Author Topic: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.  (Read 8309 times)

Offline jackor

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #15 on: September 12, 2018, 06:12:24 AM »
Wait
You dont have to clean the sandbox, nor the file(s) in review.
The sandbox is resetted as soon as the pc (or vm) is turned off and the files in queue to be analyzed are just there as reminder. Why those entries bothers you?

Quote
as soon as I reinstalled Kaspersky Free they were immediately recognized and I cleaned up the system.

You didn't cleaned the system, because the system wasn't infected. Files executed in sandbox can't infect the system. Executable which are not executed can't infect the system either.
You are focused thinking that a product which can detect malwares is better than another one which prevents any infection. This is simply wrong nowadays.
And yes, nothing is 100% bulletproof
Analyst Programmer
0days & malware hunter since 2006

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #16 on: September 12, 2018, 07:19:02 AM »
hello, can you explain better how the sandbox and its sandbox files work? Perhaps it is not clear to me the correct functioning and therefore I am wrong in understanding the correct functioning of CCAV. This is why I think maybe Kaspersky Free is better than CCAV, I do not fully understand its functioning, its protection and therefore the fact that it still keeps the system clean of malware. Thank you.  ;)

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1074
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #17 on: September 12, 2018, 07:41:01 AM »
hello, can you explain better how the sandbox and its sandbox files work? Perhaps it is not clear to me the correct functioning and therefore I am wrong in understanding the correct functioning of CCAV. This is why I think maybe Kaspersky Free is better than CCAV, I do not fully understand its functioning, its protection and therefore the fact that it still keeps the system clean of malware. Thank you.  ;)
You can have a look at CCAV online help https://help.comodo.com/topic-394-1-767-9229-The-Sandbox.html
Basically, the sandbox is an isolated environment that emulates the real PC (disk, memory, registry and so on). When a file runs in the sandbox, it can make changes to the emulated entity, but not to the real one.
For example, imagine to have a document in your hard disk and you copy that document in the sandbox, then you run a ransomware inside the sandbox; the ransomware can encrypt the document in the sandbox, but not the copy in your hard disk.
When you reset the sandbox, the emulated environment will be erased as well as both the copy of the document and the ransomware
« Last Edit: September 12, 2018, 07:48:40 AM by Jon79 »

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #18 on: September 12, 2018, 07:47:10 AM »
Thank you!  :)
More than anything else I'm interested in understanding how CCAV works. For example I did not know that the sandbox and the revised files are reset when the PC restarts ... interesting.  ;)

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1074
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #19 on: September 12, 2018, 08:11:29 AM »
Thank you!  :)
More than anything else I'm interested in understanding how CCAV works. For example I did not know that the sandbox and the revised files are reset when the PC restarts ... interesting.  ;)
Yes, I also thought you can only manualy reset it

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #20 on: September 12, 2018, 08:51:04 AM »
A question but then an application in sandbox if then it is not dangerous and therefore sure it will come out of the sandbox and will it always remain?

Thank you. ;)

Offline jackor

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #21 on: September 12, 2018, 08:58:22 AM »
Files flagged as "waiting to be analyzed" won't be removed from the menu under "valkyrie analysis", they will stay there until you will get a response from valkyrie. But it doesn't mean that they are active somewere in the system, they are just flagged to be in queue for analysis.

[at]Ndabbru: When you run an executable, it will be checked in cloud (this is valid for ccav), to see if it's known and also if its vendor is trusted or not. If a trusted application go into sandbox, it means that the file itself is still unknown to the cloud. It will be checked.
If you are VERY sure an application is legitimate and it is sandboxed, you can always click on "don't sandbox it again" when you have the pop-up from comodo. Do that only if you are sure of what you are doing.
Analyst Programmer
0days & malware hunter since 2006

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #22 on: September 12, 2018, 11:32:34 AM »
I answered you with a private message. Did you receive it?

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #23 on: September 12, 2018, 01:52:43 PM »
Jackor and Jon79 after reading what you wrote, I was convinced to re-use CCAV, many things were not clear to me.  :D
Having said that with Kaspersky Free I find myself well but I am too fond of COMODO products also because I consider them solid in protection and I like them as an interface.

