Strange contained comodo exe !?

rbo · June 4, 2021, 12:00pm

I Am I the only one who have files like C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741EA2FAA25CB0***17E539C7045EADF.bat that pops up regularly on users computers as contained ? is it something standard from the Comodo Endpoint that we could consider as false positive and put in exclusion list ?

PremJkumar · June 4, 2021, 3:10pm

Hi @rbo,

We need to rate the file “C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat” as Trusted from EM Portal

Please follow the provided instructions

Step 1: EM Portal > SECURITY SUB-SYSTEMS > Containment and use the filter from the right for searching this file using:

Step 2: File name as C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat OR
File path as C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_741E A2FAA25CB017E539C7045EADF.bat

Step 3: Rate the file as “Trusted”

Please reach us if you still have any issues.

Kind Regards,
PremJK

rbo · June 7, 2021, 8:45am

Hi, Thank you, for 1 time I was aware already about the solution, I was just asking support if this file was legitimate or not, your answer mean yes, so I manually trusted it. Question 2: is there a way to receive email notification when such activity occur on users computers, to be proactive ?

rbo · October 21, 2021, 1:16pm

issue is back,

added

“C:\ProgramData\Comodo\Cis empscrpt\C_cmd.exe_*” in the list of trusted apps.

(Settings / System Templates / File groups variables / Trusted applications)

PremJkumar · October 22, 2021, 7:53am

Hi @rbo,

Please check your Inbox for a private message and follow the instructions provided. Please let us know if you still face an issue.

Kind Regards,
PremJK

ilgazy · October 22, 2021, 8:39am

Hello @rbo ,

About your second question:

1- You can create a security events monitor with condition “Unknown application running inside container”,
2- Change alert settings of the monitor to be able to get notification email to desired email address(es)
3- then put the monitor under Profiles -> {selected_profile] -> Monitors section.

This way, once an application is contained, you will be able to get notified once an application gets contained.

For more information, please check out https://community.itarian.com/help/topic-459-1-1005-15349-Monitors-for-Windows-Devices.html

Best regards,
Ilgaz

rbo · October 26, 2021, 2:29pm

Thank you,

configuration applied, monitoring configured !