Open Endpoint Manager > Click ‘Security Sub-Systems’ > ‘Antivirus’ > ‘Autorun Items’
Background - How do unrecognized autoruns get terminated?
Overview of the auto-run interface
Take actions on terminated auto-runs
Background - How do unrecognized auto-runs get terminated?
Comodo Client Security will terminate unrecognized auto-runs if:
‘Apply this action to suspicious auto-run processes’ is enabled, with ‘Terminate’, ‘Terminate and Disable’ or 'Quarantine and Disable’ set as the action.
You can implement this setting in two places:
Overview of the auto-run interface
The interface shows all blocked auto-runs on Windows devices. Autoruns are items which start at Windows boot-up or are scheduled tasks. Click the funnel icon on the right to filter the list.
The interface columns are as follows:
Date - The date and time the auto-run was terminated on the device.
Type - The auto-run category. Can be one of the following:
Action - How the unrecognized autorun was handled by CCS. The possible responses are:
# of Devices - The number of devices on which the item was found. Click the number to view the actual devices.
File Name - The file whose auto-run entry was terminated. Click the name of a file to view its details.
File Hash - The SHA1 hash value of the quarantined file. The hash value uniquely identifies the file, even if the filename is changed.
File Path - The location of the file on the endpoint.
Comodo Rating - The file's official trust level in Comodo’s database.
Admin Rating - The trust rating of the file as set by the administrator. Files can be rated as trusted, malicious or unrecognized
Last Action Group - The most recent action taken on the item by an admin.
Auto-run Status - Shows whether the auto-run is enabled or disabled on the endpoint.
Take actions on auto-run items
The controls above the table let you take various actions on selected items:
Restore an autorun
You may want to restore an item if you think it is a false-positive. False-positives are files that you deem as safe, but which CCS has blocked, terminated or quarantined.
Delete an autorun
Deleting an item will completely remove the file from all devices on which it resides.
Assign a new trust rating to autorun items
A trust rating determines how Comodo Client Security interacts with a file. The three ‘Rate as...’ buttons let you assign a new rating to selected autoruns:
This is the impact of each rating:
Further Reading
How to run virus scans on devices from the security sub-systems menu
How to manage quarantined items in Endpoint Manager
How to view and manage unprocessed malware on your endpoints
CLOUD BASED IT MANAGEMENT SOFTWARE FOR
MSPs and ENTERPRISE
Remote Monitoring and Management | Service Desk | Patch Management
Now Add Up To 50 Devices for Free