CCE Scanners RealTime into CIS

Whenever I test AV’s, I also check the malware for testing with CCE Custom Scan & also compares it with CIS detection. And CCE always detects more than CIS as it has more powerful scanners.

I think CAV in CIS should have those powerful CCE Scanners in RealTime i.e CAV should have advanced section wherein you can enable Advance Protection/Detection of Malware i.e Enable CCE Scanners in RealTime Protection. And Proactive config may have this enabled by default. The same for OnDemand too.

Would it be good?


Why have 2 products into one, although you will never ever need to use both at the same time? And when you need to clean, its most likely you will need it to be portable and not installed…

OK. Not 2 products into 1 i.e No OnDemand Thing.

But what about RealTime Protection i.e Advanced Protection i.e RealTime CCE Scanners?

you have CIS!

What about a whitelisted malware infection that CIS isnt capable to completely remove?
I believe at sometimes, cleaning is very useful (2 in 1), no matter what AV you are using since there is no 100% protection (there will always be bypasses).

I think you are right.

When Valkyrie, Full Virtualization & other stuffs are coming then no need of additional sensitive scanners.

When will we get all that ?

Yes, system infected with malware whitelisted by CIS.

Would it be good if there is an option to use CCE in advanced mode i.e all whitelisting disabled?

In CIS 6…soon.

:-TD :-TD :-TD
No, no, no.
How many times will you ask about the same thing?
CIS is to prevent infection with sandbox and HIPS, it’s not specialized to clean and detection is just a background. CCE scanner produces a lot of FP too.

I’m against of any CCE and CIS integration. In fact rootkit scanner should be deleted from CIS.

i completely agree

I'm against of any CCE and CIS integration. In fact rootkit scanner should be deleted from CIS.

this is not needed on a clean machine that has cis installed

On the other hand:

look at this example

  1. What do you think about idea to integrate some prevention features like HIPS into CCE?

You will say “Noo, it’s bad idea, CCE is for cleaning. It doesn’t need to have prevention capabilities, because it s not made for this.”

  1. And: What do you think about idea to integrate CCE cleaning capabilities to CIS?

Agreeing with your logic from statement 1 you should say: “Noo, it’s bad idea, CIS is for prevention (protection). It doesn’t need to have cleaning capabilities because it’s not made for this”.

Your answer IS DIFFERENT.

look at this :slight_smile:

is this directed towards me?

No, you agreed with me :slight_smile:
It’s for “CIS+CCE” supporters.

CIS and CCE are two different animals, I believe a majority of people already know this.


In fact rootkit scanner should be deleted from CIS

-1 :-TD

So smart scan and full scan should be deleted from CIS!!. They are not needed on a clean machine that has CIS installed. This is a joke ;D

CCE scanner produces a lot of FP too


yeah a lot of FP also has not disinfect capability, therefore do not need to be added to CIS.

I think that killswitch and autoruns analyzer should be added to the CIS.

Will the PC will remain clean 4ever? The answer is NO.
Your machine will be infected with whitelisted malware at some point, believe it or not.

Not to mention the “human error”.


Now, from a Corporate standing view…

You have 1,000 endpoints with Norton, Kaspersky and any other useless AV.
You are about to use Comodo Endpoint Security Manager, and you uninstall all third party AV.

Are you sure this machines are “clean”?

No, you are not sure about it, due to the “protection” they had installed.

So NOW you have to choices:

  1. Run CCE and other cleaning tools on each endpoint, 1 by 1. Which will take you lots of Hours/Days!
  2. Install and Deploy CIS from the Console. Once installed, you use the CLEANING capability from CIS to clean the PCs. Once they are cleaned, they are meant to be protected by the PROTECTING capability.

I would honestly prefer option 2, because will save me lots of hours.


I honestly believe that CLEANING and PROTECTING are 2 different things.
But I also believe that at somepoint you need both at the same time.

Why? As you would have false-positives and bypasses in the CLEANING process, you would also have bypasses and whitelisted malware infecting the so called PROTECTED “clean” PC with CIS. In other words, You will never have a 100% clean/protected PC as you would never have a 100% effective tool to clean all existing malware.
At that point is where Cleaning and Protecting meet and complete each other.

I am strongly in favor of combining CCE scanners into CIS. IF it were possible for CIS to provide 100% protection then Melih’s argument would make sense, but CIS does not and never will provide 100% protection so there will be occasions where CCE capabilities are required. An example of this (which applies to any security suite) would be zero-day malware that has bypassed CIS but can be disinfected once the signatures and/or software have been updated.

If Melih were trying to market an advanced 4-wheel drive vehicle in the same way that CIS and CCE are presented it would only use 2-wheel drive for ordinary terrain, and to switch to 4-wheel drive for the really rugged stuff it would be necessary to stop the engine and manually engage 4-wheel drive from outside the vehicle. He would lose a lot of sales to the competition who could provide automatic 4-wheel drive engagement while on-the-move.

So, Melih you need to look at CIS from an ordinary user’s point of view, NOT from a technical point of view. Of course it is easier to separate protection and cleaning but most ordinary users want and expect automatic cleanup of any infections. Apart from various boot-time disinfection CDs do you know of any other security suites that separate protection and cleaning? If you want CIS to be considered serious mainstream security it must provide excellent protection, excellent disinfection, be suitable for novices to use, and it must be seen to be competitive with other security suites (i.e. very easy to use with very high detection rates).

But how can CCE clean something that CIS let in?

if CIS let in an infection (not so very easy)…then surely CCE will not know how to clean it.

its an oxymoron to expect to have the protection and cleaning to be provided by the same company.

If protection have failed, then expecting the cleaning from the same company is not logical.

-1 :-TD :-TD
Rootkit scanner is optional :wink: