Assume I have some removable drives that are infected with malware and I run a scan on them with Comodo Antivirus. After the scan is complete I have many unrecognized files waiting to be submitted and analyzed by Comodo. I then select all files in the file rating list and change their rating myself from Unrecognized to Malicious then re-scan these files. Comodo now detects them as Policy.User@F and lets you quarantine them. Is it safe to assume that after quarantining all unrecognized files that the drive will be clean from any possible infection?
It will be clean from what what Comodo knows to be malicious and you don’t trust. Still other scanners may think some files are malicious. With detection there is never 100% certainty.
Why do you want to flag the unknown files as malicious? What are you trying to establish?
I’m trying to establish as close to a 100% trust rating as possible on my usb drives so I don’t plug them in to my computers and infect them. I’ve scanned with just about every av you can think of and each one finds something that the previous one missed. As you said 100% detection doesn’t exist, so would removing all executable files that are unknown to Comodo be a sure way to remove any potential threats? The only files remaining would be those that Comodo has given a trusted rating. What are the chances of Comodo giving an infected file a trusted rating if I do it this way?
The latter is a very slim chance but not zero either.
If you’re looking for scanning with as many AV’s as possible you may be interested in Herd Protect. An on demand cloud scanner with the verdict of 68 AV engines.
Thanks for the suggestion. I’ve tried Herdprotect in the past and unfortunately they don’t give a custom or full scan option. It’s a very brief quick scan that they offer for the local drive which doesn’t cover removable drives, so i’m out of luck there.
Last question from me. I noticed Comodo gives a lot of unsigned files a trusted rating but when I look them up on Virustotal they look very suspicious to me with only a couple engines detecting them. What if I look for and delete all the unsigned files? Is there ever a good reason to trust files without a valid signature and how often do they turn out to be malware? Thanks.
If only a couple of eniges on VT detect a file as malicious it is most likely a false positive. Those detections are likely of the kind Potentially Untwanted Program (PUP), Potentially Unwanted Application (PUA), adware or incidentally a heuristic detection that sees any downloader as a trojan.
What if I look for and delete all the unsigned files?Is there ever a good reason to trust files without a valid signature and how often do they turn out to be malware? Thanks.There are many useful programs or utilities that are unsigned. It would be throwing away the child with the bathwater.
Please remember that upon execution CAV will check if programs are trusted. If they aren’t they will be sandboxed. Even if the program would be malicious without an av signature the sandbox will keep it at bay and prevent it from doing harm.
My advice is to stop worrying and start using crude tools like deleting unsigned file and trust the sandbox over any detection.
If you have infected usb drives, you will want to do this. I always use this when i fix other people infected usb drives on there computer
When you run it make sure all 4 checkmarks are there.