where does comodo put contained files?

cis contained c:\intel\GfxCPLBatchFiles\ {A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
there were reports it was a possible key logger, I wanted to view it but it wasn’t there?
comodo puts contained and quarantined files somewhere else than there detected folder? where is that, I can’t find it
so I uncontained it thinking it would be put back into the original folder, but its still not there?
where does comodo put files after being un-contained?
the containment didn’t show up on any logs I can find, this type of event is not logged?
thanks for any help w this

Did you use the view quarantined task and choose restore? Manage Quarantined Items, Remove & Isolate suspicious files | Internet Security Help

It wasn’t “quarantined” it was “contained” and there were no options to restore the only option was to uncontained it

Then its probably in the C:\VTRoot hidden folder.

thanks for the continued follow up here, I have searched the entire drive and the file is gone
however I did find a listing of it in the advanced settings shows up in a auto containment list as trusted now, see pic
this is not making any sense to me,
why show it as trusted if its not even anywhere?
why would some file be “contained” vs “quarantined”
I looked thru the v10 on line manual and can’t any reference there to “containment” so what is containment anyway? by the name sounds like it is something like sandbox, this is what shows up on a google search and it sounds like some type of sandboxing
Learn how to keep your PC clean | Digital Container Solutions

too bad about losing this file, I was very curious to see what was in it
I thought in the past if there was a threat after it was quarrantined it could be looked at
I have changed the status from ignore to block in case it somehow comes back

Yes containment is sandbox they changed the text and haven’t updated the online documentation for it yet. That rule is created when you select unblock from the unblock applications task, and tells the auto-sandbox/auto-containment not to contain it if the file is rated trusted the next time the file is executed. File information such as its rating is located in the file list, though you need to enable show non-executable files setting. The file in question was probably deleted by either the application that created it or executed, or the bat file had a command in it to delete itself once done executing.

ok thanks again, for the clarifications, one more ? is there some setting/rule somewhere that will allow me to view quarantined/contained files? I haven’t seen anything direct but not sure about rules syntax and what you can do with that

when a process is running in containment you can see these contained processes using view active process list task and right-click in the window and select view contained process only. Or from advanced view of the main GUI you can click the number next to contained apps info box. Then you can right-click and select show full path. To setup containment rules see this and to see quarantined files that were quarantined from the AV use the view quarantine task. Information about executed files is found in the file list. See further help documentation which is not yet updated to reflect GUI changes in the 10.0.1 release here.