W8.1 Multiple AV Alerts When Select "Ignore Once"

On Windows 8.1 x64 Systems When Select “Ignore Once” in AV Alert - Get Multiple AV Alerts

NOTE: Provided video is AVI format using Microsoft Video 1 codec. It should be viewable using Windows Media Player, VLC Player or Classic Media Player.

Can you reproduce the problem & if so how reliably?:

Yes. Reproducible every time - at will. Co-confirmed by EricJH on W8.1 x64.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:

1: Launch any malware sample detected by signature.
2: AV module generates alert.
3: Select “Ignore Once.”
4: Multiple, additional alerts will appear - totaling from 2 to 10+ alerts; number of alerts varies with malware sample.
5: For each additional alert select “Ignore Once.”

One or two sentences explaining what actually happened:

Executed malware sample that is detected by signature. Selected “Ignore Once” from within AV alert. Multiple, subsequent alerts were generated. Each time I selected “Ignore Once.”

One or two sentences explaining what you expected to happen:

I expected when I selected “Ignore Once” there would be no additional AV alerts; I expected only one AV alert when selecting “Ignore Once.”

If a software compatibility problem have you tried the advice to make programs work with CIS?:

Not Applicable.

Any software except CIS/OS involved? If so - name, & exact version:

Yes. Malware sample attached.

Any other information, eg your guess at the cause, how you tried to fix it etc:

Specific to W8.1 OS. Best guess: It appears when user selects “Ignore Once” the AV alert is acting similar to a HIPS alert. Cause unknown.

B. YOUR SETUP
Exact CIS version & configuration:

8.2.0.4508 - Proactive Security.

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:

All.

Have you made any other changes to the default config? (egs here.):

Yes. Configuration file attached.

Have you updated (without uninstall) from CIS 5, 6 or 7?:

No. Clean install of CIS.

 [b]if so, have you tried a clean reinstall - if not please do?[/b]:

 Current installation is a clean install of both Windows OS and CIS; only Windows OS and CIS currently installed on system.

Have you imported a config from a previous version of CIS:

No.

 [b]if so, have you tried a standard config - if not please do[/b]:

 Yes.  Issue is independent of configuration.  Issue is dependent upon OS - W8.1 x64.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:

Windows 8.1 x86-64 (OEM) Toshiba\AMD, “Always Notify,” Administrator, No VM used.

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:

a=None. b=None.

C. ATTACH REQUIRED FILES

  1. CIS Configuration File
  2. Malware Sample (Adware; QJMonkey, zipped, password “infected”)
  3. Video (OneDrive link, zipped, 5.42 MB: Microsoft OneDrive - Access files anywhere. Create docs with free Office Online.

NOTE: Video can be viewed using Windows Media Player, VLC Player or Classic Media Player

[attachment deleted by admin]

Constant, non stop nagging about this problem even if “ignore and add to exclusion” it will keep asking over and over and over again. The only solution is for me to switch to another directory.

This happens with me too. W8.1 PRO X64 Fully updated and CIS in lastest version. The comodo ask me every time to call a gekkbuddy to remove threats for me, and always detects virus from my folders on ignore list.

Thank you for the detailed report. However, it’s already in the tracker & linked your report.

I will move this one to “Resolved” section.
Thank you.

Thanks qmarius.

Best Regards,

HJLBX