For months the CIS scanner found nothing. Today I scanned by accident with the setup “do not scan files bigger than 20Mb” and CIS found 2 threats. Than I configured the scanner to “scan files not bigger than 1024Mb” and now CIS found 14 threats.
Why is this not a standard setting for CIS, we want to catch all the bad files don’t we?
It’s an educated guess versus a performance tradeoff.
Scanning files larger than 20MB is obviously going to take longer to complete. So setting the limit at 20MB is going to increase scanner performance.
As most malware is going to be less than 20MB, it’s a pretty safe compromise.
I’m very curious to know if you found actual infections or just false positives.
Orr… They could have been a small virus <1mb just in a large compressed file.
Eljo, Were these malware active or just lying around? They are not a threat if they aren’t active ;D
The following files are found
A0046037.exe test32.exe Heur.PcK.FSG@-1
A0046036.exe test32.exe Heur.PcK.FSG@-1
A0046039.exe test32.exe Heur.PcK.FSG@-1
A0046038.exe test32.exe Heur.PcK.FSG@-1
A0046040.exe test32.exe Heur.PcK.FSG@-1
A0046041.exe test32.exe Heur.PcK.FSG@-1
A0046043.exe WinVNC.exe & VNCHooks.exe unclassified@17259741 & 15748151
A0046042.exe mov to avi mpeg wmv converter.exe Heur.PcK.FSG@-1
A0046046.exe test32.exe Heur.PcK.FSG@-1
A0046045.exe AXB.exe & CDB.exe unclassified@5672959 & 8310760
A0046044.exe aliedit.dll & alidcp.dll Heur.packed.Multipacked@-1
Are 12 of them really bigger than 20mb? ???
This doesn’t tell us if they are FP’s or not. From the names I’m assuming those are system restore files? Have you submitted them to VirusTotal or Comodo Malware Analysis to have them analyzed?
Not sure what u mean with “FP” so no answer there now.
CIS will not send them to Comodo there is constant an error sending it.
Yes, I think the most are in system restore or likewise backups. So in compressed files.
I was lying in bed yesterday and could not get it clear.
A virus on a disk is not dangerous is told. Ok so how do we know that for sure, we all know there are viruses that wake up on certain date and time. And CIS has made a scanner to scan every week, why scan if a virus on your disk is not dangerous… contradiction… I’m puzzled. ???
The most confusing contradiction to me is that many of them doesn’t look bigger than 20mb whereas System restore is likely to handle them separately with a A00XXXXX-like name ???
What were the two threats that CIS previously detected when “do not scan files bigger than 20Mb” was in place?
A0046045.exe AXB.exe & CDB.exe unclassified[at]5672959 & 8310760
Perhaps changing the max file size to a value higher than 20mb was unrelated to the new detections:
eg: WinVNC.exe & VNCHooks.exe unclassified[at]17259741 & 15748151 should be less than 20 mb as well
What is test32.exe file size? can you post a md5 or sha1 hash of that file?
FP means that the detection was a false positive. This means that the files are not malicious or dangerous even though Comodo detects them as such. You can follow this guide to investigate suspicious files:
How To Tell If A File Is Malicious
If the virus runs and can be detected by Comodo it will be caught. The problem is that it is possible that Comodo AV will be down or uninstalled at one point and the virus may activate itself then. It could happen. Also, most people like to know that there are no viruses inhabiting their machine. I’m sure there are other reasons, but that’s all I can think of right now.