I run Comodo (free version without the antivirus module) Version 3.8.65951.477, which I assume is the latest version of my program. I run NOD32 as a standalone AV program.
Recently Comodo has flagged aimemb.dll (a file amongst the files installed by a program I use called Actual Windows Manager) as suspicious.
When I tried to submit it for analysis from within the program, I encountered a “submission error” message. Since I seem to remember being able to submit a suspicious file in the past, I assume that sometime recently the mechanism for submitting suspicious files from within the program itself has been turned off, and instead the CIMA alternative is offered.
I then uploaded the file to CIMA and received a result consisting of a “File Info” box and a “Verdict” box. The last line in the File Info box says “Process Failed” and the line in the “Verdict” box says “Not Rated as Suspicious”. See the attached file for the results of CIMA’s scan of the file.
My concern is that the line that says “Process Failed” suggests that I cannot rely on the Verdict, i.e., that CIMA’s attempt to analyze the dll file failed, hence there is no verdict that I can rely upon. I would be grateful if someone in the know could advise me whether, for this instance, and also for future submissions I make to CIMA, if a “verdict” of “not rated as suspicious” can be relied upon if the last line in the File Info box says “process failed”. Thanks. Nella
[attachment deleted by admin]
Submitting files from your “My Pending Files” and CIMA are currently two different things. CIMA is to test suspicious files. Given the problems you seem to be having it appears that you’ve got a connection related issue. Can you upload the file to VirusTotal? www.virustotal.com (Comodo’s Analysis is also in Virus Total. If you can upload the file there and the file can be tested then it’s the CIMA Page that needs reloading.
Thanks for the virustotal advice. I ran the file through its databases and it came out clean.
I assume when you upload a file to CIMA the tests performed are a subset of the tests that are run on the same file uploaded to virsutotal’s website?
On the CIMA results box, please correct me if I’m wrong, just because the last line in the File Info box says “Process Failed,” that indication alone does not render the stated “Verdict” inaccurate.
Thanks again. Nella
Your Welcome… Yes, Comodo Adds signatures from the Virus Total Website along with all the other antivirus vendors who’s scanners are on the site.
CIMA attempts to run the file as an executable and/or monitors it’s behaviour. The "Process Failed only refers to CIMA trying to execute the file and denotes that no activity takes place when trying to run the file. Since the file when attempted to run performs no action nor impacts the system is is valid that it’s “Not Suspicious”.
I agree that the results perhaps could be clearer. CIMA is being developed further and further to improve detection analysis and usability.