New install observations/questions on CIS v5.8 Beta, etc.

I downloaded and installed COMODO Internet Security 5.8.202876.2065 BETA. The installation was swift. I was surprised that I cannot make a custom install as I have AIS v6(without the firewall and Behavioral Shield) but proceeded to go on. Upon restart it disabled Avast. I allowed that telling myself "why not --test the Comodo AV for a change.

So I updated and it seemed like forever to download the updates for the virus database update which was 78.9mb. Waited until it finished.

Scanned “My Computer” and it detected a whole bunch of trojan/malware and suspicious files.

Now I scanned with Avast and it said I was clean. Scanned with Malwarebytes and it said I was clean except 1 file.

An encrypted .rtf file (encrypted with Glary Utilities) was detected as Heur.Dual.Extensions[at]1z141z3. It was surprising to see that it was just a confidential file I saved from the office which was scanned gazillions of times with Norton 360(office)/ APSS v10…etc.

A driver file from the Asus website for an old P4S133 mobo was detected as TrojWare.Win32.Inject.~AF[at]hzje. Scans for Avast/Mbam are clean.

There were a lot of files marked as Suspicious[at]#2njp71ngjzbsk mainly a driver (Promise SATA378 Driver) from Asus website for the old mobo K8VSE Deluxe. Even my Everest Ultimate Edition ver4 and SensorsViewPro32 which I use to check motherboard/core temperature/performance is “suspicious”. Picpick.exe --screen capture utility too. Particular files are legitimate and as previous scans with Avast/Mbam was clean.

I also have a copy of all those files in another pc which had Avira Premium Security Suite v10(without the firewall) Outpost Pro v7.5.1, Mbam Pro, PrevxSOL. All my security apps did not detect “all that CIS detected except the single file I mentioned earlier”.

That particular single file has been placed in Quarantine/removed/deleted.

Now this is a first for me having a whole lot of FP’s on a first scan but then again It’s been years since I tried the Comodo AV component again.

Normally I often get FP’s from Avira and some from Avast/PrevxSOL/HitmanPro(not on a single pc).

I will send what I can to VT for testing but I am hindered by the file capacity sealing. My internet connection is a dial-up and it’s only seldom I use my dsl connection as it’s flaky and often when your in the middle of something…bam…server timeouts for what like seem to go for yonder.

That too maybe the case with Comodo as earlier I wanted to submit a file and it said “file is too big”.


a. Is the virus database update normally around the area of 78.9mb or it’s more? I ask because as my connection is slow I may have a problem with it.

b. What url servers can I use/add to the Preferences/Host to make my update a little faster? I am in the Asia. If I get a URL to place there, say, 2 o3 3,is it advisable to check it all?

c. When it showed the detections, there was “Clean” and “Ignore” button. I did not opt for that but closed the pop-up for I needed to see the results for Avast and Mbam . Then I changed the appearance from “silver” to “black”. I was surprised to see in the “Summary” that there is “0” detections in the AV component.

Is that normal or it was the way I responded(or not responded) to the pop-up? It asked if I was sure to close the results window. Does closing that window result in what happened?

I went through Windows Explorer to look for the files. CIS AVgave a pop-up whenever I was to right-click the file in question for Scan with either Avast/MBAM. There was a pop-up>Ignore>Once/Add in Trusted/Submit to Comodo/

d. This particular version is very light! I am testing it alongside AvastIS with the exception of WebShield and seems okay. But I do not intend to run both the AV component at the same time. It’s only now as I am testing/doing second opinion scans.

All exclusions have been set on both parties so if there would be some incompatibility it would be as little as possible. I seldom use(don’t like) the Avast Sandbox and the Auto-Sandbox/SafeZone is disabled. I am using SBIE paid version in all browsers, all with Drop-My-Rights.

Is there anything that I should be wary about?

e.If I can’t send the FP files to Comodo or VT, what can I do further? Seems to me the suite is okay. Been using CIS without the AV component since 2007(I think) so this FP’s are a shock to me. I scanned with CIS AV again and the result was the same.

I mentioned earlier I never had any experience like that. A missed file ot two but never that many AND no serious infection since 2007. I am really careful now(running second-opinion scans with on-demand security apps). But my main goal is to later light to I go for testing the whole suite.

If I can’t send the FP files to Comodo or VT, what can I do further?

f. I have a problem with shell32.dll. CIS says it’s “unknown” and I cannot send it becaue it’s too large. Scans via Avast and Mbam are clean. See pic.

All in all I seem to like it. Just the AV part is making me think…

It’s been a long one and I’ll finish up now.

Thanks and I hope to hear from you soon.


[attachment deleted by admin]

Of course you can make custom installation… 88)

Please, submit suspicious files at

Thanks for the reply.

How can I make a custom install? The installer did not gave that option? Where will I go? What will I do?

I’ll check out the link thanks there :slight_smile:


Here it is… :wink:

[attachment deleted by admin]

Silly me…tsk…■■■■:)I found it! I did not see that part as i think I was enjoying my coffee that much. I’ll stick to having the AV component for now and I will sub,it the files to the said link(am submitting as I write but the update for GeekBuddy is eating my bandwith…).

Is there any additional email address where I can send support about malware samples?

What about my other questions…? Please… :slight_smile:

Thank you for the help:)

malik ;D

You can also submit links to VirusTotal or Valkyrie analysis here…;msg469785#msg469785

Just checked my email and Comodo Antivirus Lab responded to only 4 FP’s:

-MakeDisk.exe [SHA:46df9d6a306711426821768c7682dee96710d5f8 ]
-picpick.exe [SHA:c3db882064855e6d4d92f2e1ea55943227e2fe35 ]
-SensorsViewPro32Setup.exe [SHA:fad07e01d605eca01af840fddf2712961cfe0746 ]
-everestUE_en.exe [SHA:44fd792be02f04090226914a8a76c0a15e2bc6fa ]

Still waiting on the other 7 files I sent.

Have not sent samples to VT yet. Am checking the link now.


malik :slight_smile:

No other reply from the 7 samples I sent to Comodo.

Hide-Ip-Browser 1.5\HidePB15.rar|Hide-Ip-Browser 1.5\WTLBrowser.exe


P4S133 Motherboard Drivers for XP\AGP\|agp113/AGP/htpatch/HTinst.exe

Games from MyPlayCity.com_Mini_Golf_Pro.exe|{app}\bass.dll

Avira Detection_[DETECTION] Contains recognition pattern of the
SPR/PSW.ProductKey.AW.1 program




Disappointing… 88)

Malik, put those 7 files here…