Deciding whether to use Viruscope yet

[Jon79]

If no one response I'll have right to double it. However I call the Geekbuddy Support and they want to me charge for this bug 100 $. How said.

Check your original post, I have replied to you there
https://forums.comodo.com/install-setup-configuration-help-cis/viruscope-and-crushed-application-in-windows-10-t116489.0.html;msg841064#msg841064

[Abst]

I mean in reasonable time. Well in this case I suggest that you change the rule. If one week no one response We have right to ask in similar themes. Tx.

[John Buchanan]

For the last time, Abst, you do NOT have the right to double post, period!
Consider this your final warning.  Further double posting will result in a post ban, terms to be determined.
You wish to argue this point, same.  No further warnings!

[craylvoind]

Many more months passed by and Viruscope is not off in the default Internet Security configuration.
I don't know how I should decide and how much time I want to use to get into this topic.
What is your suggestion now, on or off?

[futuretech]

Many more months passed by and Viruscope is not off in the default Internet Security configuration.
I don't know how I should decide and how much time I want to use to get into this topic.
What is your suggestion now, on or off?

In the default Internet security config it is set to only monitor contained applications. You can leave it as is or change it to monitor all applications by un-checking the box for monitor contained applications only in VirusScope settings. I would leave it as is unless you plan to run unknowns non-contained.

[Jon79]

In the default Internet security config it is set to only monitor contained applications. You can leave it as is or change it to monitor all applications by un-checking the box for monitor contained applications only in VirusScope settings. I would leave it as is unless you plan to run unknowns non-contained.

The purpose of viruscope is to revert actions made by malware. But if a malware runs in containment, it can't affect the real system, so its actions can be reverted simply by purging the sandbox.
So, if viruscope monitors contained apps only, it's pretty useless, isn't it?

[futuretech]

The purpose of viruscope is to revert actions made by malware. But if a malware runs in containment, it can't affect the real system, so its actions can be reverted simply by purging the sandbox.
So, if viruscope monitors contained apps only, it's pretty useless, isn't it?

When you look at it that way then sure. But it also helps in being able to see what exactly an unknown process is doing by viewing its activities. You can determine if something is malicious if you do get a virusscope recognizer alert and when you select reverse it quarantines the process and submits it to comodo for further analysis. The activities show if it is trying to create/modify/delete files/folders and registry keys/values/data. It will also show what IP addresses it communicates with and what URL's it accesses among other actions.

Yes you could just reset the container but it would be better to use the reverse action so that it gets submitted to comodo to add to its av database. Of course it would be more useful if virusscope recognizers were actively updated. But for now it only has basic generic recognizers but supposedly CIS is going to get a ransomeware related recognizer added.