Questions about Submit/Lookup [Merged Threads]

[Guest]

[ganda]

hi all,
just wanna know, if we submit something via CFP3 submit files option, and it turns out that the submitted file is a malware,and......... what's next? we know that CFP uses white list/safelist, isn't it great IF CFP defense+ has a black list as well?


Ganda

[Soyabeaner]

isn't it great IF CFP defense+ has a black list as well?

That's what CAVS and BOClean are for.

[ganda]

That's what CAVS and BOClean are for.

OK then
you mean malware sample submitted to CFP will be added to CAVS/CBO signature? nice

[Soyabeaner]

I don't know, but you probably just gave Comodo an idea (or maybe they already knew)

[ganda]

I don't know, but you probably just gave Comodo an idea (or maybe they already knew)

, and i never submit anything.i always delete my pending files. 

[Rednose]

, and i never submit anything.i always delete my pending files. 

Now you can forget a bonus payment from Comodo for this great idea

Greetz, Red.

[ganda]

Now you can forget a bonus payment from Comodo for this great idea

Greetz, Red.

LOL 

[marcos.zy]

Hello! 

I would like to know if someone can help me in a doubt regarding CFP 3.

I am running it for about 1 week, and it is working very fine on all my machines. I have noted only one strange behavior while it is running: frequently on bottom right of my desktop, while I am working on my computer, the "submitting the file(s) for analysis" dialog box opens automatically and "apparently" sends some file(s) to Comodo, without any interaction from my part (this happens just for a few seconds).

I would like to say that I frequently execute the "purge", "lookup" and "submit" options to the files that appears on "my pending list" option, but the above mentioned sending is occurring frequently, without any interaction from my part, even if there is not any file on "my pending list".

Someone has any idea of what could be the cause of it?

Best Regards. 

[Blas]

The default option is that pending files not on the safelist will be sent automatically to comodo. Even after you clear the pending list these unknown files will enter a queue in the files to submit list. If it fails to send some it will try it again later.

[marcos.zy]

Hello Blas!

Thank you for your reply. 

Do you know where can I see this queue that contains the unknown files that does not appears on "my pending files" list, and if is there some way to configure these options?

Regards.

[Blas]

Hi,

The queue can be found under Miscellaneous/Submit suspicious files.
These files should appear first on your pending list. It have just came to my mind that after doing whatever action with the pending files it poped up a message asking if I wanted to send the files to comodo. I checked the box "don't ask again" so in my case this is why the submission is automatic.

Files which are not in the Comodo safelist and are also unknown to the user can be submitted directly to Comodo for analysis and possible addition to the safelist.

File Submission Process

Files can be transferred into this module by clicking the 'Move to..' button in the 'My Pending Files' and 'My Own Safe Files' areas. The interface also allows you to manually add files that you would like to submit. Click 'Add' to manually add suspicious files to the 'List of Files'. Similarly, to remove a file from the submission process, click the 'Remove' button.

This was from the help file...not much of a help though...
From what I see it shouldn't send files without your consent unless you clicked "remember" your option when asked for submission. I had some problems with few bigger files btw. It wanted to send skypesetup.exe and it always failed with a network error regardless of its failure to send it it tried it periodically thus the submission icon appeared often but it was sending the same file all the time. If you duble click on the icon you can see what is sent or being tried to send.

[marcos.zy]

Hello Blas,

Thank you for your reply.

The queue can be found under Miscellaneous/Submit suspicious files.
These files should appear first on your pending list. It have just came to my mind that after doing whatever action with the pending files it poped up a message asking if I wanted to send the files to comodo. I checked the box "don't ask again" so in my case this is why the submission is automatic.

I have found the queue, thanks.  But it is empty.

I always purge, execute a "lookup" and submit the unknown files already existent on "my pending files" list to Comodo, manually, and I never had used any "remember" option here. So, due to this I'm not understanding the so frequent dialog boxes regarding sending files.

Now, for example, I can see that my "my pending files" list is empty, but since I have started this post, the dialog box has already appeared a few times.

And I have already experienced the same bug you experienced with the skype file, with some "bigger" files. It seems that there is some type of bug when submitting bigger files, because always occurs the error you have mentioned.

Someone knows what can cause this?

Regards. 

[Geko]

Can someone tell me how can I copy a temporary file.

Programs such as Process Explorer, a-squared, CounterSpy, etc... creates temporary files. These temporary files disappear very fast.

So is there a program that can capture them or a way to do it.

I ask this because I want to submit them to Comodo, so they can add them to their safety database for Defense+.

By the way, I think this topic should be sticked, so everyone can help, with the safety database.

[AnotherOne]

There are a few other consideration here.
1.  A user reported that asp.net would not work because of temp files.  He identified .dll's, but I suspect that there were other files that needed permission - either as a temp executable or as an exe trying to run a temp file.  It is very hard to give permissions to do either without resorting to wildcards and possibly creating other problems.

2.  It is a characteristic of rootkits that its files are hidden from most ways of viewing them.  If such a hidden file was identified when it was seeking permissions, it might not show up again when being checked in the Pending Files list or by any other way of searching for those files except for a few anti-rootkit tools. 

3. A game player reported that one of his games created temp files that needed internet access.  This was successfully resolved by the creative use of wildcards, but it is a task beyond the average user's talents.

Given the above, and the question of vanishing files possibly being related to rootkits, some form of inspection of those files (possibly in memory) should be built into CFP.  If it becomes necessary to give such files permissions, it is difficult in the ordinary way.  If a record of the inspected file could be used to grant permissions to it, that would deal with some of the problems. 

[jim28277]

I have a few questions about pending files. I have submitted a file in my "files for review" list and am waiting for COMODO's response. How long should we expect to wait for the submitted files to be researched and added to the safe files database. Is there a definitive answer to submitted files or do we just assume they are unsafe if they are not added to the safe files database after a certain period of time. What do we do with the pending files that are not added to the safe files database (should we search for these files on our hard drive and manually delete them?). Thanks in advance.....Jim

[Tags:]