1: Option to disable HIPS befor installing. HIPS rely sucks it makes the system totaly unstable (Beta 2.0.9.20 somthing). So if a furture update would give the use the option to disable that featur during the installation it would help alot.
2: Lite firewall build in (The rull system from the Comodo Firewall would be enof i think. Whit standard port stealthing ofcuse). Somting like Trend Micro had done whit PC-cillin 2002 to PC-cillin 2004.
3: Option to synsc Comodo settings whit other Comodo Antivirus program on LAN to config faster. Or an export settings to file option.
4: Low CPU/mem use under 10 Mb ram. max 4% CPU use on an standard 3 GHz P4.
5: Maybe a futur server client edtion for companys/schools ect. Were the client could download/Lear from the server to client silenty.
Hi,
First thanks for great product.
Ok straight to the point.
I think it would be great to have some kind of internal check for hidden/stealth registry keys or ADS/ hidden directories. Lastly I was checking CAVS (Beta2.0.08.20)on laptop and it said its clean. Than I run AVG antirootkit and it found some hidden driver hooked to some legitimate winXP service(very sorry that I didnt write down more details but I have very limited time to check it - It was my boss laptop.)
After removing that hidden entry (and reboot) Antivirus immidiatelly found trojan (again, sorry for no details). I ve installed CAVS on a infected computer to check it against all threads so CAVS didnt let trojan to install itself - just to make it clear.
Owen, the HIPS is part of CAVS Beta 2.x. If you’ve downloaded CAVS from Comodo’s main website, you probably have version 1.1, which does not have a HIPS module.
Beta 2.x is a huge improvement over 1.1, in pretty much every way - stability, speed, CPU/resources, definitions, plus the application-based HIPS as well.
Be aware, however, that it is still a Beta (even tho very stable) and some users have experienced difficulties and some pretty serious issues (although not all users, by any means). My advice is to be sure to have backups of any data/files/drives; preferably (IMO) image/clone/ghost copies of your entire system (with a bootable rescue disk/CD). Also, within CAVS be sure to turn off the automatic Quarantine feature for the On-Access scanner (which is On by default), as there have been some issues of it locking up critical files; best to avoid that scenario if possible.
All that is not said to scare you away from using it; just to make sure you’re going in “eyes open…”
I test the most things first on an VM where I have a actual snapshot to that I can return with 2 clicks.
As about ma Host PC I have always have an up to date image of the OS partition and keep my user profile on an other one separatly backed up (more frequently).
If I see it right the HIPS module only controls the execution of unknown applications, or does it manage also ther things like registry writes?
You are correct, Owen, it’s not a behavior-blocker, so it’s not defending the registry per se. It will create alerts based on an application being executed (and if the application changes).
Further questions on it would be best in the BETA corner, so this thread isn’t completely hijacked…
Ok if i will have any fourther questions about it i’ll post there.
for the time being i have an own wish for the new version,
it would be cool if comodo Av would be present on www.virustotal.com, almost all AV products are present there and its realy an nice site.
In the On-Demand exclusion list, I’d like to have the option to have any inclusions entered into this list mirrored in the On-Access exclusion list and vice versa.
I been sitting reading through so many posts to see if I found a answer BEFORE I come with the following 2 questions (or maybe it even can be called WISHES);
How would it be with a “Micorsoft Office” plugin in CAVS?? As you probably all know this is something offered in almost ALL the AV´s that is on the marked today but I cant say I have seen it in CAV right???
Second; I know that the “creators” has been taking away the Launch Pad because so many users wished for this… but to be honest why dont you run a Poll again for seeing what people say now after a while with testing the CAV WITHOUT the Launch Pad??
Like I have expressed before, I cant believe that anyone would see anything else than GOOD and INTELLIGENT with a solution with the Launch Pad, like we see with all the serious Security program packages on the marked today, this is a solution for those of us who wants to use more than ONE program from the same company without having to see 3-4-5 icons in the taskbar right???
What is the problem having a option in the installation for YES or NO to install Launch Pad???
Is this something that you still have under consideration or is it totally “out of the world” now???
To short my wishes down;
1.Microsoft Office Plugin (scanning office documents when opened)
2.Microsoft MSN Messenger Plugin
3.Webmail plugin
4.Getting back the launch pad
5.And YES, like many before me have said; being able to DISABLE Hips with the installation
6.Vista compatibility
I STILL say Comodo Beta 9.30 rocks. Brontok virus infection is now a thing of the PAST
I have picked up a minor bug in the 11.43 update (maybe was there before?) … In the Run Updater menu option, if the virus database is updating it shows ‘This process may take few minutes’ should read as ‘This process may take a few minutes’ - small issue - i know :-x but then we like Comodo perfect!!
I installed Beta 9.30 on a Windows 2003 Enterprise Server with SP1 and all the current patches available (ie7 WMP11 included). I ignored the warning about only wanting XP etc. The app installed successfully and then promptly took 17 minutes after the reboot to display the logon screen. After login - it again too 7 minutes before the menu bar could be accessed. I managed to unistall by logging in ‘safe mode’. I then loaded 1.1 and experienced the same problem. This confused me since I am running 1.1 on my MS 2003 MAPS Server with the same set of patches. Now I’m wary to try running it on the client server again.
Another smallish bug is that the HIPS pops up with the ‘Send to Comodo’ ticked on every time - even when disabled in the HIPS settings - and the ‘Remember this action’ always off. This is irritating when catching a virus and you know you don’t want to send the file and you want to remember the action of BLOCK. Maybe a tick box (as in the HIPS settings) but that actually has an effect that is set once.
So… The wishlist asks for:
A server version
A Server / Client method that allows for central configuration and central database update with client configured to receive updates from local server
A password protected client (user customizable at what level - off, Settings, Everything) that allows sysadmins to prevent the possibility of the user changing things with out a valid password.
A client that runs on Vista
A HIPS ‘Remember this Action’ that can be remebered on/off with a global setting
A HIPS ‘Send to Comodo’ that can be remebered with a global setting
Then I have another request regarding the e-mail scanner. In South Africa we are still using OLD dial-up telephone with Modem. Usually connection is only 16-31Kbps. As a result, often I have to turn off the scan because a 1Mb file times-out during the retreive. (Usually without the ‘wait another 60 seconds’ option). Would it be possible to add a configuration setting that allows to enable scan AFTER email is completely retreived without in-line scan (as a file). The same with outgoing mail. Scan the whole mail (as a afile) BEFORE sending it out?
Then a quick question. I installed 9.30. Did a update that was 9.4Mb large. The version shows base 9.30 and update 11.43. Does this mean I don’t have to download the whole app again (I think so) because it updated automatically to the latest? Also what would have happened if i lost my internet connection while the update download was in progress. Would it restart every time, or continue from where the connection broke?
Well that’s all for now. Keep up the good work. All the best.
Peter Smit
Empeeco South Africa (3mp33c0)
