Quarantine

Hi

Comodo send some malwares into Quarantine
After that , I scan my whole system with Malwarebytes’ Anti-Malware
MBAM found malware in Comodo’s Quarantine folder and delete it easy (Without any Comodo alarm)

Is it normal some programs can go into Quarantine?
Is it normal that we (outside Comodo program) can delete some files in Quarantine without any Comodo alert?

I found rootkits after scanning… comodo will NOT quarantine or diinfect and when I click clean it got rid of a few but left the rest… then it pops up error message… oops!! found bug … then ask me to send error report when I try to send report Comodo crashes… anyone else having this problem?

Dusty. Can you make sure the CIS folders are in Protected Files and Folders (Defense + → Computer Security Policy).

What configuration are you using? Look under More → Manage My Configurations. I think because Malwarebytes is a Trusted Vendor it is therefor allowed. It should not happen with an unknown program.

Ok , I start this topic but nobody answer me ! ???

MBAM is givingen full access and if the Quarentine folder is not protected MBAM can delete found malware.

Regards,
Valentin N

Thanks
What is you means about " if the Quarentine folder is not protected MBAM can delete found malware."
How to protect Quarentine folder ?
I think when I active comodo self-protection , It must support all comodo folders include Quarentine

I will test and come back. But I assume if MBAM boots before CIS then the found malware will be deleted. It’s impossible to access the quarantine folder, so CIS is protecting this folder.

I will update this post.

UPDATE: It seems that MBAM is booting before CIS. The malware that I had in quarantine is deleted.

Regards,
Valentin N

[attachment deleted by admin]

I don’t believe this is correct.

That said, I’m not sure why Malwarebytes was able to detect files in Comodo’s quarantine. I’m looking into it.

Well nevermind what I said then. Malwarebytes is actually able to delete quarantined files from CIS. How did you have CIS configured?

C:\Program Files\Comodo* is in the protected Files and folders. Therefore I wouldn’t think anything should be able to delete files from inside it.

Interesting…

I have it like I always have: CIS security settings: Proactive. AV: on access with heuristics on high

Regards,
Valentin N

Can you try it with “Block all unknown requests if the application is closed” checked and see if it makes a difference?

Also, what OS are you using? I assume you’re not using a VM.

I have done this test in order to see if my guess was right (which it was)

Everything is like default but I have only changed AV settings to high and to proactive security.

I made this test on my real machine that uses Win 7 pro 32bit with UAC on.

Regards,
Valentin N

I found really funny thing … Try this:

Go comodo program folder

Try to delete comodo’s files one by one (manually)

Without any alarm you can delete so many files of comodo (Only some files you can’t delete it) until AV breakdown

Wow… I think Self-Defense of CIS 5.x is awful

The self defense isn’t meant to prevent protected files from being manually edited by a human. It’s meant to protect them from malicious programs. These are two very different scenarios.

Also, I think the case with MBAM is that it is a trusted program and is thus given many rights. I don’t believe this could happen with malware. I’m still looking into it.

I don’t think people will go and delete files in their IS folder and since you say that CIS 5 has awful self defense install NIS, ESET and other and try to delete their data files and report back if you could. I would like to know.
Thanks

Regards,
Valentin N

Hello;

Correction; the deletion is done by Explorer.exe Thus, explorer is by default ‘windows system app’

This seems to be a bug unless you have configured or updated incorrectly to a new version of CIS;

Could you run this {If in Vista/7 right click > run as admin} and upload the report to your next reply;

Also; Please state your OS/CIS Version and Any other security software installed?
And any other information that may help us pin-point the problem

Jake

I made a clean installation of CIS 5.3.

Thank you for investigating. That makes more sense.

Was that meant to be directed at me?

It was directed at initial poster

Thanks
Jake

Works fine here Windows 7 x 32 access denied.

Dennis

[attachment deleted by admin]