Comodo Cloud Antivirus v1.8.407941.426 Released

[Umesh]

Hi Yash Khan,

Whitelisted Installers run out of sandbox BUT if couple files get sandboxed - Probs here i.e how would I know if the programs my family installed were installed completely or incompletely i.e couple files were sandboxed?

When you install a trusted installer, all files dropped by it are treated Safe. But in case you have old installation, decision is made based on executed application's file verdict.

So if you install a new setup and if setup is safe, you should not see any files in sandbox.

Please let us know if you see any problems.

Thanks
-umesh

I am thinking of installing CCAV on my & cousin family systems.

Unknown Installers run sandboxed & everything is cleared - No probs here.

Whitelisted Installers run out of sandbox BUT if couple files get sandboxed - Probs here i.e how would I know if the programs my family installed were installed completely or incompletely i.e couple files were sandboxed?

[khanyash]

Hi Yash Khan,
When you install a trusted installer, all files dropped by it are treated Safe. But in case you have old installation, decision is made based on executed application's file verdict.

So if you install a new setup and if setup is safe, you should not see any files in sandbox.

Please let us know if you see any problems.

Thanks
-umesh

Whitelisted Installers & Whitelisted Programs/Installers are different, right?

I meant Whitelisted Programs.

[Umesh]

Hi Yash Khan,
Sorry, i don't follow question fully, will give a try. An application may be installer or non-installer type.
If application (installer or non-installer) safe, it will run outside Sandbox.

Thanks
-umesh

Whitelisted Installers & Whitelisted Programs/Installers are different, right?

I meant Whitelisted Programs.

[khanyash]

Hi Yash Khan,
Sorry, i don't follow question fully, will give a try. An application may be installer or non-installer type.
If application (installer or non-installer) safe, it will run outside Sandbox.

Thanks
-umesh

If I am correct, you or other Dev have previously mentioned that "Trusted Installers" & "Whitelisted Programs" are different in CCAV.

Trusted Installer - You mentioned, "all files dropped by trusted installers are treated safe".

Whitelisted Programs - If I install a whitelisted program, "all files dropped by whitelisted program are treated safe" too?

[Umesh]

Hi Yash Khan,
Let me give you an example.
If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type.

So to answer your question, if A.exe is safe and non-installer type and B.exe is not safe on it's own, B.exe won't be treated safe.

If I am correct, you or other Dev have previously mentioned that "Trusted Installers" & "Whitelisted Programs" are different in CCAV.

I am not sure where and in what reference it has been mentioned. But i guess with example i gave, it should clear up as what you can expect.

If i have to define "Trusted Installers" & "Whitelisted Programs", i will put following way:
If a "Whitelisted program" is installer type, it can be called "Trusted Installer".

Thanks
-umesh

If I am correct, you or other Dev have previously mentioned that "Trusted Installers" & "Whitelisted Programs" are different in CCAV.

Trusted Installer - You mentioned, "all files dropped by trusted installers are treated safe".

Whitelisted Programs - If I install a whitelisted program, "all files dropped by whitelisted program are treated safe" in this case too?

[khanyash]

Hi Yash Khan,
Let me give you an example.
If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type.

So to answer your question, if A.exe is safe and non-installer type and B.exe is not safe on it's own, B.exe won't be treated safe.I am not sure where and in what reference it has been mentioned. But i guess with example i gave, it should clear up as what you can expect.

If i have to define "Trusted Installers" & "Whitelisted Programs", i will put following way:
If a "Whitelisted program" is installer type, it can be called "Trusted Installer".

Thanks
-umesh

Ok, its clear now...Thank You

I had mentioned -
"I dont understand how "trust files installed by trusted installers" works?

For ex - I install latest stable FreeDownloadManager 5. When I start the install, there is no alert (that means FDM is trusted/whitelisted/TVL) But during install, why 3-4 files are sandboxed/blocked (as per selected sandbox settings)?"

Buket replied -
"First of all, CCAV does not trust the files installed by trusted installers; but trusts the applications that are started by trusted installers. Trusted installer logic has parameters as name or filesize and the final verdict is done according to those parameters."

https://forums.comodo.com/news-announcements-feedback-ccav/comodo-cloud-antivirus-15398119328-is-released-t116480.0.html

[khanyash]

"If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type."

So the same for unknown installers allowed by users i.e selected "Dont isolate again"?

Ex - If A.exe drops B.exe and B.exe is unknown by itself, B.exe wll be treated safe or not if A.exe was allowed by the user i.e selected "Dont isolate again" and installer type?

[Umesh]

Hi Yash Khan,
Please install "FreeDownloadManager 5" with latest CCAV and share your experience.

CCAV has been evolving product.

Thanks
-umesh

Ok, its clear now...Thank You

I had mentioned -
"I dont understand how "trust files installed by trusted installers" works?

For ex - I install latest stable FreeDownloadManager 5. When I start the install, there is no alert (that means FDM is trusted/whitelisted/TVL) But during install, why 3-4 files are sandboxed/blocked (as per selected sandbox settings)?"

