After sheduled scan has completed successfully, there is no log of anything having occurred. I often switch my
computer off, and i dont know/ can’t remember when/if the last scheduled scan took place.

Thanks David
Yes, I agree 110%
I would like to see in the eventlog of CIS/AV, a record of av scans made by CIS/AV.
This would Include

1. an entry with Info about Scan Start time, Scan Profile, Automatic or Manual Scan.
2. an entry with Info about Scan Stop time, Success or Scan Failed. Total files Scanned, Threats found. Errors and/or missed files

This Info is included in the logs of just every respectable AV I have ever used. I was shocked when I could not find it in my logs. I have seen the Auto Scans both start and stop with no entry ever being put in my log files.

I meant to write this post along time ago and just never got around to it.

X

It is an absolute travesty that a true scan log does not exist. I like scheduling full scans for the middle of the night, and now I can’t even tell if they’re running. NOTE: I did away from Norton solely because the scheduled scans sometimes worked correctly on my Vista x64, sometimes they didn’t. So, I’m particuarly sensitive to confirming Comodo’s scan success.

I may have to go elsewhere for my AV because of this . . .

I may have to go elsewhere for my AV because of this . . .

A bit drastic don’t you think? ???

You think? With Norton, the scheduled scan wouldn’t work unless logged in. Then, it would freeze if two users were logged in. I had 280 days left on my subscription, and I uninstalled it anyway.

So, how do I know Comodo is working at 3AM? Should I set my alarm and get up at 2:59 and see, perhaps for 5 nights in a row to try different ‘log-in’ combinations? :THNK

Not at all. Doing that for five nights in a row would probably have adverse affects on your health

However, if in the scheduled scan settings, the “Automatically quarantine threats found after scanning” option is unchecked, CIS will wait for your interaction anyway. Then, when you check your computer, you can check the scan results, and remove/quarantine/ignore/report anything found or whatever. Obviously, if the scan screen is showing on your screen when you check your computer, the scan has run

Since there have been quite a few false positives reported, I think it safer for CIS to NOT automatically quarantine anything.

I do agree with your logic though. It would be a good addition to Comodo’s current logging system.

I don’t think your logic follows. The automatic quarantine is irrelevant here: If threats are quarantined, that would be logged and I would know it ran. Problem lies when no threats are found, there is no evidence that the program ran when I check it later, unless . . .

Is this program like Norton, in that it leaves a box open on the screen saying that “no threats were found” after a scheduled scan? I was under the impression that it simply closes after a scheduled run and leaves no evidence it ever scanned.

Now I see what you mean! Sorry to be so blind before, I feel slightly silly now :-[

Yes, thats a good idea, either that or adding a “Last Scan Run” section to the CIS main screen, maybe?

Absolutely. While a scan log would be best, even a note somewhere in the summary that says “Last Complete Scan: xx/xx/xxxx at xx:xx AM”

I just ran a scheduled scan and confirmed it ran okay. However, when it completed, it left no evidence that it ever ran . . . not even a “bubble” that said “No viruses detected.”
:o

Is there a workaround for this? Maybe something within Vista that says the program ran?

I wonder if I could make the scan run in Windows Task Scheduler, which would at least create a record . . .

Last week I installed Comodo IS on two computers at a church where I help out. No matter what time I set it to autoscan, I can’t prevent someone from stopping it in the middle. And, it’s just not an option to have it run in the middle of the night.

So, coming in today and seeing I have no way in the world to know if these computers have been scanned completely since i was last here is very VERY scary.

I have to agree with an earlier poster - I hate to have to implement a new AV scheme, but if logs/reports are aren’t coming ASAP, I’ll have no choice but to bail. A real shame, since feedback on Comodo is generally so positive.

How about an addition to the events window. Divide the antivirus logs into 2 sub-categories: “realtime” and “on demand”. The “on demand” log would record all of the scans and the results. See the pic below for an example.

[attachment deleted by admin]

Here are some updated log windows, which now includes more scan information. The design/layout may not be appealing (I am sure Comodo can make it look better), so look mainly at the content of what is presented.

