Comodo send some malwares into Quarantine
After that , I scan my whole system with Malwarebytes’ Anti-Malware
MBAM found malware in Comodo’s Quarantine folder and delete it easy (Without any Comodo alarm)
Is it normal some programs can go into Quarantine?
Is it normal that we (outside Comodo program) can delete some files in Quarantine without any Comodo alert?
I found rootkits after scanning… comodo will NOT quarantine or diinfect and when I click clean it got rid of a few but left the rest… then it pops up error message… oops!! found bug … then ask me to send error report when I try to send report Comodo crashes… anyone else having this problem?
Dusty. Can you make sure the CIS folders are in Protected Files and Folders (Defense + → Computer Security Policy).
What configuration are you using? Look under More → Manage My Configurations. I think because Malwarebytes is a Trusted Vendor it is therefor allowed. It should not happen with an unknown program.
Thanks
What is you means about " if the Quarentine folder is not protected MBAM can delete found malware."
How to protect Quarentine folder ?
I think when I active comodo self-protection , It must support all comodo folders include Quarentine
I will test and come back. But I assume if MBAM boots before CIS then the found malware will be deleted. It’s impossible to access the quarantine folder, so CIS is protecting this folder.
I will update this post.
UPDATE: It seems that MBAM is booting before CIS. The malware that I had in quarantine is deleted.
The self defense isn’t meant to prevent protected files from being manually edited by a human. It’s meant to protect them from malicious programs. These are two very different scenarios.
Also, I think the case with MBAM is that it is a trusted program and is thus given many rights. I don’t believe this could happen with malware. I’m still looking into it.
I don’t think people will go and delete files in their IS folder and since you say that CIS 5 has awful self defense install NIS, ESET and other and try to delete their data files and report back if you could. I would like to know.
Thanks