Behavior Blocker

Testing CIS 5 with some links and all are sandboxed but where do you go to see what the cima verdict is?

If found suspicious the AV component of CIS will receive the update and it will display the alert. I believe this is supposed to happen, on average, 15 minutes after the file is sent from the sandbox.

Can someone please correct me if I’m wrong?

The CIMA look up should be returned in 15 minutes according to egemen. I don’t know how it will look like. May be the file simply get cleared for being a Trusted file and moved there.

I had now 2 malicious files that were sandboxed and treated as partially limited. After the restart sandbox was clean but this suspicious files were still in the unrecognized files section. But about 20 minutes later they disappeared, so i think they’ve been checked and found malicious and deleted from my computer

Why dont you check your Defense+ Events. It will show what hapened to them. They can be safe.

CIS uploads the file to CIMA if the file is
2 - NOT OBSERVED BEFORE i.e. this file must not have been submitted to COMODO before.

If it is submited before, cloud scanner will catch it if it is a VIRUS anyway. If it is not, then if CIMA finds it suspicious, you will get an alert.

So only NEW UNKNOWN files are submitted to CIMA.

Sorry but I don’t see any log. ??? I see how it was sandboxed (partially limited) and that’s all

click on more…

Still nothing. I know those files were malicious from MDL so i am not so anxious they disappeared just i wanted to know how it works