The log window divides the antivirus logs into 2 sub-categories: “Realtime Scans” and “Manual/Scheduled Scans”. The “Manual/Sceduled Scans” log records all of the following:

• Date/Time of scan
• Profile scanned
• Scan type (manual or scheduled)
• Signature Database used by the scan

• of threats found (all scans are listed including those during which zero threats were found)

• Whether scan was completed or terminated before finishing
• Scan settings (scan memory, scan archives, auto quarantine, heuristics level, max file size scanned)
• List of threats found (including threat name, file path of threat, and action taken)

Log Format 1
The 1st pic shows all the information in one window, with collapsable/expandable entries that expand to show the details.
Log Format 2
The 2nd pic shows a different way of displaying the information…the entries are not collapsable/expandable, but when you click on the entry, a new window opens that shows the details (see 3rd pic).

[attachment deleted by admin]

+1 Woop!

Anybody have any idea if Comodo is going to modify the log in the near future? I really LOVE their firewall and would use it if I had logs for the AV.

Hi SharonyP,

I have an idea for your situation, should help.

Select in the Antivirus > Scanner Settings > Scheduled Scanning - Uncheck -Show Scanning Progress.
Check - Automatically Quarantine threats found after scanning.

Put a copy of eicar test virus somewhere on the HD that the regular users don’t go.

The scheduled scans should run silently in the background so they won’t shut it down on you.
It will find and Quarantine the eicar file, which will log a hit.
You can come in and see the scan completed from the Log hit, In quarantine just restore the file each time you check to “reset”.

You will have to Select Ignore Once several times each time you manipulate the test file.

You can get eicar test files here.

http://www.eicar.com/anti_virus_test_file.htm

Hope this makes sense and helps you somehow.

Bad

PS - All of this is assuming you aren’t suffering from a rash of FP’s.

The window does not stay on the screen if no threats have been found.

Hey, Bad Frogger, I just found this reply - I guess I never got notified and just forgot about it.

So, hmmm, this is very interesting. I get what you’re doing: setting the scan silent so no one cancels it (although, it will drive them crazy by slowing the machine down, not sure this is acceptable), then automatically quarantine the test virus.

I guess I can try it - but, it makes me very nervous to put a virus on the hd. What am I risking? And, when you say put it somewhere “where the regular users don’t go,” what do you mean? Just so they don’t find it and delete it? Or somewhere it can’t do damage?

Thanks so much for this - but I still hope Comodo will fix this hole in their otherwise fine product. I so love the firewall, particularly being able to tell it when I’m installing/updating…
Sharoney
P.S. what the heck does “suffering from a rash of FPs mean”?

The eicar test “virus” is not a real virus. It is made by av vendors for testing purposes. On the page Bad Frogger provided there is a long explination of the eicar test virus.

The reason why Bad Frogger asks to put it in a folder the users don’t usually come is to prevent the virus from being picked up when they open that folder.

With regards to suffering from a rash of FPs. FP’s is short for False Positives. CIS is a bit overly happy detecting regular files as potential malware with Heuristics set to anything higher than the default low setting. As a consequence some legit files may get quarantined. It may be wise to do a first scan and watch the results. Then flag any fp’s as trusted before you set it to automated scanning.

Thanks for all this good info - in fact, I’ve been using CIS and I do have something I think might be a false positive. I’ll have to check it out.

So, nice to know about the test virus - oh, I get it now, it IS a real virus, but it won’t be activated as long as it’s not opened, or the folder it’s in isn’t opened? Good to know.

I think I’ll just have them leave the computers on for a week, and using the eicar virus verify that it’s scanning, that would ease my mind. And, then I’ll just schedule it to run late every night. Too bad it doesn’t have an auto shutdown feature, although maybe I’ll just do that with the task scheduler. Wish I knew how to have all my scans (CIS, MalwareBytes, SuperAntiSpyware) run sequentially and then shut down. Guess I’ll just schedule them an hour and a half or two hours apart. Does that make sense? (I’ve been working too hard and am totally dazed. Just configuring Jungle Disk now - on second computer and b.e.a.t…)

Thanks!
Sharon