Open Endpoint Manager > Click ‘Security Sub-Systems’ > ‘Antivirus’ > ‘Autorun Items’
Comodo Client Security will terminate unrecognized auto-runs if:
‘Apply this action to suspicious auto-run processes’ is enabled, with ‘Terminate’, ‘Terminate and Disable’ or 'Quarantine and Disable’ set as the action.
You can implement this setting in two places:
The interface shows all blocked auto-runs on Windows devices. Autoruns are items which start at Windows boot-up or are scheduled tasks. Click the funnel icon on the right to filter the list.
The interface columns are as follows:
Date - The date and time the auto-run was terminated on the device.
Type - The auto-run category. Can be one of the following:
Action - How the unrecognized autorun was handled by CCS. The possible responses are:
# of Devices - The number of devices on which the item was found. Click the number to view the actual devices.
File Name - The file whose auto-run entry was terminated. Click the name of a file to view its details.
File Hash - The SHA1 hash value of the quarantined file. The hash value uniquely identifies the file, even if the filename is changed.
File Path - The location of the file on the endpoint.
Comodo Rating - The file's official trust level in Comodo’s database.
Last Action Group - The most recent action taken on the item by an admin.
Auto-run Status - Shows whether the auto-run is enabled or disabled on the endpoint.
The controls above the table let you take various actions on selected items:
Restore an autorun
You may want to restore an item if you think it is a false-positive. False-positives are files that you deem as safe, but which CCS has blocked, terminated or quarantined.
Delete an autorun
Deleting an item will completely remove the file from all devices on which it resides.
Assign a new trust rating to autorun items
A trust rating determines how Comodo Client Security interacts with a file. The three ‘Rate as...’ buttons let you assign a new rating to selected autoruns:
This is the impact of each rating: