Author Topic: Comodo Cloud AV Test Results & Reviews  (Read 24442 times)

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Re: Comodo Cloud AV Test Results & Reviews
« Reply #45 on: October 05, 2016, 06:16:25 AM »
[at]Jon79, It's not malicious. That's why.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1085
Re: Comodo Cloud AV Test Results & Reviews
« Reply #46 on: May 13, 2017, 11:20:07 AM »
Does anyone know if there is a test of CCAV vs. wannacry ransomware? I have only found a test about cfw
https://malwaretips.com/threads/comodo-firewall-10-vs-wannacry-ransomware.71403/

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #47 on: May 13, 2017, 04:59:36 PM »
I could not find a test of CCAV vs. wannacry, but I don't see why it wouldn't be blocked.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1085
Re: Comodo Cloud AV Test Results & Reviews
« Reply #48 on: May 13, 2017, 05:03:38 PM »
I could not find a test of CCAV vs. wannacry, but I don't see why it wouldn't be blocked.

I agree, but it would be nice to see more tests about CCAV :)

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #49 on: May 13, 2017, 05:27:09 PM »
I would be interesting to see if valkyrie could detect unknown ransomware. When browsing valkyrie I saw additional details which I didn't see before, particularly activity and screenshots (see attachments).

A lot of ransomware do indeed modify desktop background. Very excited to see the maturation of valkyrie.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4310
Re: Comodo Cloud AV Test Results & Reviews
« Reply #50 on: May 13, 2017, 05:42:32 PM »
I would be interesting to see if valkyrie could detect unknown ransomware. When browsing valkyrie I saw additional details which I didn't see before, particularly activity and screenshots (see attachments).

A lot of ransomware do indeed modify desktop background. Very excited to see the maturation of valkyrie.
For now killchain is for any submission detected as malware.
https://forums.comodo.com/comodo-valkyrie-fls/new-kill-chain-report-section-rereedit-t119280.0.html;msg857660#msg857660

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #51 on: May 13, 2017, 06:04:19 PM »
Thanks for the clarification. I'm assuming this is to test it first and make revisions as necessary until they have the required infrastructure to analyze all unknown files, obviously that will take considerable resources.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Comodo Cloud AV Test Results & Reviews
« Reply #52 on: May 13, 2017, 06:36:29 PM »
Thanks for the clarification. I'm assuming this is to test it first and make revisions as necessary until they have the required infrastructure to analyze all unknown files, obviously that will take considerable resources.


All unknowns are analyzed...
Killchain is only applied to malware files...if after analysis we find that its malware, we create the killchain report of it.
This killchain report is unique and companies pay a lot of money to have this kind of intelligence....so enjoy it ;)

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #53 on: May 13, 2017, 08:32:58 PM »
Ah, so I guess all unknown files are analyzed in the same manner, the killchain report is only generated after malware detection is added. Based on what futuretech said, I thought that the killchain was a different detection system applied only to already detected malware. In the past all unknowns were analyzed with CAMAS, so it makes sense that the same goes for Valkyrie. Therefore Valkyrie should have the ability to detect unknown ransomware and block it in CCAV, or at least eventually remove it (it is taking a while to detect the samples in my testing).

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Re: Comodo Cloud AV Test Results & Reviews
« Reply #54 on: May 14, 2017, 05:04:59 PM »
[...]
...if after analysis we find that its malware, we create the killchain report of it.
[...]

human analysis? it's a bit unclear.

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #55 on: May 14, 2017, 06:10:33 PM »
 I'm almost entirely sure they are automated based on the reports I have seen, it's similar in function to hybrid-analysis at https://www.reverse.it/. COMODO probably also uses sandboxes within server farms to evaluate application behavior. I'm guessing that even before human verdict classifies the file as malware, they already have the killchain report for malware analysts to view once the automated analysis is done, which in turn facilitates the process of providing safe or malicious file verdicts. Hopefully COMODO will clarify this.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1085
Re: Comodo Cloud AV Test Results & Reviews
« Reply #56 on: June 20, 2017, 05:23:20 AM »
https://avlab.pl/sites/default/files/68files/avlab_drive_by_download_test_en.pdf

On page 23 they wrote: "Software provider Comodo quickly implemented appropriate security rules for scripts and applications run by a PowerShell interpreter"

Any more info about this? Is it the new "block incoming/outgoing connections of sandboxed apps" feature?

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Comodo Cloud AV Test Results & Reviews
« Reply #57 on: June 20, 2017, 02:51:23 PM »
human analysis? it's a bit unclear.

To analyze a malware is a mixture of automated systems and human analysis.
not every file can be analyzed by automated means. It will fail if you did that.
A percentage of the files must be analyzed by hand...human analysts digging into the code, analyzing it.

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #58 on: June 20, 2017, 04:51:36 PM »
Yes, in addition to automated analysis human analysis must be done for accurate detection. Automated systems usually blacklist malware if the file is malicious with a high level of certainty. For the rest which are not high certainty and for unknown files in general human analysts come into play. Human analysis alone is not feasible because they would have to analyze and blacklist 300,000+ malware files every day and provide verdict for safe files.

[at]Jon79 that is related to the embedded code detection for interpreters such as powershell, wscript, cscript, etc, for sandboxing of so called "fileless" malware.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 580
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Comodo Cloud AV Test Results & Reviews
« Reply #59 on: June 20, 2017, 04:52:34 PM »
To analyze a malware is a mixture of automated systems and human analysis.
not every file can be analyzed by automated means. It will fail if you did that.
A percentage of the files must be analyzed by hand...human analysts digging into the code, analyzing it.

 :-TU :-TU :-TU  ;)
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek