Problem with Trusted Files in Defense+

Hi users.
I have a problem with “Trusted Files” part in D+.
when i copy the “test viruses” to the “Desktop” and scan with comodo. some files going to “Trusted Files” list in D+.
and if i run they. sure my system will be infected(because virus is trusted!)
i removed cis and installed latest version CIS 5.5 but this problem was seen.
what do i do?

try to tell us what you did with those files before they got to the trusted list.
not long ago, other people mentioned that behaviour too.

https://forums.comodo.com/antivirus-help-cis/comodo-put-malware-into-trusted-file-list-when-i-added-it-to-the-av-exclusions-t76127.0.html

hi
There is a difference between my problem and that problem in topic" Put malware …"
i explain better now.
I downloaded some new viruses and extract compress file into "Desktop\1"
and i scan manually that. when i go to the “Trusted Files” in D+, i see some viruses in “Desktop\1” went to “Trusted Files List”.
and i run one file and COMODO not detect this file.
if problem is unknown i can take a film of it.
thanks all

its still not clear what happened in the other topics cases to cause this surprise. at first they thought, it would be the action to put something in exclusions. but that wasnt the reason. but a proven thing is when a file is sent as false positive.
maybe you found the reason for the other possibillity.
-people wonder why they have the files in the trusted files list-

if you can reproduce this happening, we would see one possible explaination.

in your test, make sure to remove the files from that list before.

hi
I recorded a film of problem.
what you think? a bug?

http://up2.iranblog.com/images/gk3buv2tditurcabpn6s.rar

you should use a video page or something like that (youtube as example).
there will be many people who would not load a random file somewhere from the internet :wink:
so do i.

YouTube Link:

Wow. This is indeed a very strange case of malfunction!
You even just used the basic buttons (clean).

This should be in the bug section. Now we have 2 proven reasons (this, and send as false positive), and 1 unknown reason which can put malicious files in the trusted files list without user consent.

What is also disturbing is the fact, that you run comodo in paranoid mode. There should not be added anything to the trusted files list on its own.

hi
But “bug section” need a one day Time to describe with “Standard Bug Format Report”.
but i haven’t time for it.
if this problem not solved. i will share that movie on all Broadcasting Video Sites & Professional Forums.
and if problem not solved again. i will Uninstall COMODO
I think this is a damage for COMODO Prestige.

Yes, the bug report format… but you have a video :slight_smile:
Btw, why do you make such a wind?
Basically you choosed the wrong section for this. In announcements or bug report your video had gotten more responses.
But a moderator should move this, dont double post.


Can a file be detected by antivirus, and trusted by certificate in the same moment?
And why gets the trusted files list filled in paranoid mode anyway?

Firstly, on seeing your bug report: All of the bug reporting/recording here is handled by volunteers. As such, it is a bit much to ask them to watch your video, read your topic and then transcribe the bug report for you (which may, or may not, end up being correct).

Secondly…

… and yet you seem to have time for this…

Since most members here (like clockwork and myself) are just volunteer users, I recommend excluding the threatening element to your posts. I don’t think anybody will be particularly impressed and it almost certainly will not work as you intended.

This looks like a previously reported bug:

https://forums.comodo.com/format-verified-issue-reports-cis/unrecognized-file-marked-as-trusted-issue-262-t61787.0.html

I was never sure if this was officially recognized as a bug even though it is very dangerous.

3 examples now with light different procedure, but with the same unexpected result.
2 of them even included “virus alarms”.

It takes less time to report a bug using the prescribed format than it does to upload a video to YouTube…

hi
I never describe in Standard Bug Report Format. this video is rational.
Please pay attention to the Bug.
My purpose of this Discussion is Correction this bug and no threatening purpose.
If i say i will share this video on all Video Sites & Professional Forums, my purpose is repair this bug and give this information to everybody uses this software.
Finding the bugs helps the developers to repair bugs.

Not sure but could the archive be marked as trusted?

Mouse

I can also confirm this weird behaviour.

I first though it was “add to exclusions” that added those virus samples to my “Trusted Files” list.

After digging a while in to this, doing all different things, re installing CIS 3 times, clearing “Trusted Files” for many times, purging the list, checking/un-checking “create rules for safe applications”…

all that I could observe is that

whenever I scan the sample virus set, some/all of the samples get added to “trusted files” list “regardless of the scan results”. Both the “clean/ infected” samples are added there.

The worst thing is, even after renaming the folders and purging the list manually 3 times, the list still contains the same contents after a restart “even though, they do not exist in that location anymore”.

I still have to read the “Standard Bug Reporting Format” to put this in proper form. But I will do that anyway. In the mean time, the info may possibly help the devs dig deep in to this issue.

I am using CIS 5.8.2.2 Beta on Win 7 x64.

Thanks for confirm.
If you can transcribe this Big Problem in Standard Report Format,please Transcribe that.
Thanks.

If you would report this in the CIS Beta forum, 5.8 Beta bug reports topic we’d very much appreciate it, SivaSuresh.

That is here.

Best wishes

Mouse

Did it, here is the link
https://forums.comodo.com/beta-corner-cis/comodo-internet-security-582066942075-beta-bug-reports-t76202.0.html;new#new