1. What actually happened
Unknown file (for my video ffdt.exe) did not added to “Being Analyzed” list when I answer “Run outside of Sandbox”
2. What you did to cause that to happen, step by step
I) Find an unknown file for yourself.
II) Set Sandbox settings to “Ask for Untrusted applications”
III) Run your unknown file and answer to Sandbox alert “Run Outside Sanbdox”
IV) Check “Being Analyzed” list and your unknown file did not add to the list. WHY?
Close all apps and alert.
V) Run your unknown file and answer to Sandbox alert “Run in Sanbdox”
VI) Now, your unknown file added to “Being Analyzed” list.
…
3. If you repeat these steps does the same thing always happen
Yes, everytime.
4. What you expected or wanted to happen
For every sandbox decision or alert… All unknowns should be added to “Being Analyzed” list
5. Operating system, whether 32 or 64bit, and service pack number
Windows 7 Home Premium SP1 64bit - Fully updated
CCAV full version number (from Help ~ About)
CCAV 1.10.413855.478 hotfix
6. Any other security or sandbox software installed now or previously
NO, only CCAV
7. Does this problem occur if you load the default configuration and reboot
Default Sandbox setting is virtualize every unknown, but if you set sandbox to “Ask for Untrusted applications”… it occurs everytime.
8. Any other relevant information (eg Your guess at the reason for the bug)
This video may help you more than my words, I am sure Please watch the video below https://www.sendspace.com/file/p0es2j
9. Links to requested files
Diagnostic report attached.
My unknown file attached (but it is gonna be trusted, I submitted it for whitelisting) Find yourself an unknown file
1 - Only applications, which end up running in Sandbox will be submitted to Valkyrie directly and will be classified into Trusted or Malicious on priority basis. Therefore, “Valkyrie Analysis Results” section will only show status of applications, which have run in Sandbox.
2 - You can always submit files to Valkyrie using right click option (i.e. “Comodo Cloud Antivirus → Submit to Valkyrie”) or via “Help → Submit File” menu.
This way must be changed. We had rating scan before… then it was removed…
Then we had full scan after install…but this was changed to “quick scan”…but after that scans, unknown files did not added to “Being Analyzed” list.
This must be change. Check CIS in same senario… CIS adds the unknown file to unknow list after rating scan. This is why I like rating scan
Maybe developers should check or think this again.
Ye, i prefered Valkrie pre Comodo Cloud Antivirus v1.8.407941.426 build when they uploaded ever unknown to valkrie.
but most likely they changed this so they can reduce the load on the system, and make any unknown that are actually running (in sandbox by default) to give a faster verdict back.
I would prefer that they upload all unknown but gives priority to all unknown running in sandbox or being blocked
(depends on what setting the user use)
run in sandbox, run only safe aplication (Block unknown)
also if the user decide to run outside the sandbox, they should also be uploaded.
In short; upload any unknown that triggers a sandbox alert.
also make a Viruscope signature of a known(Detected) malware running in the sandbox, and upload that detection to the cloud and share it to all other user.
So users dont have to run it b4 they get a verdict back from Viruscope, (for the same file, since they should get the same verdict)
Please watch the video below