Windows Explorer Hangs When Malware Is Ignored and Added to Exclusion [M956]

A. THE BUG/ISSUE (Varies from issue to issue)

  • Summary - Give a clear summary in the topic subject, NOT here.
  • Can U reproduce the problem & if so how reliably?:
    Yes, every single time.
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    1:Copy OR paste infected file.
    2:Choose “ignore and add to exclusions” from the antivirus alert.
    3:Explorer will then hang for a long period of time before the geekbuddy antivirus alert appears AGAIN, followed by the action to take AGAIN, before action is taken and successful.
  • If not obvious, what U expected to happen:
  • If a software compatibility problem have U tried the conflict FAQ?:
    Should not be software compatibility problem.
  • Any software except CIS/OS involved? If so - name, & exact version:
    No other software.
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    The diagnostics report and KillSwitch Process List can be downloaded from the following links:


  • Exact CIS version & configuration:
    CIS 7.0.315459.4132, latest, with geek buddy, but no comodo dragon and privdog.
  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    HIPS safe mode. Antivirus heuristics set to medium. Sandbox as partially limited. Enabled Viruscope. Firewall safe mode.
  • Have U made any other changes to the default config? (egs here.):
    Yes. Heuristics from low to medium. Unticked “Do not show antivirus alerts”.
  • Have U updated (without uninstall) from CIS 5 or CIS6?:
    [list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?:
    [/li]- Have U imported a config from a previous version of CIS:
    [li]if so, have U tried a standard config - if not please do:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    Windows Home Premium 7, SP1, 64-bit. UAC disabled I think.
  • Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
    a=malwarebytes free version. b=None

Are you saying that explore hangs why copying an infected file if you choose to ignore and add the file to exclusions from the antivirus alert.

Yes. It hangs every single time I try to paste an infected file then choose ignore and add to exclusions from the antivirus alert.

I cannot remember the result for the other 2 options, namely ignore once and ignore and submit file. Please test further.

Okay. In that case please edit your first post so that it is in the format provided here. The one which you have used will not provide enough information for the devs to be able to diagnose, and fix, this issue.

Also, if you have not already tried this, please try reinstalling by following the advice I give in this post. If reinstalling by following those methods does not fix this then you should edit the first post.

Let me know if you have any questions.


It’s possible this could be due to updating. Please try reinstalling by following the methods I suggest here and let me know if the issue continues even after reinstalling that way.

Also, if it does reproduce after reinstalling, also create and attach a diagnostics report to your first post.


I have tried a clean install without privdog and comodo dragon. The problem persists.

An update on the problem: explorer hangs for a long time, then suddenly the geekbuddy notice appears again, and I have to choose the antivirus action again, THEN it works.

Note that the alert appears because in Antivirus settings I unticked the “Do not show antivirus alerts” (the default setting was ticked). I think this is where the bug originates from.

I have updated the first post with my antivirus configurations. Other than that the other configurations are in the bug report

Thanks for checking that, and for the additional information. There’s just a few more things I need before I can submit this to the devs.

Are you using CIS 7.0.315459.4132?

Also, is your computer 32 bit or 64 bit?

Also, please let me know of all anti-malware programs which used to be installed on your computer, but are now removed.

Finally, please create and attach a diagnostics report to your first post. If you have any questions about how to do that please feel free to ask.


Yes CIS 7.0.315459.4132.

64 bit.

Malwarebytes free version, which means no real time shield and no conflict.
Ccleaner, which I do registry and disk cleanups.

I do not know how to do a diagnostics report. Please let me know.

Thanks. The first post is now looking very good.

To create a diagnostics report open the main CIS GUI. Then left-click on the question mark icon (near the upper right corner). From here select Support and then Diagnostics. This will run the diagnostics and give you the option to create the diagnostics report. Please do create it, then attach it to your first post.

Also, there is something else I realized is likely very important for this report. Please once again open the main CIS GUI. Then flip the screen to the Tasks side. Go to the Advanced Tasks section and click on Watch Activity. This will download and start Comodo KillSwitch. Once this is open left-click on the KillSwitch menu option. Then, from the drop-down menu, select “Save Current View”. This will create a file with a list of all running processes. Once this is created put it in a zip file and attach it to your first post.

This should be able to provide the devs with enough information to thoroughly investigate this. Let me know if you have any questions.


The 2 files have been attached. downloadable via mediafire. If there is another way I’m supposed to attach it, let me know.

Note that my killswitch processes have league of legends and another MMORPG GDMO.exe game on, but I don’t think that should affect anyhow.

I really hope this can contribute to making Comodo the best ever.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

hsienz, have you been able to replicate this with multiple files? If so, please upload them to a file sharing site and send me the download link via PM.

Also, if you can replicate this, even for a false positive, this would be very important. Have you ever seen this same behavior when the detected file was a false positive?


hsienz, please see my previous comment and provide me with any other files which cause this. If I do not receive these by the time version 8 is released I will be forced to move this to Resolved.

Please let me know if you have any questions.

Thank you.

I’m sorry, but as there has been no response I have to move this to Resolved. hsienz, if you are still able to replicate this please see my above comments and provide the requested information.