- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

COMODO Antivirus Free Part 3: Severe Virus Alerts

In Part 2 [1] of our guide, we introduced to the Alerts likely to present themselves when running COMODO antivirus for the first time. Here we will go over a few more alerts which may require a bit more attention due to their higher severity levels:

COMODO Antivirus Alert: “A malicious item has been detected!”
Perhaps the most serious alert generated by COMODO Antivirus, the Red “Malicious item detected” alert appears when the antivirus scanner has detected a file which exhibits behavior and/or other attributes consistent with that of a virus. In these instances you will be presented with a short bit of information and a variety of options with which to handle the suspicious file in question:

1. File Information

Here you will find the “Name” of the suspected Virus application, the “Location” where it has been found on your system, and any additional information which COMODO Antivirus may have about the potentially unsafe program in question. While sometimes a bit cryptic in nature, this info, particularly the “Name” field, can be very useful if you wish to look up information on the possible Virus (such as where it could have come from, an how others have dealt with it) on Google.

2. Clean Button

If you do not recognize the file description in the information box, pressing the “Clean” button will present you with two options for quickly dealing with the threat in question:

“Disinfect” – Select this option if you recognize the file in question and wish to have COMODO Antivirus attempt to return it to a safe state prior to its current infection. This option only works if COMODO has record of a previously uninfected version of the file. If it does not, COMODO will permanently delete the file form your system.

“Quarantine” – If, after looking at the displayed file information, you are still unsure if the file in question truly is a virus, choose the “Quarantine” option to have COMODO place the file in question among its’ quarantined items record. This disables the threat completely while COMODO searches for a way to clean the file of any possible infection. If no cleaning routine is found, the file will be kept in quarantine and checked for new cleaning routines during future COMODO database updates.

3. Ignore Button

If you are reasonably certain the file which tripped the COMODO Antivirus Alert is not a threat, you may choose to have COMODO add it to its safe list through one of the following options:

“Once” – Selecting this option will instruct COMODO Antivirus to temporarily ignore the files’ suspicious actions during this session. Future suspicious activity by the same file will again trigger an Antivirus alert.

“Add to Trusted Files” – Adding the file in question to COMODO’s “Trusted Files” list will partially whitelist the file, substantially reducing any further Alerts which may be trigger by the files’ future activity.

“Report this to COMODO as a False Alert” – Files reported as False Alerts to COMODO will be analyzed and, if deemed safe, will be added to the COMODO database as a trustworthy file.

“Add to Exclusions” – Excluded items are trusted completely and excluded from any future COMODO Antivirus Scans. Only select this option if you are certain that there is not a need to scan this file for any type of virus now or in the future.

COMODO Antivirus Alert: “Application Isolated”

COMODO Antivirus will occasionally limit a files’ interaction with your system if it does not recognize the file in question (a process known as sandboxing.) While designated a lower severity (Yellow) event, the “Application Isolated” alert still gives you a few options to modify its behavior:

1. File Information

The alert information generated will typically begin with the file name in question (ABCD.exe) underlined. Click this file name to see where the file is located on your computer.

2. “Don’t isolate it again” – Click this text to instruct COMODO not to isolate/limit this program in the future. Only do so if you are certain it is safe to do so.

3. “Hide these alerts” – Check this box if you wish to have COMODO isolate unrecognized files in the background, without bombarding you with future “Application Isolated” alerts.

COMODO Defense+ Alert: “ABCD.exe . . . possible buffer overflow attack”

A “possible buffer overflow attack” alert informs you of a suspicious file which has attempted to overload your system with far more data than is normally allowed; leading to possible system crashes, data loss, and other malfunctions. This activity is typically found only in virus files which have been programmed to attack your system with such behavior. As such, COMODO Antivirus isolates applications of this nature and warns you of their actions, with the following options to deal with them:

1. “Application: ABCD.exe” – As with similar alerts, this information field allows you to click on the file name to find out where the offending file in question is located on your system.

2. Terminate Button – As suggested by COMODO, most times you will want to stop the application in question from performing any further actions. Pressing the “Terminate: button will do just that.

3. Skip Button – If you are certain that the file in question, and the actions it is performing, are safe/normal, then pressing the “Skip” button will allow the program to continue operating.

4. “Skip this application in the future” – Along with option #3, you may choose to have COMODO ignore this file in the future when scanning for dangerous buffer overflows.

Now that you have an understanding of the major COMODO Antivirus / Defense+ Alert types, we will next explore the scanner settings which trigger the most severe alerts, while protecting your computer from harm, in our final installment: COMODO Antivirus Free Part 4: Virus Scan Essentials.

~J. Conboy