Viruscope Does Not Correctly Handle Apps Run More Than Once [M1278]

1. The full product and its version:
COMODO Internet Security 8.0.332922.4281 BETA
2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
virtual machine : virtualbox 4.3.6 r91406
I have seen this on both windows 8.1 x32 fully updated and windows 7 x32
3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
Default configuration,I just disabled the AntiVirus and Cloud Lookup
4. Did you install over a previous version without uninstalling first, or import a previous configuration file?:
Clean install
5. Other Security, Sandboxing or Utility Software Installed:
None
6. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
1: Disable the AV component and Cloud Lookup.
2: Download an application from the Internet and run it such that it will be run in the Sandbox. The application will then correctly be detected via Viruscope and attempted to be quarantined.
3: If the user then re-downloads and runs the application again, the application will not be re-detected by Viruscope. One test showed that the sample was killed almost immediately (which could possibly be because the application kills itself) while another test showed that the application continued to run. However, what is always true is that Viruscope does not detect and quarantine the file if it is run the second time.
7. What actually happened when you carried out these steps:
If you run the sample more than once Viruscope will only detect and quarantine the file the first time it is run. It does nothing if the sample is run more than once.
8. What you expected to see or happen when you carried out these steps, and why (if not obvious):
If the sample was run more than once Viruscope should continue to detect the sample and quarantine it, no matter how many times it is run.
9. Any other information:
A video to clarify the issue, which was made by a different CIS user can be seen here:

A video made by me to clarify this is attached to this post.

[attachment deleted by admin]

Did you manage to find a new malware sample which can be used to show this behavior? If so please send me a download link via PM and I will forward this to the devs.

Also, thanks for creating the new bug report. I really appreciate it. :-TU

In the sample that has been tested in the video I do not have, but the sample in the previous report similar to the sample in the video

Thanks, but could you please test it with (for example) one of the samples on that site shown in the video and see if it replicates with that. I would rather not provide the same sample as I worry that might confuse them and lead to this being marked as invalid, as they mistake it for the same issue as was reported before. If possible a new sample would be very helpful.

Thank you.

I could not get the sample used in the video, it is difficult get the sample of Detected by viruscope.
Please give me some time to get a sample verify conditions this topic.
thanks

Thank you. Also, I just realized one other thing which, if possible, would be very important to verify. After the 2nd time it is run, where it is automatically killed after just a very short amount of time with no popup, it shows that changes were made to the system. What I would like to know is whether those changes are automatically reversed after the app is killed, or whether they persist. If you could find that out that would be very very helpful.

Thanks again. You are doing very great work in testing CIS. :-TU

Hi Chiron

I’m sorry for the delay, finally I found a sample identical to the conditions of this topic.
Please watch the video in the attachments
Note:The sample in a video is a Ransomware

[attachment deleted by admin]

Thank you. I received your PM. I also edited the title of this bug report and the first post. If everything looks correct please let me know and I will forward this to the devs.

Thanks again.

Thank you to modify the topic :-TU
Everything look correct

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

The issue has not been resolved

Thank you for checking this. I have updated the tracker.

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.0.0.4337) and let me know if this is fixed on your computer with that version.

Thank you.

The issue has not been resolved

Thank you for checking this. I’ve updated the tracker.

Hello,

The devs have not marked this as Fixed in the tracker. However, sometimes bugs are fixed by the release of new versions, but not marked as Fixed in the tracker.

If you are able please check with the newest version (CIS version 8.1.0.4426) and let me know if this is fixed on your computer with that version.

Thank you.

fixed

In that case, I will move this one to “Resolved” section.
Thank you.