Too many unrecognized files in RATING SCAN

  1. A Rating scan shows a very weird list of unknown files, which is unbelievable. The list includes even firefox and it’s plugincontainer. The list has unbelievable entries like comodo’s own browser icedragon and dragon. What to do with these files - keep them as it is or mark them as trusted? Why they are still unrecognized? Attaching screenshots of the list.

  2. Defense+ alert shows that it cannot recognize utorrent.exe. Is it normal?

  3. MS word and WLPG asks for direct access to keyboard about which HIPS shows notification. I have seen that even blocking them from accessing keyboard directly does not hamper regular usage like using keyboard shortcuts. Then why actually they need direct access to keyboard? Again, why MS Word is not yet trusted by HIPS?

Hope someone will shed some light on these issues.

[attachment deleted by admin]

Try running Rating Scan again. Does the same thing happen?

03. MS word and WLPG asks for direct access to keyboard about which HIPS shows notification. I have seen that even blocking them from accessing keyboard directly does not hamper regular usage like using keyboard shortcuts. Then why actually they need direct access to keyboard?
Programs often use multiple strategies to read the keyboard. They may use regular Windows system functionality as well as direct access.
Again, why MS Word is not yet trusted by HIPS?

Hope someone will shed some light on these issues.

Is your version of Word part of a regularly installed Microsoft Office? Or is it part of Office Starter (or whatever the name); that’s is a version of Office that runs from a sort of image file; that could explain this. Can you check with the D+ logs or KillSwitch if Word gets sandboxed?

Dear EricJ, I tried Rating Scan again. The same thing happened. This time I have noticed another thing - Icedragon is marked as AUTORUN along with many others. Should it be AUTORUN? CCLEANER is also marked as AUTORUN and UNRECOGNIZED. The list seen in the previously attached screenshot prevails. I was not using sandbox. Activated it and tried to launch word. It sandboxed WINWORD.exe. My curiosity is much higher about why dragon and icedragon are unrecognized and why marked as autorun!

Do you have extensions running in CD and CID that keep CD and CID running in the background when closing them down? Could you check with Autoruns to see from where CD and CID are started?

Can you check that CCleaner has a valid digital signature and that the name of the publisher is Piriform Ltd?

As for Word can you post the path on which Word is installed? I want to know if this is a regular installation or that special installation form. Can you also check the digital signature of Word and see if it is valid?

  1. Among all the unknown files the files that I have checked to reply you are CD, CID, Ccleaner and Word.

  2. Windows shows that the signatures of all of them are valid. [Right click on exe > properties > Digital signature > select signature name > Details]. The signature mentions the name of the publisher is Piriform Ltd and CD and CId are form Comodo Security Solutions and word is from Microsoft Corporation.

  3. I uninstalled ccleaner 4.13 and downloaded and installed 4.19 which is the latest. Rating Scan recognized the newly installed ccleaner as UNKNOWN file and marked it as autorun as it did with the previous one.

  4. All the files are verified by clicking on their name from Rating scan screen to confirm that they are where they should be -in the installation directory where I put them.

  5. CD and CID have the default addons with which they were delivered from Comodo like Comodo Drag&Drop Service, Comodo Media Downloader, Comodo Share Page Service, Comodo Web Inspector, Google Wallet, PrivDog. They do not run without CD or CID.

  6. As samples, attaching screenshots of Comodo Ice Dragon. 01=signature and 02=file location.

[attachment deleted by admin]

Do you have cloud lookup enabled as well as trust files signed by trusted vendors?

Dear Sanya IV Litvyak, Cloud look up is enabled. Both of trust vendors and trust installers are Unchecked - disabled.

Anyone…anymore input?

What happens if you enable the option to trust files signed by trusted vendors?

Yes, it is now showing the the files as trusted which were previously marked as unknown.

Dear Sanya IV Litvyak, this is now clear that the rating scan extensively depends on trusted installers and vendors. Let it be so. Thanks for guiding. I mean, thank you very much.