Author Topic: Deciding whether to use Viruscope yet  (Read 19719 times)

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1084
Re: Deciding whether to use Viruscope yet
« Reply #15 on: August 31, 2016, 05:22:11 AM »
If no one response I'll have right to double it. However I call the Geekbuddy Support and they want to me charge for this bug 100 $. How said. :-[

Check your original post, I have replied to you there
https://forums.comodo.com/install-setup-configuration-help-cis/viruscope-and-crushed-application-in-windows-10-t116489.0.html;msg841064#msg841064

Offline Abst

  • Newbie
  • *
  • Posts: 23
Re: Deciding whether to use Viruscope yet
« Reply #16 on: August 31, 2016, 05:40:58 AM »
I mean in reasonable time. Well in this case I suggest that you change the rule. If one week no one response We have right to ask in similar themes. Tx.

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6683
  • Personal Dragons can be defeated. Improve yourself
Re: Deciding whether to use Viruscope yet
« Reply #17 on: August 31, 2016, 05:08:33 PM »
For the last time, Abst, you do NOT have the right to double post, period!
Consider this your final warning.  Further double posting will result in a post ban, terms to be determined.
You wish to argue this point, same.  No further warnings!
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline craylvoind

  • Comodo Member
  • **
  • Posts: 46
Re: Deciding whether to use Viruscope yet
« Reply #18 on: May 04, 2017, 07:59:00 AM »
Many more months passed by and Viruscope is not off in the default Internet Security configuration.
I don't know how I should decide and how much time I want to use to get into this topic.
What is your suggestion now, on or off?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4294
Re: Deciding whether to use Viruscope yet
« Reply #19 on: May 04, 2017, 09:03:06 AM »
Many more months passed by and Viruscope is not off in the default Internet Security configuration.
I don't know how I should decide and how much time I want to use to get into this topic.
What is your suggestion now, on or off?
In the default Internet security config it is set to only monitor contained applications. You can leave it as is or change it to monitor all applications by un-checking the box for monitor contained applications only in VirusScope settings. I would leave it as is unless you plan to run unknowns non-contained.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1084
Re: Deciding whether to use Viruscope yet
« Reply #20 on: May 05, 2017, 11:09:56 AM »
In the default Internet security config it is set to only monitor contained applications. You can leave it as is or change it to monitor all applications by un-checking the box for monitor contained applications only in VirusScope settings. I would leave it as is unless you plan to run unknowns non-contained.
The purpose of viruscope is to revert actions made by malware. But if a malware runs in containment, it can't affect the real system, so its actions can be reverted simply by purging the sandbox.
So, if viruscope monitors contained apps only, it's pretty useless, isn't it?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4294
Re: Deciding whether to use Viruscope yet
« Reply #21 on: May 05, 2017, 01:20:35 PM »
The purpose of viruscope is to revert actions made by malware. But if a malware runs in containment, it can't affect the real system, so its actions can be reverted simply by purging the sandbox.
So, if viruscope monitors contained apps only, it's pretty useless, isn't it?
When you look at it that way then sure. But it also helps in being able to see what exactly an unknown process is doing by viewing its activities. You can determine if something is malicious if you do get a virusscope recognizer alert and when you select reverse it quarantines the process and submits it to comodo for further analysis. The activities show if it is trying to create/modify/delete files/folders and registry keys/values/data. It will also show what IP addresses it communicates with and what URL's it accesses among other actions.

Yes you could just reset the container but it would be better to use the reverse action so that it gets submitted to comodo to add to its av database. Of course it would be more useful if virusscope recognizers were actively updated. But for now it only has basic generic recognizers but supposedly CIS is going to get a ransomeware related recognizer added.
« Last Edit: May 05, 2017, 01:24:54 PM by futuretech »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek