I actually have a problem with a file.
SHA1 : 5bab129cda2d9b8a354df54930213d65cd8885c0
The file marked as “Safe” on FLS. File is starts-up with windows and it is isolated. I clicked on “Do not isolate this again” and I stopped the process, andrun the file again and file sandboxed again.
I stopped the process.
I clicked on “Run as Trusted Application”… it did not work, file sandboxed again. I stopped the process after this.
I went to Settings > RealTime Protection > Trusted Application > the file is already in the list but CCAV continuously isolets the file even the file is safe on FLS, and marked as safe by user and runned as trusted application.
Can you please check this. You can contact me at PM if you want about this.
No no… The “local file rating / reputation scan” MUST be local and not to pass on Valkyrie. This needs to be local and this local list needs to have more priority then the cloud because some files needs to be populated as trusted as we install ccav, like some catalyst files. If this is going to be connected with valkyrie then we will have big problems with some of these files getting automatic blocked as unknow or bad files (blocked or sandboxed) and this is the worst case because these kind of files when running virtualized or not running at all will make the system inconsistent or make windows have bad behavior like bsods, bugs, etc.
Maybe this list could be connected to valkirye but the “local user rating” needs to have more priority as valkyrie veridict. Maybe when valkyrie understand these files then these files can get some kind of trusted label or indicator.
I dont know if Im making my point clear here.
This feature is on CIS and it works great. This “local file rating / reputation scan” makes a lot easier to handle system problems and this local list will prevent a lot of problems with important files that needs to run without interruptions from antivirus, etc.
yes. this feature. thats the one that devs should implement on ccav. for compatibility and usability. But the valkyrie thing needs to have lower priority then the local marked by the user when finishing the scan.
In case of Catalyst files (I assume yro is referring here to the AMD Catalyst graphics drivers suite) the files belonging to the Catalyst suite will be trusted because they get installed by a trusted installer.
some .dll files from trusted vendors are not digitally signed. So CIS can snadbox them, it is normal. An advanced CIS user know about that.
Install a system and drivers, run rating scan and add all unknowns to trusted files list. This is what I do always
That’s simply not the case. Even though files come from trusted installer, they aren’t automatically whitelisted. I know because when I made a reputation scan I got literally tons of Catalyst files as “Unknown”.
There is rightclick option run in sandbox, main GUI have the option run in sandbox & sandbox settings have the option run in sandbox always.
I think no need of sandbox settings option. Main GUI option run in sandbox feature should have both the function run in sandbox & run in sandbox always.
And instead of 2500ms it would be good if the time is mentioned in secs instead of ms. Its easy to set/change time too this way.
Btw, if you really think your product is unique, why don’t you name it differently? Something like Comodo Malware Destroyer. Because “Antivirus” is not very unique.
It would be nice if Comodo offered Behavior Blocker as stand alone tool that can be used with any other antivirus. We used to have Cyberhawk and ThreatFire in the past but they are both gone now and I miss them
