What do you think about this video?

I just found this on YouTube

- YouTube

yep, like I said in the youtube comment:
“That was interesting, hope they’ll fix it.”

This thread should be in CIS (or maybe bug report) though, since it’s related to CIS and it needs attention.

I dunno what to say. It was run in VirtualBox and AV alerts were ignored.

AV alerts weren’t ignored, he clicked on “Clean”. Like he said, the user may stop trying installing it after the first alert. But CIS didn’t react the second time.

This vendor ‘2Squared Software’ is under review.
I will get back to you with conclusions.


Virtual environment is VirtualBOX… I was under impression that Comodo would not work properly under that system due to some Vector thing? :-\

This vendor ‘2Squared Software’ has been removed from Trusted Vendor List from cloud.
We have found this vendor following questionable marketing practices and is not suitable to be included in Trusted Vendor List.


So, that vendor will be auto deleted during next update from trusted vendor list?

Yes, when you re-start system next, CIS will remove it from local TVL, if exists.


Thanks for the info, respect! :-TU

The problem is how it can add itself automatically to the list…

no it does not add itself automatically, what happened is that the company was white listed from a while ago in the cloud. When something is white listed in the cloud and it sees that you have a piece of software that has the same digital signature on your computer, CIS automatically adds the digital signature to you TVL. The rogue did not do it.

Also, the TVL and cloud white list is under review right now but it will take time to do it.

IT SHOULD, most recent videos that present CIS vulnerabilities, are because the tester found a virus that was digitally signed and was in the trusted list,

Thats why we need the option to select which vendors to trust. Right now the people adding trusted vendors to CIS are not doing correctly their job.

update from a youtube viewer as regards this video

@hoshinkaaaa Yeah its true (WOOO!!) I retested and the antivirus now catches them both, whilst trying to run the file without the antivirus you get this alert from defense plus. ‘setupxv.exe is a known malicious file. You MUST block this request’

You cant get any better, well done Comodo Team

nice, that was quick :slight_smile:

Yep…just like Melih said…fixed in a blink of an eye ;D

hoshinkaaaa is me :smiley: I did research and found these viruses on the Internet.
Yep.It’s true. Fast reaction from Comodo Team.

Thank you guys for your vigilance.
We will continue to add more stringent processes for our whitelists.

All in all, things are good and small hiccups are fixed immediately, thanks to this amazing community we have!


But why did CAV didn’t detected the files second time??? Is this a bug in CAV?? or care to give info on this. Coz I find it strange CAV detecting the files first time & not detecting second time.



It is because the way CIS works. Due to speed optimization, it does not do TVL cloud lookup on on-access, but when a file is detected as malware it verifies in cloud if it is safe, as it can be false-positive also, and if so, vendor is added to local Trusted Vendor List.

Next time when file was executed, vendor was already in TVL as last check found vendor in cloud and added to local TVL list and therefore there was no alert in second attempt.