Buket replied -
"First of all, CCAV does not trust the files installed by trusted installers; but trusts the applications that are started by trusted installers. Trusted installer logic has parameters as name or filesize and the final verdict is done according to those parameters."

https://forums.comodo.com/news-announcements-feedback-ccav/comodo-cloud-antivirus-15398119328-is-released-t116480.0.html

[Umesh]

Hi Yash Khan,
If you are trusting locally, yes. Because as a user, you are overriding and wants it to be treated safe.

Thanks
-umesh

"If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type."

So the same for unknown installers allowed by users i.e selected "Dont isolate again"?

Ex - If A.exe drops B.exe and B.exe is unknown by itself, B.exe wll be treated safe or not if A.exe was allowed by the user i.e selected "Dont isolate again" and installer type?

[khanyash]

Offcoz I will check the things But it seems you too got confused with Buket reply And now not clear you or Buket is correct?

[Umesh]

 
Give a try and lets put my explanation to test against latest CCAV.

Thanks
-umesh

Offcoz I will check the things But it seems you too got confused with Buket reply And now not clear you or Buket is correct?

[khanyash]

Give a try and lets put my explanation to test against latest CCAV.

Thanks
-umesh

Currently, I am doing that...Result coming soon...

By the way, you guys have removed rating scan & full scan progress looked like will take 6-7 hours to complete of a 50GB full drive And without running scan, everything on the system is very slow.

[BuketB]

Hello Yash Khan,

CCAV is a product that is evolving currently and there are many changes done; for  this reason you should always pay attention on the latest information . As Umesh stated above, you could test and see as well.

ps: all previous explanations came directly from development team, please pay attention that each release there are changes on logic, in case you need further information I would be happy to help you anytime.

For your information,

Kind Regards
Buket

Offcoz I will check the things But it seems you too got confused with Buket reply And now not clear you or Buket is correct?

[khanyash]

Hello Yash Khan,

CCAV is a product that is evolving currently and there are many changes done; for  this reason you should always pay attention on the latest information . As Umesh stated above, you could test and see as well.

ps: all previous explanations came directly from development team, please pay attention that each release there are changes on logic, in case you need further information I would be happy to help you anytime.

For your information,

Kind Regards
Buket

Dear Buket,

I always check those 2 lines changelog with 100 lines release notes you guys post And other info in the thread.

Very few users visit & post in CCAV threads And I am one of those very few users with your mentioned "attention" & interest.

I have mentioned & discussed the discussed point here quite a few times coz everytime I tried CCAV & in some cases CIS too, my experience was different whatever changelog, logic, etc... was mentioned in the release.

This release came with a good changelog so I decided to test the usability & posted my query that lead to good discussion & info & made things more clear.

umesh & I were having fun...you kinda killed the fun & my interest in my on-going usability test.

Thank You

P.S - "Pay Attention" - I always, you guys do need little practice...try & have fun.

[khanyash]

umesh,

As per you, Latest CCAV Release

"Trusted Installers
If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type.
Unknown Installers
If A.exe drops B.exe and B.exe is unknown by itself, B.exe wll be treated safe if A.exe was allowed by the user i.e selected "Dont isolate again" and installer type."

I did little Usability Test with Trusted Installers & Unknown Installers.
CCAV - Latest Release Defaults
Internet - Connected
CCAV Full Scan Run On The System - No
System - Win 10 64 Pro Anniversary Build Fully Updated
Windows Firewall Defaults
No Other RealTime Security Software Installed
CCAV Installed, System Restarted, ISE Uninstalled & System Restarted

Trusted Installers (CCAV Usability Test)
(Installed Programs & Uninstalled Programs)
Aomei Backupper Pro 4.0.2.0
DeepArmor 3.6 Beta
DriverTalent 6.4.49.150
EaseUS Todo Backup Home 10
Kerish Doctor 4.65
Macrium Reflect Home 6.3.1665.0
VMware Workstation 12.5.1
Nitro Pro 10
RecoverPassword 1.0.0.29
TeraCopy 2.3
VoodooShield 3.5
Western Digital Diagnostics Utility 1.28
FreeFileSync 8.6

Install & Uninstall Result - During install/uninstall, no files of the programs were autosandboxed...Good Job.

Unknown Installers (CCAV Usability Test)
(Installed Programs & Uninstalled Programs)
FortCryptoExtension 2.0
VidCoder 2.47
Windows Firewall Control 4.7.2.0

Install Result - All the Unknown Installers were autosandboxed, I selected "Dont Isolate Again". Ran the Unknown Installers again And during install, no files were autosandboxed...Good Job.

Uninstall Result - During FortCryptoExtension 2.0 & VidCoder 2.47 uninstall, no files of the programs were autosandboxed...Good Job.

Windows Firewall Control 4.7.2.0 - During uninstall, 4 files of the program were autosandboxed And only 1 autosandbox alert was there i.e no autosandbox alerts were there for 3 other autosandboxed files And WFC seemed uninstalled fine.

Overall, I think was an impressive result with my little Trusted & Unknown Installers CCAV Usability Test.

Good Job Guys