COMODO Cleaning Essentials ( Wishlist )

[BoredNow]

My apologies if this has been mentioned somewhere in the proceeding 8 pages.

I was wondering if we could get a keyboard shortcut that would terminate any unknown/malicious processes.
This might only be possible if Killswitch is the default task manager...I don't know.

The reason I ask is that a Blackhole or Screen-Jacker will cover the screen, which means you don't have access to the Killswitch window...or anything else.

Also, in a similar vein, sometimes a malware window will cover the "are you sure you want to terminate this process" window.
It would be nice to be able to hit... "Enter"...like with Windows Task Manager.

Thanks

[morphiusz]

I like it, some malware can cover your desktop and you can't click anything.

[BoredNow]

Also, it would be nice if CCE/KillSwitch could always be on foreground, in case some fullscreen (ransom) malware is running.
I tested one today (which for some reason didn't fill the whole screen) and couldn't terminate it via KillSwitch, just because the "are you sure you want to terminate this program" dialog box was hidden behind the malware.

Yes, this is another approach to the problem....+++

Of all the malware I've tested, I dread the "screen-jackers" and "blackholes" the most.

Does anyone have tricks to escape these malwares?

Since I always sandbox my browser (inside VMware) I can just power off the machine and the malware can't start up with Windows because it's just sitting in the sandbox.
But are there alternate methods?

[w-e-v]

It would be awsome if KS could display the SHA1 of a file (safe or malware).
That we could compare it with many online tools, as for example Valkyrie and File Intelligence.

Or even better to add into KS a submenu for any file, where it allows you to look for the file in Valkyrie and FI services.

For example, I am using KS and this file is unknown for KS:
C:\TOSHIBA\E-KEY\CeEKey.exe

However, I looked for it in VirusTotal, Valkyrie and File Intelligence, and they all said it was SAFE:
http://www.virustotal.com/file-scan/report.html?id=881f7ba506f176adb3ce814448b88eb6f26ffb2cfda3c897a80ebd07b4d0abc0-1310360596

http://file-intelligence.comodo.com/index.php (using SHA1: a8510e731763f0bf6ab5e6a927b3291cb62a258e)

http://v.comodo.com/Result.aspx?sha1=a8510e731763f0bf6ab5e6a927b3291cb62a258e&&query=0&&filename=CeEKey.exe


Of course all this I submitted manually (except for the VirusTotal submission).
If we users where able to do this automatically, would save a lot of time and set a veredict faster, even if KS shows that a file is Unknown.

[w-e-v]

It would also be great that KS could be able to send through email some information about an active process.
Some info like:

SHA1, MD5, location, etc.

And specially if the active file itself can be send through email for further analysis!

[matu]

KIllswitch: Can you put Services and Drivers on different tabs please? (or make that an option)

[wj32]

KIllswitch: Can you put Services and Drivers on different tabs please? (or make that an option)

They're all services, and it happens that "driver" is a type of service. Actually loaded drivers are viewed by double-clicking System (this includes drivers that are not loaded through the service manager).

[SivaSuresh]

Can we have a verdict of the services/drivers in KillSwitch ?

Known good services (Safe), Known Bad (rootkits, etc...), Unknown...

Currently the services list is very big, and hard to look at and decide....isn't it ?

[Tech]

SivaSuresh, services are, after all, a process running.
The answer will be, in my opinion, in the processes tab already.

[SivaSuresh]

No. Services are not just processes, they are lot more than that...

Besides, there are many services scheduled to start with system. It is very important to have verdict for services (If possible)

[karl1986]

Bootable version. 

+1

[karl1986]

I wish that  DACS results, where virus is detected will be marked on red, like malicious processes in KillSwitch.
You know what i mean? When you open "Verdict" than you see smoething like that:




Thank u flash Paweł:P

+1

[karl1986]

What I would like to see is for CCE to show the results after the scan has finished (Just like Comodo Antivirus currently does). There should also be the option, next to each result, to check it with DACS.

This would make it much easier to differentiate malware and false positives.

+1

[karl1986]

  Question: What will be further from the CCE, whether integration into the CIS or become self-loading the program as other programs from the developers of "COMODO", it would be nice and a beta version and boot program as an assistant to anti-virus.

  Sorry for my English.

[wasgij6]

1. change name of the new autoruns to comodo autorun manager and integrate into CFM

2. develop a small tool into killswitch that allows the user to unlock exe's from other process
here a great example unlocker