Malware detected by COMODO in VT but not with CIS5

I have 3 samples, when I scan those samples with CIS5 (database 6191) it can’t detect the samples even with Cloud scanning enabled in Manual scanning.

But when I scanned the samples in VirusTotal, it says that COMODO can detect it( database 6191).

Can someone explain this to me how it could be possible?

I can send the samples to a moderator for analyzing.

[attachment deleted by admin]

please send them to me.

Hi Nickoo,

Thanks for malware submission. We are going to check this out and if found malware,detection will be added.

Thanks and Regards,

I already noticed that issue… no answer from comodo…

Do VT have a better comodo av scanner ;D 88)

Hello Languy99, I did that. Please check your PM. :slight_smile:

Be careful they have digital signatures ;D

I just checked them out, all three were detected the second I tried to remove them from the zip folder.

Thanks languy99,

But it’s not detected here with the latest update ( 6194) ???

is something wrong?

[attachment deleted by admin]

Go to Anti Virus

Then Scanner settings

Then in the dialog box, make sure it looks like picture one.

Then, go to manual scanning and enable cloud scanner! :smiley:

That should do it.

[attachment deleted by admin]

show me your virus scanner settings please.

Hello, I did this in first post, look at the firs screen shot in first port please! :slight_smile:

Here you are… :slight_smile:

if you want I can capture a video and upload this to show you that they can’t be detected by CIS 2011 (database 6196).

I don’t know what is wrong but every thing in CIS working even it can detect and remove other samples! but not those three !

[attachment deleted by admin]

can you give me the MD5 of your bases.cav file? mine right now is 154BC9E376EF9818CCF2EF1603018361 and it is 6194 if yours is different you might have a corrupted one. I will tell you how to fix it.

Hi languy99, I live in Sweden and maybe COMODO use different server to update database. min is 6196 ;D

here you are…

[attachment deleted by admin]

Well I don’t have the samples but I have the same db and hash.

So something else is amiss.


trusted files or exclusions , verify.

Detects them all, Real Time during extraction, On Access of containing folder and if Manuallly scanned.

So… Check for exclusions and trusted files as MOVEAX suggests.


[attachment deleted by admin]

Hello MOVEX, no they are not in trusted files or Exclusions. :slight_smile:

[attachment deleted by admin]

Thanks Bad Frogger, than I must say that that is my CIS that can’t detect them and I must find a solution :frowning:

Any other security software installed?

What are your other settings in CIS?

Now, or ever use Clean PC, or training Mode?


Try off antivirus, reboot, activate antivirus stateful , rescan