Comodo AV 5.8 Possible Bug

Discussion in 'other anti-virus software' started by Yash Khan, Oct 14, 2011.

Thread Status:
Not open for further replies.
  1. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,833
    Hey Frds

    This was just a simple test on real system. No running malware. Simply downloading & saving .exe malware in a folder from MDL with CAV enabled to see how much it detects.

    CD - Trying to download & saving malware with CAV enabled with Comodo Dragon, CAV catches malware & pops up malware quarantined. But when I check the folder the malware is there & quarantine is empty. If I dont run the malware just a single click to see if CAV detects it, it doesn't. 5.5 use to detect malware if folder containing malware was open.

    IE - Trying to download & saving malware with CAV enabled with Internet Explorer, CAV catches malware & pops up malware quarantined, & I get a window do you want to cancel the download with the option yes & no.

    Yes - if I click yes the window disappears & I get remove failed from CIS - not all malware can be removed, do you need a help of technician. No malware in quarantine & antivirus event shows quarantine failure.

    No - If I click no the window doesn't disappears & I have to click on no for 3-4 times & the window disappears. Malware is in quarantine.

    I tried 6 times with the same result for CD & IE. I also tried unchecking Dont show popup alerts for antivirus thinking auto quarantine may have bug but the prob remains.

    This happens when AV is set to the default mode i.e Stateful Mode. No probs when it is set to OnAccess Mode. So may be Stateful Scanner Possible Bug.

    Can you guyz plzz check yourself & see if its a possible bug & reply here.

    XP SP 3 Fully Updated
    CIS 5.8 Suite
    No other security software
    CD latest with no addons
    IE latest with no addons

    Thanxx
    Naren
     
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    971
    Location:
    Paris
    Naren- Can't confirm your findings on CD, but IE works fine here. An even simpler test is the attempt to download eicar. CAV detects and quarantines successfully. Although the IE warning followed by the run/save download box appears- but if either of these are hit the box stating file not found or some such appears.

    But to save you time in testing the AV portion, CAV with cloud will only pick up about 60% of the malware appearing on the public lists. Not a problem as the strength of CIS is D+ and the Sandbox (as long as it is properly set and properly used).
     
  3. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,833
    I hope you tested it with IE 8.

    And when you get the window Do you want to cancel the download with option Yes & No,

    Plzz click No everytime & after 3-4 clicks it will disappear & malware will be in quarantine. No malware will be in the folder where you try to save it. This is OK.

    And also try clicking Yes coz this is the right action.

    Plzz click Yes & the window will disappear & there will be no malware in the quarantine (CAV Popped up malware quarantined) & in the folder too where you tried to save it. Antivirus event will show quarantine failure. You will get Remove Failed Popup from CIS. This is a bug.

    AV should be on default i.e Stateful, coz there is no prob with AV on OnAccess. CIS on default too i.e Internet Security Config coz I tested with defaults.

    Thanxx
    Naren
     
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    971
    Location:
    Paris
    Just tried it with malware I know CIS detects and confirm everything that you say happens with IE8. Sorry for my previous post as I didn't have the AV set to Stateful. Suggest you paste your post to Comodo Forum bug report.

    Note that in Firefox and Seamonkey this does not happen.
     
  5. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,833
    I posted in Comodo forum.

    Thanxx for your help yaa.

    Regards
    Naren
     
  6. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Here is the reply from Comodo(egemen)

    http://forums.comodo.com/news-annou...58-serious-bug-part-1-2-merged-t77374.30.html
     
  7. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,833
    Ya I am a member in Comodo forum & read this & replied.

    Hope you too read the thread to get a more clear idea.

    And yes there is a bug in Stateful Scanner but Egemen mentioned that the malware will not slip through Stateful Scanner & will be blocked. Just a little bug with quarantining the malware & it will be handled with the next release due soon.

    Thanxx
    Naren
     
  8. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    971
    Location:
    Paris
    Naren- just curious- have you been upgrading from the beta or is your current CIS a fresh install?
     
  9. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,833
    I never upgrade from beta. Its fresh install.

    Why did you asked?

    The bug is confirmed in Stateful Scanner. No matter you upgrade or fresh install, the prob will be there as its a bug in Stateful Scanner of AV.

    Thanxx
    Naren
     
Loading...
Thread Status:
Not open for further replies.