I'll let you know how I'll find myself.  :D

Thanks for now! ;) :-TU
« Last Edit: September 12, 2018, 01:54:45 PM by NDABBRU »

Offline klaken

  • Comodo Family Member
  • ***
  • Posts: 54
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #24 on: September 12, 2018, 08:27:13 PM »
Traditional av: Not detected = infected
CCAV: Not declared = sandbox = uninfected

Everything that has to do with the cams ... The question is that both legitimate programs that get into the sandbox.

For a home user very few or no program would be blocked by the sandbox ..

About valkyria I understand that currently have priority for the number of users who come across the file .. A new malware has a low number of users. so it's not a priority
Even so, they should increase the speed of classification.

Offline jackor

  • Comodo Loves me
  • ****
  • Posts: 145
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #25 on: September 13, 2018, 01:00:47 PM »
I think the speed of classifications will be upgraded.
At the moment i can confirm Valkyrie is slacking =)
Analyst Programmer
0days & malware hunter since 2006

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #26 on: September 13, 2018, 05:35:40 PM »
As indicated above, I reinstalled CCAV instead of Kaspersky Free. I did a test by downloading 7 malware, CCAV did not recognize even one immediately as malware and put them all in sandbox. After a few seconds, less than a minute 3 of these were recognized by Viruscope and eliminated them, while the others remained in sandbox. The height is that when I disabled Comodo the antivirus came into function Windows defender that immediately recognized them as malware and removed them all is 7. So I uninstalled CCAV by returning Kaspersky Free that recognized them and deleted all 7. So in conclusion it is true that with CCAV the system is not infected thanks to the sandbox but not immediately recognize even one seems too much, then Windows Defender has cleaned up everything. So this test did not convince me to resume using CCAV. I would have understood if on 7 malware 1 or 2 were not recognized immediately, but not 7. Then Valkyrie is always slow ... the other files in sandbox have been there for many minutes for malware certainly not 0 day.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1074
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #27 on: September 14, 2018, 02:16:18 AM »
As indicated above, I reinstalled CCAV instead of Kaspersky Free. I did a test by downloading 7 malware, CCAV did not recognize even one immediately as malware and put them all in sandbox. After a few seconds, less than a minute 3 of these were recognized by Viruscope and eliminated them, while the others remained in sandbox. The height is that when I disabled Comodo the antivirus came into function Windows defender that immediately recognized them as malware and removed them all is 7. So I uninstalled CCAV by returning Kaspersky Free that recognized them and deleted all 7. So in conclusion it is true that with CCAV the system is not infected thanks to the sandbox but not immediately recognize even one seems too much, then Windows Defender has cleaned up everything. So this test did not convince me to resume using CCAV. I would have understood if on 7 malware 1 or 2 were not recognized immediately, but not 7. Then Valkyrie is always slow ... the other files in sandbox have been there for many minutes for malware certainly not 0 day.

Low detection rate is not a big issue if you have the sandbox to keep you protected. The problem is the FP ratio. If everything (both good and bad) gets sandboxed, the user won't pay attention to the alert and just allow stuffs to run outside the sandbox. Plus, I had performance issues when running CCAV: high CPU and disk usage, slow boot time, slow browsing...
You can use several different security apps at once and have better performance than when running CCAV alone.

My current setup is:
  • FW: Binisoft WFC
  • AV: Avast Free (File Shield only) with Hardened Mode on Aggressive
  • BB: NoVirusThanks OSArmor
  • Misc: NoVirusThanks SysHardener, Fortinet Forticlient Web Filtering, uBlock Origin, Windows Privacy Dashboard, O&O ShutUp10
  • OD: AdwCleaner, HitmanPro, Zemana AntiMalware
  • DNS: CleanBrowsing DNS (Security Filter)

