Announcement

Collapse
No announcement yet.

Strange contained comodo exe !?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Strange contained comodo exe !?

    I Am I the only one who have files like C:\ProgramData\Comodo\Cis\tempscrpt\C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat that pops up regularly on users computers as contained ? is it something standard from the Comodo Endpoint that we could consider as false positive and put in exclusion list ?

  • #2
    Hi rbo,

    We need to rate the file "C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat" as Trusted from EM Portal

    Please follow the provided instructions

    Step 1: EM Portal > SECURITY SUB-SYSTEMS > Containment and use the filter from the right for searching this file using:

    Step 2: File name as C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat OR
    File path as C:\ProgramData\Comodo\Cis\tempscrpt\C_cmd.exe_741E A2FAA25CB0***17E539C7045EADF.bat

    Step 3: Rate the file as "Trusted"

    Please reach us if you still have any issues.

    Kind Regards,
    PremJK

    Comment


    • #3
      Hi, Thank you, for 1 time I was aware already about the solution, I was just asking support if this file was legitimate or not, your answer mean yes, so I manually trusted it. Question 2: is there a way to receive email notification when such activity occur on users computers, to be proactive ?

      Comment


      • #4
        issue is back,

        added

        "C:\ProgramData\Comodo\Cis\tempscrpt\C_cmd.exe _*" in the list of trusted apps.

        (Settings / System Templates / File groups variables / Trusted applications)

        Comment


        • #5
          Hi rbo,

          Please check your Inbox for a private message and follow the instructions provided. Please let us know if you still face an issue.

          Kind Regards,
          PremJK

          Comment


          • #6
            Hello rbo ,

            About your second question:

            Originally posted by rbo View Post
            Question 2: is there a way to receive email notification when such activity occur on users computers, to be proactive ?
            1- You can create a security events monitor with condition "Unknown application running inside container",
            2- Change alert settings of the monitor to be able to get notification email to desired email address(es)
            3- then put the monitor under Profiles -> {selected_profile] -> Monitors section.

            This way, once an application is contained, you will be able to get notified once an application gets contained.

            For more information, please check out https://community.itarian.com/help/t...s-Devices.html

            Best regards,
            Ilgaz



            Comment


            • #7
              Thank you,

              configuration applied, monitoring configured !

              Comment

              Working...
              X