Why can't Comodo AV use hashes???

I’m getting REAL tired of dealing with false positives - I add them to Exclusions, but if I MOVE or COPY them, then they get flagged all over again.

Come ON people, it is NOT very difficult to do exclusions based on the HASH of the file and NOT strictly on the PATH. Let’s be honest, that is the only LOGICAL method - anything else is simply a half-[at]$$ed shortcut.

If you’re going to do something, just do it RIGHT.

I’d also like the “Malware” trigger turned off (I already have PUP disabled) - I use separate software for that, and Comodo has WAY too many annoying false positives.

And don’t tell me to “submit” them, I shouldn’t HAVE to - there should be an OPTION to disable that function!

I changed the all caps word hashes to normal in the topic title. It is needlessly alarming. Eric

CIS v6 uses hashes. Do you have Heuristics set to High? That setting is known to be very talkative. What version of CIS are you using?

The exclusions uses file hash AND file path.

No, actually I have Heuristics set to OFF.

If I add a file to Exclusions, then move it, I get prompted for it again, each time, every file.

v6.3.302093.2976

Does it happen with every file or a specific set of files? Can you provide us with more information? Name and where to download the program it belongs to?

I get the same behavior, an example being the Zemana Key-Logger Simulation Test Program I tried excluding it first by path and then by application, still if I moved it then it would yet again be detected, so from my testing my conclusion is that the exclusions relies solely on path and name and doesn’t consider hash.

Try uploading the file to VirusTotal so see if it is safe. The file Comodo catches might be malware. You might want to post the link to the VirusTotal result.

Regardless of whether a file is considered “safe” by the program, if I define it as safe, then the file is safe, regardless of where the file is or how often it is moved.

Simply TEST this with any file deemed a false-positive (LOTS of them out there), and see - as Sanya IV Litvyak confirmed, the Exclusions appears to function ONLY on the basis of Name & Path - no hash involved. If it used Hash, then moving or re-naming it would not trigger subsequent alerts - and that is how it SHOULD behave.

If you define it as safe then move it to the Trusted Files list. That should solve the problem.

Then please explain what the difference is between “Trusted Files” and Exclusions.

If there is an option for Exclusions, why isn’t there an option for Trusted Files as well?

I do not see the difference between the two, semantics aside.

av exclusions will just exclude the file from the AV nothing else. trusted files will be excluded from the AV and defense + (sandbox and HIPS)