The container is all well and good, but some of us like to block all unknown files instead of letting them run contained.
As everyone here is probably well aware, the container can identify malware REALLY fast. Because if it’s malware, it’s going to try to access loads of stuff that triggers the recognizer, if it’s not malware, it just does its thing inside the sandbox and nothing of note happens.
The unknown sample is submitted to the cloud either way, but when the unknown file is only blocked the result from the cloud takes more than a week to come back…if it ever comes back at all before our own preferred second opinion scans detect it.
Give your users options, process unknown submissions that aren’t run in containment by the user with a higher priority than submissions that were sandboxed…Anyone who runs unknown files in the container can quickly figure out what’s good and what’s bad.
People who choose to block things unknown to comodo need a timely answer. I don’t know the inner workings of your company or what kinds of machines valkyrie is running on. But bitdefender is able to identify unknown malware from file submissions and add them to their database in a matter of seconds.
With a whitelisting application, it’s not as high of a priority, but it shouldn’t require more than a day for a file submission to get identified.
