manual AV scanner not properly flagging .rar files [v6]

manually scanning this .rar is not being done properly

  • Summary - Give a clear summary in the topic subject, NOT here.
    There’s 2 files in a folder that has been that have been compressed to a .rar file. Both files are in comodo’s signatures. It only flags one of them.
  • Can U reproduce the problem & if so how reliably?:
    I can make the sample available to a link if needed
  • [b]If U can, exact steps to reproduce. If not, exactly what U did & what

Disable realtime scanning. Take 2 malware samples that comodo can flag and put it in a folder. Use winrar to compress it. It’s now .rar file. Right click on it and click on “scan with comodo av” It will only flag one of them, NOT both of them. Now extract the 2 files and put it on the desktop. use the mouse and highlight both of the files. Now right click on it and scan with comodo av. It’ll flag both of them

  • If not obvious, what U expected to happen:
    I expected both of the files known in comodo’s signatures to be flagged
  • If a software compatibility problem have U tried the conflict FAQ?:
  • Any software except CIS/OS involved? If so - name, & exact version:
    No other security software except “shadow defender” (Shadow defender isn’t even being used
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    I don’t know
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)

  • Exact CIS version & configuration:

[quote]CIS Premium 6.1.276867.2813 (proactive)

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    Firewallset to “custom”
    It has check marks on
    “filter ipv6 traffic”
    “filter loopback traffic”
    “block fragmented ip traffic”
    “do protocol analysis”
    “enable anti-arp spoofing”

For defense+
HIPS set to “clean PC Mode”
clicked on “enable adaptive mode under low system resources”
clicked on “enabled enhanced protection mode”

for av
use heuristics scanning set to “high”

  • Have U made any other changes to the default config? (egs here.):
  • Have U updated (without uninstall) from a CIS 5?:
    Clean Install (this was a brand new computer)
    [list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS:
    [li]if so, have U tried a standard config - if not please do:
    N/A This only affects manual scanning
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8 64bit, intel chip, uac setting disabled, admin account, no virtual machine
- [b]Other security/s'box software a) currently installed b) installed since OS[/b]: a= b= [/list]

[attachment deleted by admin]

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there are some items of information missing or unclear in your post:

A.8 Please append your Watch Activity Process List

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again


PM reminder sent.

Okay, for the time being I will move this bug report into the Non Format Issue Reports section. As soon as you are able to edit the report into the standard form please send me a PM and I can move it back.

Thank you.

Written by jay2007tech
I didn’t want to bump this up, so I just wanted to add this.
The computer that the bug was in, has been sold as I tend to do from time to time. I go through compiuters every once in a while

Okay, I will move this to Outdated as it appears that there is no way to submit a complete bug report.