It seems quite a lot of stuffs, but I don't even notice they are there and this setup covers every protection layer:
  • First line: CleanBrowsing DNS (Security Filter)
  • Web Protection: Fortinet Forticlient Web Filtering
  • Vulnerability scan: Fortinet Forticlient Web Filtering
  • Outbound-alerting FW: Binisoft WFC
  • Traditional (blacklist-based) AV: Avast Free (File Shield only)
  • Default-deny (whitelist-based) AV: Avast Hardened Mode (Aggressive)
  • Second opinion: AdwCleaner, HitmanPro, Zemana AntiMalware
  • Behavior Blocker: NoVirusThanks OSArmor (Main protections settings)
  • Anti-exe: NoVirusThanks OSArmor (Advanced settings)
  • Exploit mitigation: NoVirusThanks OSArmor (Anti-Exploit settings)
  • Attack surface reduction: NoVirusThanks SysHardener
  • Privacy enforcing: Windows Privacy Dashboard, O&O ShutUp10
  • Ad-blocker: uBlock Origin

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 211
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #28 on: September 14, 2018, 03:32:57 AM »
Low detection rate is not a big issue if you have the sandbox to keep you protected. The problem is the FP ratio. If everything (both good and bad) gets sandboxed, the user won't pay attention to the alert and just allow stuffs to run outside the sandbox. Plus, I had performance issues when running CCAV: high CPU and disk usage, slow boot time, slow browsing...
You can use several different security apps at once and have better performance than when running CCAV alone.

My current setup is:
  • FW: Binisoft WFC
  • AV: Avast Free (File Shield only) with Hardened Mode on Aggressive
  • BB: NoVirusThanks OSArmor
  • Misc: NoVirusThanks SysHardener, Fortinet Forticlient Web Filtering, uBlock Origin, Windows Privacy Dashboard, O&O ShutUp10
  • OD: AdwCleaner, HitmanPro, Zemana AntiMalware
  • DNS: CleanBrowsing DNS (Security Filter)

It seems quite a lot of stuffs, but I don't even notice they are there and this setup covers every protection layer:
  • First line: CleanBrowsing DNS (Security Filter)
  • Web Protection: Fortinet Forticlient Web Filtering
  • Vulnerability scan: Fortinet Forticlient Web Filtering
  • Outbound-alerting FW: Binisoft WFC
  • Traditional (blacklist-based) AV: Avast Free (File Shield only)
  • Default-deny (whitelist-based) AV: Avast Hardened Mode (Aggressive)
  • Second opinion: AdwCleaner, HitmanPro, Zemana AntiMalware
  • Behavior Blocker: NoVirusThanks OSArmor (Main protections settings)
  • Anti-exe: NoVirusThanks OSArmor (Advanced settings)
  • Exploit mitigation: NoVirusThanks OSArmor (Anti-Exploit settings)
  • Attack surface reduction: NoVirusThanks SysHardener
  • Privacy enforcing: Windows Privacy Dashboard, O&O ShutUp10
  • Ad-blocker: uBlock Origin

I prefer that an antivirus cleans me as much as possible from infected files even if they are not executed, then the percentage of detection is high and better in my opinion then obviously the sandbox is certainly very useful and helps not to infect the machine but I think in percentage should come into operation right on the latest viruses that have not yet been recognized by the definitions.

So for now I rely on Kaspersky Free (or possibly the free cloud version of Kaspersky) since even today the latest viruses published on the following site: http://vxvault.net//URL_List.php (I tried the first 9)
he recognized them immediately and deleted both during the execution of each file, and in extrapolation of a zipped file (I had zipped the 9 viruses in a file) and during the insertion of a USB stick with the 9 viruses.

Probably CCAV would have sandoboxati all leaving some on the pc. I wonder what purpose since there are 9 viruses already recognized? Why keep them in the PC?

I really hope that CIS is improved in terms of heaviness in the PC startup phase a little dated because I think at the level of CIS or Comodo Antivirus antivirus detections are a bit better than CCAV, which is certainly to be improved in this sense, then obviously it is excellent for his sandbox.

Maybe I'm wrong but I think Kaspersky free or cloud free a step forward to CCAV.

My security configuration is very simple, Kaspesky Free, windows filewall(Windows 10) ublock origin and then I run the malware checking / cleaning tools with the Emsisoft emergency kit from time to time.

Thank you! ;)
« Last Edit: September 14, 2018, 03:34:58 AM by NDABBRU »

Offline cheater87

  • Comodo's Hero
  • *****
  • Posts: 672
Re: Comodo Cloud Antivirus v1.21.458953.792 hotfix release.
« Reply #29 on: September 14, 2018, 07:37:38 AM »
Opear doesn't have any internet connection when this is installed.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek