WTF this bug !!!

Comodo Internet Security - CIS AntiVirus Help - CIS
#1

u must fix this,
i use only comodo firewall
now i was running Ardamax_Keylogger_3_full
i lunch the setup and cloud scanner came
i press on ‘ignore’ → report false alert
than i close the setup … now i find in my windows
2 files of Ardamax setup …
than i found that presssing on ‘report false alert’
moving this program to ‘trusted apps’
BTW this setup isn’t a virus, BUT in case of virus
it can be worse

#2

http://www.multiupload.com/XLX8583RRR
this is the origional file
disable any anti virus
to test it by urself, run ‘setup_akl.exe’
cloud scanner will shut, press ignore → report this to comodo as false alert
close the setup …
now run the setup again … NO pop up
and see in windows directory setup_akl file
and look in trusted file’s and u will see our setup in there

#3

Well of course… You ignored the file, then are surprised when CIS ignores it? ???

This is not a bug… 88)

#4

actually, what is the “bug” part?
note: all keyloggers even non malisious are considered as virus because of the macroed potential

#5

ignore == trust ? are u serious … ignore mean leave me alone i will choice
and not ‘this is trusted’ bcz i never want it to be happen !!
and there is also option ‘add to trusted list’
so it’s a bug … bcz i had never told him to mark it as ‘trusted’

see this again

step 1, press ignore → click on ‘repost false’ and not ‘make this trusted’
http://img529.imageshack.us/img529/6323/50525308.png

step 2, setup copy file without [i forgot the ‘out’] my presmmison to c:\windows
http://img502.imageshack.us/img502/3460/50447702.png

step 3, comodo make my setup as ‘trusted’, without my premisson
http://img528.imageshack.us/img528/963/28284153.png

#6

Perhaps it’s because your english is worse than mine, but maybe you misunderstand the context of ‘ignore’ here?

If I recall from past installs, there’s only 2 options… Ignore this file and Block this file, no option to always apply this action.

between those 2 choices, ignore would mean trust…

If that’s the case, there is no bug, just PEBCAK.

#7

http://img529.imageshack.us/img529/6323/50525308.png

u wrong, really wrong … in this pictures i see 3 option
ignore once - OK | trusted = BAD idea | Report = ?
if i want to make it trusted i can press on trusted button
but i didn’t do it so u absulutly wrong

#8

with your picture, you just confirmed what I said. Ignore means trust because you are telling comodo that the file you are installing is safe.

If you had said just once, it would trigger again.

#9

Now, if you had purchased original software, you might get a more favourable response.

Telling us the exe ended in “_FULL” was a bit of a giveaway, but giving us the link to the cracked software just made it too easy.

Support fail !!

#10

Not PEBCAK - PICNIC

Problem in chair, not in computer.

#11

you also didn’t pay for the software, so you absulutly wrong

#12

;D ;D ;D ;D ;D ;D ;D so funny this is not my file, i just run it for a test and i got this problem
i gave the link for checking this problem only
i don’t script kid that enjoy publish virus – i research them how they work
and i don’t need support from u, if u don’t know what diffrent between ignore \ trust \ false positive, u’r in big trouble.

#13
  1. Downloaded an unknown executable
  2. Ran it
  3. Select IGNORE → ONCE from the alert
  4. Executable ran
  5. Executable not added to TRUSTED list
  6. Reboot (thereby eliminating the per-session allow rule)
  7. Reran executable
  8. Alert popped-up
  9. Selected ADD TO TRUSTED FILES
  10. Executable now in TRUSTED list
  11. Executable can be repeatedly run without further alerts
  12. TRUSTED status survives a reboot

The only thing I can think of is that you accidentally clicked on IGNORE-ADD TO TRUSTED instead of IGNORE-ONCE

#14

see this picture again , http://img529.imageshack.us/img529/6323/50525308.png
i think comodo has problem and when i press on 3 button, it’s think is the second button
there is no chance that i presesed on ‘make it trusted’ O0

#15

Do you run your screen at a non-standard resolution (i.e. >96DPI)?

Please understand I don’t know for certain that this would affect CIS in determining where you have or have not clicked. I’ve just tested it three time without failure and am grasping at straws to understand why it may be doing this for you and not for anyone else.

#16

Seriously, go take a one year English lesson then come back and test Comodo again. That should solve your problem and basis of argument on what ‘ignore’ means. And, oh, to understand what this post means. >:-D

#17

Reporting to comodo as a false positive does the same thing as add to trusted files, in my experience.

I’m pretty sure that’s not a bug.

Here’s why: would I, a ‘regular tester’ of unknown files/programs, report something as a false positive if I didn’t know that it IS a trusted file as well?(if you didn’t you’ll get ‘spammed’ with window after window of the ‘cloud scanner’)

Using this logic, reporting it as a false positive means ‘I’ want it added to trusted files as well.

This means that what you’re reporting, regardless of the program, is not a bug.

Cheers,
Falstagg

#18

[at] Foxman,

Please consider that English may not be the native language of the OP, nor is it compulsory for it to be.

#19

[at] falstagg,

Thank you for your clear concise explanation.

The logic is apparent once you think about it - under normal circumstances, if you are reporting it as a false positive, you are simultaneously saying it is OK and can therefore be added to the Trusted list.

What I think the OP needs to do is continually click IGNORE → ONCE. This would allow him to repeatedly run the suspected malware (with intervening reboots) but he would have to answer an alert each time. Bit of a pain, but … running software in a non-standard manner means you can kiss the standard rules goodbye as well.

Ewen :slight_smile:

#20

This is an incorrect assumption on your part. Ignore does not mean, leave me alone and I will choose what I want to do with the file.

Ignore means, stop detecting this file. This is done through two methods. If the detection is from the AV, the file will be added to your exclusions list. If it’s a D+ detection, it will be added to your trusted files list.

So what happened is this. D+ said, hey, this file is unsafe! You said, yeah, ignore it and report it to Comodo as a false positive detection. Since it’s a D+ alert, it’s added to your trusted files list as this is the only way for D+ to ignore alerts.

No bug. The program is doing exactly what you told it to do.

Edit: Added clarification.