trojan, normally cis should notice it, but doesnt

TR/VTool.Obfuscator.GZ (my avira detected it on an external equipment, source was that infected pc)
directory C:\ or external drive, but always the same folder names, very hidden.
running and spreading itself on each connected external drive, self running on default pc`s… etc
active on a friends pc with cis antivirus and defense “clean pc mode” (what i suggested him anyway to change to safe mode). as i dont have an autorun enabled for an external drive, my defense+ wasnt tested.

i am sure, that no one would ignore a virus warning. is it possible, that a defense+ warning was allowed and so no antivirus warning appeared, or if clean pc mode allowed it as something already on disk?
the first messages about this file are from months ago… while his database was from 17 december.

malware should be detected by antivirus definetely, or clean pc mode is like a: switched off antivirus against rootkits .

Hi clockwork,

Thanks for reporting. When you encounter a suspicious file, please submit samples at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year, so it can be resolved as quickly as possible.


“Clean mode” tells CIS that EVERYTHING currently installed on this PC is to be considered safe. It is usually only used on a freshly installed PC (where there is a reasonable assurance that the PC is actually clean).

If it is an existing setup and CIS is installed on it, I would recommend that clean mode not be used, rather switch to safe mode.

Quote from Help file (my emphasis)

Safe Mode: While monitoring critical system activity, Defense+ will automatically learn the activity of executables and applications certified as 'Safe' by Comodo. It will also automatically create 'Allow' rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This will instruct the Defense+ not to generate an alert the next time it runs. [b]If your machine is not new or known to be free of malware and other threats as in 'Clean PC Mode' then Train with Safe Mode' is recommended setting for most users [/b] - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.

Hope this helps,
Ewen :slight_smile:

The level of co-operation between the different modules of CIS is both a strength and a weakness. CIS AV didn’t find it as it had been granted a level of trust by CIS being in Clean PC Mode. Comodo REALLY, REALLY need to make sure that Clean Mode is never invoked by default - the user should have to explicitly tell CIS that this is a brand new, out of the box system and to set Clean PC Mode. Even better, never turn it on at all and let the user get used to alerts.

in other words: i would be protected with clean pc mode and avira. why shouldnt i be protected with clean pc mode and CIS av? both parts should work separate. avoiding of questions should not go over avoiding of dangerous files.

There is a high degree of co-operation and integration between the CIS modules. In this particular example, CIS and Avira would have been better than CIs alone in Clean PC Mode.

Ewen :slight_smile: