File breakaway.exe SHA1 A2FCB455D9E24983C93A02C79777107E8AC63DC0
According to http://file-intelligence.comodo.com/ this file was first introduced almost a year ago.
I also submitted this file to whitelisting thread sever times.
And yet CIS and CCE (killswitch) say that this file is unknown.
I know that for the file to be whitelisted it has to be examined by comodo team “in person”, but there are millions of files introduced to the internet every day, and, I don’t know how many people there are inspecting these files in Comodo, but the way it is now there will be ALWAYS huge backlog.
I’m trying to say, we have Virustotal, Valkyrie, Camas maybe other services I don’t know about where every user can upload a file and verify it’s safe-ness in a metter of minutes. Can’t we or they (comodo) do something that adds a file to global whitelist as soon as file is proven safe by those services?
Yes I can just add a file to local trust list but that won’t do a thing to global whitelist and other people who might have this same file will still have this file as unknown. If one person could verify that file is safe by him \ herself and add the file to global whitelist (only if all checks are green), whouldn’t this greatly speed up this whole “unknown” mess?
Yes they did. It was in 2011 whitelisting thread, that I can’t find anymore. I asked them to whitelist Breakaway.exe, Rainlendar2.exe ( SHA1 5E5673A8ADECA61A3570C7D9A79C0DC66683982E ) and zplayer.exe.
Few posts later they answered “Thank you, we’re proccesing your request” and few pages later they answered “your request has been proccesed”. Yet Breakaway.exe and Rainlendar2.exe is still unknown, Zplayer.exe ( SHA1 098AF196CA09F5D0E97FDCA2CCE16C69C5367779 ) has been updated to a newer version since then and currently is listed as safe
Unfortunately this file has been submitted by CIS users as malware also (looks like it was detected by some antivirus vendors previously). Absence of digital signature does not allow verify file content with 100% probability. This is the reason of Unknown/Gray verdict for such long time.
Even if this file was detected as malware by some antivirus before, it sems to be clean now (according to virus total) there are such things as false positive you know, and they, unfortunatly aren’t that rare.
As for digital signature, not every legit file on the internet is digitally signed. Rainlendar 2.9 for example as you can see is a legit program. you can download it here http://www.rainlendar.net/cms/index.php?option=com_rny_download&all=1 lite version 64 bit and it’s not digitally signed… even Virustotal has some kind of problem with those signatures according to Comodo Dragon.
And I remind you that this file was added almost a year ago, are you telling me that a whole year is not enough to tell if a file is safe or not? I know that you have huge backlog and stuff but still…
So… what? Are we going to let it dust for another year or two?
As I said before I think that current “system” of adding to white-list while secure and dependent, will never keep up with new files.
Isn’t it annoying for you guys that Defence+ “sandboxes” every new file (and by sanboxin I mean just dropping program’s rights that may cause it to not work correctly)?
Yeah, digital signatures are good, but not all files have them. And file without such signature doesn’t mean it’s malware.
Isn’t 100% clean result from virustotal, valkyrie and Camas is kinda tells you that file is safe?
I maybe (excuse me) bitching about a single file here, but there are much more of those in the system.
How many unknown files “sandboxed” in your system or how many (if any) you manually added to trusted list, peolpe?
Your thoughts, people?
Not really. It’s easy enough to manually trust a file.
In fact, I’d prefer it that way over using a whitelist. I’m the sort that doesn’t really care if anyone else trusts an application. I prefer to only trust the applications that I personally have installed on my system. Anything else is irrelevant as far as I’m concerned.
If you trust every application you install, why do you need Defence+ in the first place?
Am I failing to understand something here?
I mean Every Firewall and defence+ alert say is more or less “if you started this app and trust it then allow action, otherwise deny”.
Let’s say you downloaded an app do you trust this app? you don’t even know what it does, I mean yeah, site said it does so and so but what it does in reality… so anyway you start it and get Defence+ alert saying that this app is trying to install hooks, manipulate programs or do other stuff…do you trust it? Well, I think, if there’s a warning then that must mean it shouldn’t do that, so I press deny and bam… program gives an error(s) and closes. Yeah you can change that program’s permissions, but doing it for every program is tiring. <<---- this was just an example of what an averege user might think, not my thought process.
Again, digital signatures are good, but they’re not on every legit file on the internet…yet.
Maybe it would improve situation a bit if Comodo added some sort of user summary for those alerts, I mean how many allowed and denied each file and \ or action, Maybe with comments (if not in alert box then by link to a page)… sort of like virustotal does… I guess.
That’s easy… To protect me from the things I don’t trust…
I use a virtual machine to test anything I’m unsure of.
CIS used to have threatcast, which did that.
But again, I put no stock behind behind how many users chose to do whatever. Community driven systems have a huge drawback. The community. As the Web Of Trust community website rating system shows, a great deal of the community has no clue what they’re doing. As such, WOT gives no reliable ‘security’, and is definitely not something I can ‘trust’.
HeffeD, then, do you use “easy mode” (“more” option is unchecked) when handling defence+ alrerts or “Hard mode” when you monitor every possible action (“more” option is checked)? Also, do you think this system or layout \ options of defence+ alert box should be changed?
p.s. sorry this is going off-topic, but I’m trying to understabd how people react to those, I figured antivirus alerts and firewall alerts, just having trouble with defence+
As for changes to the alert layout, it seems pretty straightforward to me.
The only think that I might find useful in the vein of something you’re looking for is if there was a rating from Comodo analysts. I would put more stock in them than I would a user or community rating.