped.
If a user deliberately excludes a location or a bunch of files from Comodo Antivirus, he either knows about them or he does not want them to be scanned. Still, if someone accidentally tries to run them, D+ would sandbox them, so no harm to the computer.
If for some reason a know malware enters the D+ Trusted files list, it is the of the day. The worst of all, CAV will not detect it any more even if it is a known malware sample. The file can run and do everything it wants.
I do not yet understand why comodo chose this behaviour and how this improves CIS performance.
Any way, this is indeed very dangerous.
I have been facing and reporting this behaviour/issue on my Win7 x64, from almost one year in almost all versions of CIS along with many others who are also facing the same.
Many different reasons have been identified which are causing this accidental inclusion of malware in Trusted files list. The issue was supposed to be solved in CIS 5.9, but it is not.
But, again, what ever may be causing this, it is a serious problem. I am proposing another way of eliminating danger due to this misbehaviour.
Do not allow the addition of known malware in to Trusted files list. Perform a hash check on all the entries in the “Trusted files” list regularly (preferably at start up) so as to make sure that all the entries are clean (free from known malware).
Change the behaviour of Comodo Antivirus and make it scan every file just ignoring the Trusted files list. CAV should only skip the AV exclusion list and it should scan all other files even if they are in D+ Trusted files list.
I heard some one saying that this reduces the performance of CIS, but I still wonder why ?
This will greatly eliminate the harm caused by this misbehaviour in the first place. We should any how identify and fix the problem causing this misbehaviour asap.