I have been running CIS for a long time and recently I installed Malwarebytes for some testing purpose. Surprisingly it showed two bootkit infections in my PC.
I scanned with CIS immediately and found that it does not detect them. I could not find a way to report the infection to Comodo as Malwarebytes shows it as physical sector and not a file. It only offers a cleaning and no quarantine either.
I have therefore cleaned the infection with Malwarebytes.
But, I would like to know if there is any way to submit it to Comodo for future protection against such infections.
I am attaching the screenshot taken from Malwarebytes scan. I know it is not enough,but it should at least give an idea of what I am talking about.
Just out of curiosity, what are your CIS settings for daily usage? Proactive Security is enabled? Auto-Containment is enabled and which rules are being used on it?
Either a case of ‘Whitelisted Malware’ (Using valid signature or trusted by Cloud) or the MBR Changing Rootkit was Contained and still able to modify the MBR. Maybe this can be a False Positive from Malwarebytes? Some users reported the GMER tool was detecting CIS as a Rootkit recently.
CIS does not scan using low level direct disk access, CCE does and detects any form of MBR modification, including legitimate MBR modification when you have a duel-boot of Windows and any other non-Windows OS.