Trusted Files Quarantined

Hi Team,

@StrobeTech reported an issue where we are quarantining the trusted files. this leads to see devices listed as infected even though they have marked the items as safe and trusted.​​​

Here are the tickets that are already created for these issues: WLX-838-26282 / CS-7567

Please update Robin and us on this conversation about the progress of this issue.

@StrobeTech please feel free to add your comments…


Thanks for raising this, ill fill out some more detail when in office tomorrow.

We have files that are listed in our exclusions list as well as files that have already been quarantined and released before being detected and listed as infections.

The issue we mainly have now is that we cannot trust the infections list meaning we cannot proactively protect our clients as we do not know is this is true or false; and trying to perform the quarantine and release on these files as they are critical DLLs and EXE for applications break them meaning you have to perform a re-install; to find this does not work most of the time.

We need a better and improved way of doing this; a method of maybe classifying a file or reporting the false positive which releases it and does not report it again until properly checked and reported back.

Maybe not quite relevant, but we are seeing on a Win 2008 server Powershell being contained.

That is part of the last update bug with V10 were it captures mmc.exe, powershell.exe, outlook.exe and many many others.
Not the issue with this one, these are other applications and files we have had since V8 which have never gone away even after trying supports quarantine and restore and exclude.

But should have been resolved in


Issue has been fixed and will be included in October release update of CCS (in scope of entire C1 release);

Is there a beta release we can use to overcome issues? Basically, you’ve released another version with bugs which has wasted far too much of our time yet again since the Sept release.

We’re also seeing PCs running slowly at times and CCS not opening. Today, I set up a new PC for a client and Acrobrat Reader would not install until containment was disabled, despite nothing slowing the containment logs.

These are issues we get all the time, v10 kills pc speed and the latest CCC we not 100% sure on either.

if you want I have a working v8 which solves issues… if we get complaint we roll back and complaint goes away

But surely it automatically upgrades to V10 after installation?

We have taken the “upgrade” section out of our profiles so this does not happen.

Then all you need to do is make sure no one manually goes into ITSM and looks at the dashboard and decides to try get everything green.

Thanks, please send the files in case we need them.

Hi @nct

Details as requested!

CCS (Comodo Client Security) v8
64 bit Download =
32 bit Download =

Manual Instructions

  1. Download the required installer from above
  2. Uninstall v10 if you can!
    The v10 installer is broken and does not uninstall 90% of the time; but you can force close Comodo and the uninstall will work or use their removal tool which can be downloaded via (2 reboots may be required)
  3. Install downloaded v8 using the following command from an UAC elevated CMD prompt (Change BOLD to your path): -
  4. Reboot machine

Script Instructions
See attached scripts but here is some information about them: -

  • CCS-check checks if CCS is installed and then uninstalls it with 2 mins countdown for restart. You can modify the script and increase the countdown by modifying/editing line number two ie. j=2*60 to specify the required seconds after which system will restart
  • Install-CCS-8 installs CCS v8 version.

20170922-ccs_check.json (3.28 KB)

20170922-Install-CCS-8.json (3.15 KB)

Nothing from Comodo???

I have tried quarantining blat.exe and releasing again as trusted but still listed.