1. What actually happened or you saw:
Currently, to disable \ enable cloud AV user must dig in advanced settings. Even then, it is still only able to disable the cloud lookup entirely. There is no way to only disable the Cloud AV while still leaving the file rating intact. However you can disable file rating without disabling cloud AV.
2. What you wanted to happen or see:
I would like the ability to enable \ disable the cloud AV (while still leaving file rating intact) from the dash screen, and maybe from right-click menu on CIS icon as well.
3. Why you think it is desirable:
When you need to do file heavy operation, like defragmenting or scanning with second opinion (SE) scanner (Malwarebytes, EEK, Dr Web CureIt, etc) you usually want to temporary disable your main real time scanner, to speed-up the process. You can disable CIS AV from the dashboard, but cloud AV still scans all the files moved by defrag or scanned by SE scanner, slowing the whole thing. There are many other situations in which this would also be helpful, but this is just one example.
4. Any other information:
Not all CIS users are aware of cloud AV and \ or where exactly to enable \ disable it. Making CIS more modular gives user more flexibility, so user can set CIS better to his \ her needs (some may want to use file rating without cloud AV, or main AV without cloud AV, etc).
Maniak2000, I would also like to clarify what Dennis2 asked. Would you prefer for this wish to be primarily for the cloud AV detections to be disabled when the AV is disabled, or would you like this wish to instead primarily be for there to be an option added for the Cloud AV to be enabled or disabled separately from the normal AV? Either is fine, but I just wanted to make sure before we proceed further.
I suppose, the seperate option to enable \ disable cloud AV would be a more flexible option, as long as it is located on a main screen \ dash screen. So that you won’t have to dig in advanced settings every time you need to disable \ enable it.
On a side note, why do we need 2 antiviruses (main AV and cloud AV)? They’re both real time, so doesn’t it slow down program execution (like having 2 real time antivirus scanners installed)? I read somewhere on this forum, that it is done so that if user doesn’t install AV module s(he)'ll still have protection… Ok, if that’s the case, shouldn’t it be more logical to automatically disable cloud AV if main AV is present?
Okay, now you have peaked my curiosity with this very good question. Let’s discuss this a bit further and see if this wish changes form.
I assume that the main reason the cloud is not fully sufficient for detection is because it only works if the connection is fast enough. If the connection is not sufficient then files would note be correctly detected. Thus, the AV component, as described here, would certainly still be necessary for detection when there is no, or inadequate, internet connection. Thus, my opinion is that the AV component is necessary.
However, this view paints the cloud AV component as playing a certain role for the AV. The cloud seems to be the one which just makes sure that the most up-to-date signatures are available, and queries for suspicious behavior using the cloud. Therefore, in that way it seems that if the AV is disabled it just makes sense that the cloud should be disabled as well.
I suppose it really comes down to this. Can anyone think of a situation where a user would want the realtime AV disabled, but still want the cloud enabled? If so please let me know and let’s continue this discussion from there.
As far as I understand, cloud AV is a standard AV, with an exception that it doesn’t dowsnload AV definitions, but uses cloud to detect viruses \ malware, and is pretty useless without internet connection.
I don’t really see the benefit of running standard AV and cloud AV at the same time, especially if they use the same base (as I assume is the case with CIS), if anything it only adds workload on the system.
The benefit of Cloud AV is that you always have the latest database, without having to download updates, and probably it’s less resource consuming… As long as you’re connected to the internet. But in CIS case, since they’re both use the same database (unless i’m mistaken), you can just set CIS so that it’ll check for updates more often.
Since currently cloud AV is kinda hidden in advanced settings…and not very obvious, I think it would be a good thing if we could disable \ enable it from the dash screen.
The only situation where user might want to disable AV and leave cloud running is to improve system perfomance, if they’re always online, since cavwp.exe seems much less active when AV is disabled.
Maniak2000, in that case could you please edit the first post so that the wish is now aimed towards adding a separate option to disable just the Cloud AV?
Thank you, I made some modifications to the first post. I was also thinking that this would be helpful if it was possible to disable the cloud AV, while still leaving the ability for whitelisted applications to be automatically trusted intact. I added this to the first post. What do you think?
Hadn’t realized, that by disabling cloud AV you also disable file rating…you’d think these should be seperate things… I mean file rating checks files against online whitelist to put the file in trusted list or unrecognized list… and do this once (unless file’s changed). And cloud AV re-scans files every 6 hours (default update time and cache clearing time)… same as Main AV. That’s how it works…right?
I do believe that disabling Cloud Lookup disabled both the Cloud AV and checking against the whitelist. I am nearly certain of this, but can someone please verify that I am correct so that no mistakes are made?
i dont think they can be separated. They are dependant on each other. When lookup is enabled CIS checks the cloud for a verdict (malware, safe, unknown). if cloud lookup is disabled then CIS cant check the cloud for malware verdicts.
maybe comodo can separate the cloud lookup and give the user the option to disable lookups for malware an/or lookups for safe files. This way the user can just use the cloud av or just use the cloud trusted files list.
I think perhaps this would be the best approach. This would give more granular control to those who want it, while still leaving the defaults intact, which should be optimal for the vast majority of users.
Funny thing is: it appears you can currently disable cloud lookup without disabling cloud AV, but not the other way around.
In file rating settings, if you uncheck “Analyze unknown files in cloud…” files will no longer be placed in unknown or trusted list (you can check it by removing file from the unrecognized list and re-running it). So I assume this option is in charge for cloud whitelist lookup, leaving “Enable cloud lookup” responsible for cloud AV, but if you uncheck “Enable cloud lookup” , “Analyze unknown files in cloud…” will also become unchecked.
Okay, a lot has been discussed, and learned, in this topic. Maniak2000, to give a better starting place for continuing this processing, please edit the first post so that it now reflects everything you would like to see in this wish.
