Hello,
I owuld like to ask you. Why does Comodo add unknown infected file to Trusted files? I have one infected file. Comodo does not detect but it does not matter now. When I run the file in Sandbox Comodo add this file to Trusted file. Why? The file has not digital signature.
I use latest Comodo firewall. Windows 8.1 64b and proactive security.
Here is a link on Virustotal: VirusTotal
and another link to screen: http://www.imagehosting.cz/?v=compcp.png
If the file is trusted and malicious report it here:
https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here-2015-no-live-malware-t109000.0.html
I do not know if it is malicious. According the Virustotal it is malicious. But it does not matter and it is not my question. I would like to know why Comodo add this file without digital signature to Trusted files.
It’s probably in the cloud trusted files list. Check your defense + logs and see if it was checked online and found safe.
I did not know it. I checked it and the file was “Scanned and found safe”. It does not sound good. It means that Comodo marks file as trusted when file is not on “black list”? I thought unknown files are on “black” list. I did not think Comodo puts them on “white list”. And because it lets it run and put it in Trusted files means it believs it for Comodo. I just do not understand why.
if the file is on the blacklist cis will alert the user and ask the user to quarantine the file. if the file is on the trusted list it will automatically be added to the trusted files list. on rare occasions a file will have both ratings, trusted and malicious, this can be caused by 2 things.
When CIS finds a file with both ratings the trusted rating will take precedence. This happens to help prevent false positives (speculation).
The file was on comodos cloud whitelist which happens on occasion and is usually just adware. How this happens is beyond me but i have noticed that it only happens on rare occasions.
Thank you for explaining. It is nice theory. But it is not this case because CIS does not detect this file as infected. PLease have a look on my link VirusTotal
but you said it was scanned online and found safe so the file is added to the trusted files list. Am i missing something?
You are correct but I do not understand why Comodo add this file to Trusted. I thought only trustful files that Comodo knows are put in TRUSTED FILES. But Comodo cannot know this file inspite of that COmodo added it to Trusted files. And I do not say that half of the antiviruses marks it at infected. But I do not solve it now.
I just do not understand how Comodo can add unknown file to Trusted files.
I believe that some files are trusted by automation after being checked by automatic systems, hence some files may be white listed without passing by a human checker. But don’t quote me on that one because I’m waaaaaay far from being sure about it.
Thank you for your reply. But it means Comodo can mark some infected files as Trusted (files that AV or cloud does not detect as infected, that can be infected). In this case Comodo algoritm is bad and Comodo is untrustworthy.
