Comodo CIS: cloud scanner "allow once" option broken

Discussion in 'other firewalls' started by Jeroen1000, Jan 30, 2013.

Thread Status:
Not open for further replies.
  1. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Dear all,

    When disabling all other Anti-virus programs and other security programs and only enabling the Comodo cloud scanner, I've encountered a troublesome bug. Comodo support does not seem at all impressed.

    Note I'm actually executing a REAL virus but it is easy to contain if you know what you are doing

    1) On the first execution attempt of the virus, Comodo Cloud scanner alerts that it has detected a malicious file. I choose to "ignore once".
    2) Subsequently trying to execute this file again works: it loads into memory.
    3) Terminating the file using the Windows Task Manager works.
    4) I can then again execute the virus and it will load into memory. Not a single peep from Comodo's cloud scanner.

    I don't know how long this takes, but after a while the Cloud Scanner will detect the file again. During the period of "non-detection" it does *not* detect the file, as Comodo Kill Switch reports the file as trusted.

    Not good:(
     
  2. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Can you provide a link for the malware to test?

    May be cloud glitch.

    Cant say how ignore once works.

    Does the file appear in trusted lists? Or if it is digitally signed, does the vendor appear in local TVL?

    From your info my guess would be a case of trusted & detected file. The file may or may not be a malware. But you have mentioned its a real malware.

    Would like to test the file, so if you could provide a link.
     
  3. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    It is just an unsigned exe. Don't know where I picked it up once. The file also does not appear in the Trusted File List and it is certainly not in the TVL list.

    It is definitely malware as I sent it to Kaspersky and Eset when I found it. They both added detection. I probably should not post a link. Can I send it to you directly? Please make sure you have a working filewall in place or others means to contain the virus though.
     
  4. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Send it to me at.......removed
     
    Last edited: Jan 30, 2013
  5. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    E-mail sent. You may now remove your address again unless you want a lot of spam:)
     
  6. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Got it, thanxx.
     
  7. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    I tested it & submitted to Comodo.

    I think the reason its not detected again is coz as I mentioned earlier it may be a case of trusted & detected. So once ignored & as its trusted, its not detected again.

    UPDATE - I think may be cloud glitch. Coz at times its not detected again & at times its detected everytime & I get windows cannot find the specified file & then cloud alert.

    Once the signature will be there in local database then it would be good to test & I will test it again.
     
    Last edited: Jan 30, 2013
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    unfortunately that is something comodo seems to have problems with is trusted malware.
    Hope they sort that.o_O
     
  9. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    If you get the "Windows cannot find the specified file" dialogue, Comodo is Sandboxing it I believe. If you choose (temporarily of course) to rely solely on the Cloud Scanner, you will see detection is quite erratic. I see you have experienced this.

    We can at least agree something is not right here:)
     
  10. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    I got the windows cannot find.............with ignore once

    i.e I executed crack.exe & got cloud alert & chose ignore once. I executed crack.exe & got windows cannot find.........& then cloud alert & again I chose ignore once, this way I tried few times with the same results.

    But as I mentioned in my previous post that at times it didn't detected again & at times the detection was fine. So may be cloud glitch or trusted thing or any other prob.

    Thats why I mentioned when the signature for the sample will be in the local database it would be good to test again to have a better idea.
     
  11. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
  12. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
Loading...
Thread Status:
Not open for further replies.