Author Topic: Comodo Cloud AV Test Results & Reviews  (Read 25155 times)

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Cloud AV Test Results & Reviews
« Reply #75 on: July 23, 2017, 12:30:13 PM »
if everything caught in our containment/auto sandbox...and then sent to valkyrie and turned into either good file or malware...why do u need another av? (i am trying to understand the logical reason for future improvements)

Edit: wait, did mean why the guy in the video recommends a av alongside the sandbox? or why i am using one?  :)


The long wait time for unknown to be analyzed for novice users can be "bothersome" for novice users.
I have had 62 files (Game files) being analyzed for maybe 2 weeks.
And a folder on my VM with maybe 30 malicious files being analyzed for over 5 weeks.


!ot!
It would be nice if comodo could create its own visible window, to represent the unknown file when it dosen't want to show itself. When running inside the sandbox.
« Last Edit: July 25, 2017, 06:22:32 AM by BlueTesta »
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline Yousername

  • Comodo's Hero
  • *****
  • Posts: 236
Re: Comodo Cloud AV Test Results & Reviews
« Reply #76 on: July 23, 2017, 12:49:06 PM »
Comodo Cloud AV Review By Malware Blocker
https://www.youtube.com/watch?v=utW0ydR26ZU
Not really sure what is going on with this test. If there is no internet connection, of course CCAV won't detect anything. This reviewer said he redid the scan with the internet connection on. Any functional AV would be able to detect at least some of the threats in a malware pack as they are usually from a malware depository which has a lot of older samples (despite what these YT testers say). I think the connection still wasn't working properly, or CCAV didn't register the connection properly.

It could also be an issue with the VM/not restarting the computer after the installation. It looks like he skipped the initial quick scan, so it is possible that he didn't restart after installing CCAV. For most security programs a restart is needed to properly complete the installation and for the services to register fully. Also sometimes programs can behave abnormally when running in a VM.

Another thing that is confusing me is why this guy is saying that CCAV is compatible with other AV's. Just because it uses the cloud doesn't make it compatible with other AV's. The only real difference is that the scanner is using the definitions in the cloud rather than locally; the scanner still needs to access a file to scan it. Also, based on how Melih is questioning the need for another AV, I assume that CCAV wasn't designed to work along other AV's. I'm sure that some AV's can work along with CCAV naturally, but it is dangerous to assume that CCAV is compatible with most others. Nowhere does it say that CCAV was designed to work with other AV's.

Offline miloszcz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: Comodo Cloud AV Test Results & Reviews
« Reply #77 on: July 23, 2017, 04:42:00 PM »
 IMO it's impossible for CCAV to detect 0 samples from this package.

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Cloud AV Test Results & Reviews
« Reply #78 on: August 30, 2017, 02:08:39 PM »
Comodo Cloud Antivirus Review By Computer Solutions
https://www.youtube.com/watch?v=RR4RvfVyVUE
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Cloud AV Test Results & Reviews
« Reply #79 on: August 30, 2017, 03:52:49 PM »
Comodo Cloud Antivirus Review By Computer Solutions
https://www.youtube.com/watch?v=RR4RvfVyVUE
Keylogger test failed because SpyShelter test tool already trusted by Comodo File Intelligence  88)
but the big "FAILED" mark is totally unfair
« Last Edit: August 30, 2017, 03:56:24 PM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Cloud AV Test Results & Reviews
« Reply #80 on: August 30, 2017, 04:10:07 PM »
indeed
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Comodo Cloud AV Test Results & Reviews
« Reply #81 on: August 30, 2017, 06:39:13 PM »
Hi yigido,
In first look,
Keylogger downloaded from:
https://www.spyshelter.com/download/AntiTest.zip

is detected by Comodo for quite some time:
https://consumer.valkyrie.comodo.com/get_info?sha1=25aa8a22131271d12e2cb7f821eb333f0563e538


Investigating behavior in case cloud look up fails, however where do you see file treated as safe?

Quote from: yigido
Keylogger test failed because SpyShelter test tool already trusted by Comodo File Intelligence  88)

Thanks
-umesh



Keylogger test failed because SpyShelter test tool already trusted by Comodo File Intelligence  88)
but the big "FAILED" mark is totally unfair
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Comodo Cloud AV Test Results & Reviews
« Reply #82 on: August 30, 2017, 06:50:48 PM »
So i disabled AV component in CCAV just in case during test cloud lookup may have failed to see if Sandbox works and tested against Antitest.exe (SHA1: 25aa8a22131271d12e2cb7f821eb333f0563e538)

I could not produce!
It was always Sandboxed. Please see enclosed snaps.

Any of you able to re-produce?

