Author Topic: COMODO Cleaning Essentials ( Wishlist )  (Read 76695 times)

Offline wj32

  • Comodo's Hero
  • *****
  • Posts: 387
    • Process Hacker
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #30 on: December 27, 2010, 01:35:12 AM »
I think that's far beyond the scope of the program. You'll also have to clarify what operations you intend to track, because many (e.g. terminating a process, sending network data) are not reversible. Why not just use a sandbox program?
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #31 on: December 27, 2010, 12:31:24 PM »
This concept by elliotcroft may be an interesting addition to Killswitch.

Elliotcroft suggests a "process tracking" feature that logs the activities of a process. The user would designate which process he wishes to track, and then Killswitch will create a log for that process.  The tracker may help with debugging and with malware research.

Elliotcroft also proposes a rollback (or "undo") feature. If a process is malicious or causing crashes/freezes, the user can undo all the activities created by the process (it should probably also terminate the main process and all the processes it spawned). Kind of like Time Machine for processes.
In my opinion this option could only belong in a program that is meant to keep a computer clean. From my understanding CCE is meant to clean a computer that is already infected or ensure that it is not infected. Thus I don't see the purpose of tracking processes as killswitch already can tell you which are dangerous and which are safe.

Maybe I'm missing something. Please enlighten me if I am.

Thanks.

Offline Whoop-dee-doo

  • Cave Dweller
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1109
  • What are you staring at?
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #32 on: December 27, 2010, 01:21:51 PM »
I don't see the purpose of tracking processes as killswitch already can tell you which are dangerous and which are safe.

I am no expert, but it seems to me that Killswitch cannot identify 100% of malicious processes, and it sure cannot predict which non-malicious processes are causing conflicts/freezes. I thought process tracking may be helpful in identifying the activity of zero-day malware (no detections yet) and for monitoring processes that you suspect may be causing a conflict or crash. I do not fiddle much with process snooping, so those who have more experience with these issues can determine the utility of the suggestion. I merely bring it to your attention.
"The best way to have a good idea is to have a lot of ideas." - Linus Pauling   :-La 

"Don't find fault. Find a remedy." - Henry Ford

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #33 on: December 28, 2010, 06:06:26 AM »
2) When scan is finished Close button should return user to the main window.

+1000

It's so annoying right now.
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline JoWa

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5793
  • I believe in doubt.
    • Evolutionary history of life
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #34 on: December 28, 2010, 06:28:11 AM »
KillSwitch:

Add Comodo File Intelligence as search engine in right-click menu.

Add Verified Signer in Modules tab in Properties.

Thanks. :)
Ubuntu 19.04 | Chrome 75β | HTTPS Everywhere | Privacy Badger
Forum Policy | Comodo Product Help

Offline wj32

  • Comodo's Hero
  • *****
  • Posts: 387
    • Process Hacker
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #35 on: December 28, 2010, 06:59:52 AM »
Add Verified Signer in Modules tab in Properties.

I've already implemented this in Process Hacker 2.9. Seems like they were using an old version for KillSwitch.
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #36 on: December 28, 2010, 03:19:20 PM »
Have you already any idea how to improve the whitelist using DACS?
What about something like this:
If after 2 weeks of an undetected file by DACS the file remains undetected, the file goes to the whitelist. The file also need to be seem several times, so you can be sure that the file is quite extended, so have more chances to be a popular safe file



Is not 100% perfect, anyway you are having problems with some trusted certificates in malware so I guess that this process is not completely manual either
« Last Edit: December 28, 2010, 03:21:05 PM by lordraiden »

Offline kinemitor

  • Comodo's Hero
  • *****
  • Posts: 321
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #37 on: December 28, 2010, 06:43:27 PM »
Have you already any idea how to improve the whitelist using DACS?
What about something like this:
If after 2 weeks of an undetected file by DACS the file remains undetected, the file goes to the whitelist. The file also need to be seem several times, so you can be sure that the file is quite extended, so have more chances to be a popular safe file



Is not 100% perfect, anyway you are having problems with some trusted certificates in malware so I guess that this process is not completely manual either
we cannot asume a file is safe only for the quantity of users uploading it or the time being undetedted
but if no antivirus detect it in one week... i think its other case. but im not sure on how to implement it
it would be like in the future cis vercion with dacs, to stop autosanboxing old files

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5718
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #38 on: December 29, 2010, 12:38:01 AM »
i just recently tested CCE to clean a friends computer and love it. one thing that i would like to see get added is a new tab to killswitch that has the startup programs. This would be good to stop any malware from starting especially because a lot of malware disables the run feature to run msconfig.

i liked the restart feature cuz there was a rogue and after it restarted cce blocked the rogue from starting up so it could scan with no problems.
keep up the great work.
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #39 on: December 29, 2010, 05:34:42 AM »
A way to report false positives in KillSwitch
And what it is the FLS scanner?

Offline kinemitor

  • Comodo's Hero
  • *****
  • Posts: 321
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #40 on: December 29, 2010, 01:32:20 PM »
And what it is the FLS scanner?
i wan to know what mean the "absent" verdicct fls sometimes give

Offline Budda

  • Comodo Loves me
  • ****
  • Posts: 178
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #41 on: December 29, 2010, 04:00:12 PM »
I wish I wish with all my heart. . . . .

That somewhere on the CCE GUI and Killswitch GUI there was an indicator informing us if DACS is up and working.

Also, I know one wish per post but a Web page as well we could visit giving us the status of DACS  as well would be alright.  Like which current AV's are being supported, if they are on or off, and maybe even server load?

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #42 on: December 29, 2010, 04:03:40 PM »
I wish I wish with all my heart. . . . .

That somewhere on the CCE GUI and Killswitch GUI there was an indicator informing us if DACS is up and working.

Also, I know one wish per post but a Web page as well we could visit giving us the status of DACS  as well would be alright.  Like which current AV's are being supported, if they are on or off, and maybe even server load?

I find the idea good. It can be good to know if the servers of DACS is overloaded.

Take care all! :)

Regards,
            Valentin N
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline kinemitor

  • Comodo's Hero
  • *****
  • Posts: 321
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #43 on: December 29, 2010, 04:38:59 PM »
dacs dont use servers
remember its a p2p client

to implement something like this it should be like
see how much "antivirus A" contributors are online and so on

Offline Budda

  • Comodo Loves me
  • ****
  • Posts: 178
Re: COMODO Cleaning Essentials ( Wishlist )
« Reply #44 on: December 29, 2010, 04:42:45 PM »
dacs dont use servers
remember its a p2p client

to implement something like this it should be like
see how much "antivirus A" contributors are online and so on

I get the idea of the difference and I am still interested in finding out about what is online, how much of a given av product is represented on that p2p, and how congested some of the p2p connections might be (say one group of av users have slower bandwidth than the rest of the norm, we would expect given the same amount of traffic on the network they would be backed up in comparison to the other users).

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek