Please report any malware that can bypass CCAV !

[akazanci]

Hi, I am a new member and using the CCAV for 3 months. I just want to give a little help as I could.
I am a teacher. We use a lot of usb disks eachother and ve have got so many trojans and malwares on the disks.

I was using 360 total sec. and CCAV could not find some files that 360 Total could.
I do not want to compare... Just want to improve my  CCAV.
I dont know how I can show these to you...May be the name:
For example :  Gen:Variant.Coantor.28

I scanned two times but he newer find a problem.
If you ask me something I will be happy.

[Graham1]

May I ask how would we know if the file was malware? The way I see it (please correct me if I'm wrong) but if CCAV was unaware of a file (which could be legit) it would automatically get sandboxed. If a file was malware and was somehow allowed to run (say, trusted by user) CCAV wouldn't alert us unless cloud detection (antivirus) said otherwise. In this scenario, it is likely the infected file would be going about it's business without the user even knowing.

I think it would be useful to show a flow diagram how files (trusted/untrusted) are processed within CCAV and CIS showing the strengths and weaknesses of each.

[akazanci]

Here is the Malware detection problem:

[yigido]

Dear Kazancı,

Can you please recover the file from 360 Security's quarantine and upload it to Virustotal. https://www.virustotal.com/tr/
I think your USB drive infected via worm virus, which shown as "shortcuts" in your drive with the same name of your files.

By the way, we have Turkish section on Comodo, if you believe you can explain yourself better in Turkish. Please open a new topic
https://forums.comodo.com/turkce-turkish-b31.0/
I am also another Turkish user of Comodo.

This section of forum must be in English, and your issue is not a by-pass of CCAV. It is just lack of signature to detect that malware.
Please open a new thread and explain in Turkish, even [at]SARTEK will assist you via remote control. 

[Melih]

Here is the Malware detection problem:

Bypassing: Jumping out of our Containment
Detection: detecting malware or not.

two different things...

[akazanci]

By the way, we have Turkish section on Comodo, if you believe you can explain yourself better in Turkish. Please open a new topic
https://forums.comodo.com/turkce-turkish-b31.0/


This section of forum must be in English, and your issue is not a by-pass of CCAV. It is just lack of signature to detect that malware.
Please open a new thread and explain in Turkish, even [at]SARTEK will assist you via remote control. 

[/b]

Thank you for your advice. You are a very positive man. I opened a new topic. Really thanks.   

Bypassing: Jumping out of our Containment
Detection: detecting malware or not.

two different things...

[/b]

Dear Melih, I used to think that "by-pass" would be jump of a bandit from the wall instead of the fortress gate, unaware of the castle guardians,   So, thank you for your logical teaching using just a little sentences.   

[BuketB]

Hi akazancı,

Detection for the sample you shared has been added in the blacklisting of our signature database. It will be available by version No DB 26391.

For your information

Kind Regards
Buket 

Thank you for your advice. You are a very positive man. I opened a new topic. Really thanks.   




Dear Melih, I used to think that "by-pass" would be jump of a bandit from the wall instead of the fortress gate, unaware of the castle guardians,   So, thank you for your logical teaching using just a little sentences.   

[Jon79]

Petya ransomware can bypass CCAV, while is blocked by CFW

https://malwaretips.com/threads/comodo-cloud-av-autosandbox-only-petya-bypassed.67767/

[Umesh]

Hi Jon79,
this has been fixed in latest release:
https://forums.comodo.com/news-announcements-feedback-ccav/comodo-cloud-antivirus-v18407941426-released-t117992.0.html

Thanks
-umesh

Petya ransomware can bypass CCAV, while is blocked by CFW

https://malwaretips.com/threads/comodo-cloud-av-autosandbox-only-petya-bypassed.67767/

[Jon79]

Good job