Thanks
-umesh
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Cloud AV Test Results & Reviews
« Reply #83 on: August 31, 2017, 02:47:10 AM »
So i disabled AV component in CCAV just in case during test cloud lookup may have failed to see if Sandbox works and tested against Antitest.exe (SHA1: 25aa8a22131271d12e2cb7f821eb333f0563e538)

I could not produce!
It was always Sandboxed. Please see enclosed snaps.

Any of you able to re-produce?

Thanks
-umesh

CCAV always sandboxed the file on my machine aswell.


Could be that CCAV detected the Spyshelter AntiTest.exe and she/he whitelisted it (since it isent malware) and cleared the Detected Threats counter b4 the video was recorded.

Maybe he/she thought that "Ignore and add to whitlist" or "Ignore and report as fale alert(positive)"  was the exclusion for the AV and not for CCAV Core whitelist.
« Last Edit: August 31, 2017, 07:01:37 AM by BlueTesta »
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Cloud AV Test Results & Reviews
« Reply #84 on: August 31, 2017, 06:35:44 AM »
Hi yigido,

is detected by Comodo for quite some time:
https://consumer.valkyrie.comodo.com/get_info?sha1=25aa8a22131271d12e2cb7f821eb333f0563e538

Investigating behavior in case cloud look up fails, however where do you see file treated as safe?

Thanks
-umesh
Hi umesh,

In the near past we have this problem, please see the conversation below (it is in 2017)
https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here-2017-no-live-malware-t117715.0.html;msg849065#msg849065

I saw the tool whitelisted in 2016 by Valkyrie, too.
https://forums.comodo.com/comodo-valkyrie-fls/report-problems-with-valkyrie-file-verdict-service-t79618.0.html;msg829174#msg829174

Maybe this new version was sanboxed on your side but some old SpyShelter tools are trusted.
This tester guy may use the old version? Why not?
Please see the enclosed screenshots ;)
https://valkyrie.comodo.com/get_info?sha1=9a9fbbab0f91383a1c37a3133a69218fcdcc63ad

« Last Edit: August 31, 2017, 06:37:16 AM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Comodo Cloud AV Test Results & Reviews
« Reply #85 on: August 31, 2017, 10:10:00 AM »
Thank you for history :)

Let me have that old whitelisted file checked.

Thanks
-umesh
Hi umesh,

In the near past we have this problem, please see the conversation below (it is in 2017)
https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here-2017-no-live-malware-t117715.0.html;msg849065#msg849065

I saw the tool whitelisted in 2016 by Valkyrie, too.
https://forums.comodo.com/comodo-valkyrie-fls/report-problems-with-valkyrie-file-verdict-service-t79618.0.html;msg829174#msg829174

Maybe this new version was sanboxed on your side but some old SpyShelter tools are trusted.
This tester guy may use the old version? Why not?
Please see the enclosed screenshots ;)
https://valkyrie.comodo.com/get_info?sha1=9a9fbbab0f91383a1c37a3133a69218fcdcc63ad
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2111
Re: Comodo Cloud AV Test Results & Reviews
« Reply #86 on: August 31, 2017, 11:09:04 AM »
Been testing this also, CCAV works as it should and detects or sandboxes the file.
Does anybody have a copy of an older SpyShelter test for testing?
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Re: Comodo Cloud AV Test Results & Reviews
« Reply #87 on: August 31, 2017, 11:59:32 AM »
2016
SHA-1: 25AA8A22131271D12E2CB7F821EB333F0563E538

2015
SHA-1: 9A9FBBAB0F91383A1C37A3133A69218FCDCC63AD

2013
SHA-1: FDDD387A735B7C209B5FA01830C3B0A00B8FFAD7

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2111
Re: Comodo Cloud AV Test Results & Reviews
« Reply #88 on: August 31, 2017, 12:11:18 PM »
2016
SHA-1: 25AA8A22131271D12E2CB7F821EB333F0563E538

2015
SHA-1: 9A9FBBAB0F91383A1C37A3133A69218FCDCC63AD

2013
SHA-1: FDDD387A735B7C209B5FA01830C3B0A00B8FFAD7

According to virustotal Comodo detects the 2016 and 2015 version. However, the 2013 is not detected. I will download and test further when at my laptop.
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

Offline mike6688

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2111
Re: Comodo Cloud AV Test Results & Reviews
« Reply #89 on: August 31, 2017, 12:22:32 PM »
I can confirm the 2013 version runs without detection.  It also runs without any containment on my system, and is added to Trusted Vendor list automatically.

2016
SHA-1: 25AA8A22131271D12E2CB7F821EB333F0563E538

2015
SHA-1: 9A9FBBAB0F91383A1C37A3133A69218FCDCC63AD

2013
SHA-1: FDDD387A735B7C209B5FA01830C3B0A00B8FFAD7
Volunteer Moderator: Opinions are my own and may not reflect those of Comodo.  Please read and abide by the forum policy!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek