What happens when the On Access Scanner detects a file?

Just that really, what happens when the on access scanner detects a file?

In Antivirus under Scanner Settings I obviously have Real Time Scanning enabled and have automatically quarantine threats found during scanning unchecked…

So what happens?

Today Comodo found two “threats” and promptly displayed a pop up telling me about them but no dialog was displayed asking me what to do with them like in conventional AV’s (i.e. ignore, quarantine, delete). So I check my logs and I see “Detect” under the action column and “success” under the status column.

From what I can tell then the threat has been detected and there has been a success of some form… what success I don’t know.

Anyway, back to real time settings, what’s it do when it detects something during real time?

In my case it didn’t quarantine them because auto quarantine was disabled. I assumed it would leave it be, but that seems not to be the case as the file no longer opens. But its not deleted.

So whats it doing? Is it disabling the thread? Shouldn’t it at least ask before hand if thats what it is doing?

As I said before, not deleted as the file is still there, not quarantined as that is unchecked but apparently “disabled”?

To further illustrate what I’m saying I’ve attached screenshots. The first is what I see when CAVS even “sees” the ■■■■■, notice the lack of a window asking me what I want to do with it. The second is what happened when I attempted to download the eicar file, notice the window screaming at me. Why the discrepancy I guess.

Any help is appreciated, and kudos to Comodo on this thing. It is a piece of work.

[attachment deleted by admin]

Success next to detect log item means only successful detection.

Normally CIS real-time scanner will show you alert dialog if it founds a malware on local drive (if you did not checked ‘‘auto-quarantine’’ option and did checked ‘‘show alerts’’ option)

But if it founds a malware on some network location it just shows you a balloon with notification about some threat has been detected, but does not remove or quarantine those files.
But still if you copy such file to your local drive it will be detected and alerted to you.

When user don’t take an action (ignore, remove or quarantine) Comodo block access to file?


  • I has downloaded a malware.
  • I double click on malware.
  • Comodo alerts me about malware.
  • I click on close button
  • I try to open file again

Some AVs block the access to a infected file like Avira AntiVir…

p.s. I didn’t do this test.

Yes, it blocks the file if you closed the alert or alert timeout expired, just like you described.
In fact it will alert you about malware even on copying stage, once it appears in temp folder.