Avoid whitelisted malware

  1. What actually happened or you saw:
    Sometimes malware can mistakenly be whitelisted and it can run in the user’s pc when CCAV checks Comodo online whitelist

  2. What you wanted to happen or see:
    Add an option (better under File Rating Settings) like "Only trust apps from “Trusted Vendors” and “Trusted Applications”.
    If enable, CCAV won’t check the online database for whitelisted apps, but only for malicious files

  3. Why you think it is desirable:
    To avoid whitelisted malware

  4. Any other information, screenshots etc:
    https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here-2017-no-live-malware-t117715.0.html

most of the ones in that thread are not whitelisted or trusted, they are malware with digital signature, I see a lot which are issued from Comodo, Symantec, etc. If malware has digital signature but not in trusted vendors it is contained. But it would be a good idea to have two options in file rating like you described:

  1. Trust files with trusted vendors.
    -add option to disable TVL lookup in the cloud, if disabled user can create own local TVL without cloud lookup detecting trusted vendors from the cloud. (and possibly make sure Comodo vendor and Microsoft vendors cannot be deleted or disabled at least without a warning).
  2. Trust applications which are whitelisted in the Comodo application whitelist.

First option may get rid of a few shady vendors, possibly adware or pup’s and second one can stop the occasional whitelisted malware. These two options would be good for those that want a complete lockdown like an anti-exe in a more convenient manner, but without the need to spend a dime.

yeah, you perfectly understood my meaning :-TU :slight_smile:

Upon detecting a threat, the user could erroneously click on “add to trusted list”. What can sometimes allow malicious action

Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

Hi All,
Please see enclosed proposal and share if that adequately covers this wishlist item.

Default settings would mean, no changes and still allowing advanced users to tweak to their needs.

Thanks
-umesh

That would be perfect :-TU

Since this only applies to vendors wouldnt it make more sense to put it under the trusted vendors menu?

That makes sense.
Actually, my proposal was to add the checkboxes to the “File rating settings” (mainly because there’s already a checkbox for PUA), but the “import/export” dropdown menu should be definitely placed under “Trusted vendors”

Hi,
Please see latest CCAV beta for this request implementation:
https://forums.comodo.com/beta-corner-ccav/comodo-cloud-antivirus-v119454622758-beta-t122366.0.html

Thanks
-umesh