Whenever I test AV’s, I also check the malware for testing with CCE Custom Scan & also compares it with CIS detection. And CCE always detects more than CIS as it has more powerful scanners.
I think CAV in CIS should have those powerful CCE Scanners in RealTime i.e CAV should have advanced section wherein you can enable Advance Protection/Detection of Malware i.e Enable CCE Scanners in RealTime Protection. And Proactive config may have this enabled by default. The same for OnDemand too.
Why have 2 products into one, although you will never ever need to use both at the same time? And when you need to clean, its most likely you will need it to be portable and not installed…
What about a whitelisted malware infection that CIS isnt capable to completely remove?
I believe at sometimes, cleaning is very useful (2 in 1), no matter what AV you are using since there is no 100% protection (there will always be bypasses).
:-TD :-TD :-TD
No, no, no.
How many times will you ask about the same thing?
CIS is to prevent infection with sandbox and HIPS, it’s not specialized to clean and detection is just a background. CCE scanner produces a lot of FP too.
I’m against of any CCE and CIS integration. In fact rootkit scanner should be deleted from CIS.
What do you think about idea to integrate some prevention features like HIPS into CCE?
You will say “Noo, it’s bad idea, CCE is for cleaning. It doesn’t need to have prevention capabilities, because it s not made for this.”
And: What do you think about idea to integrate CCE cleaning capabilities to CIS?
Agreeing with your logic from statement 1 you should say: “Noo, it’s bad idea, CIS is for prevention (protection). It doesn’t need to have cleaning capabilities because it’s not made for this”.
You have 1,000 endpoints with Norton, Kaspersky and any other useless AV.
You are about to use Comodo Endpoint Security Manager, and you uninstall all third party AV.
Question:
Are you sure this machines are “clean”?
Answer:
No, you are not sure about it, due to the “protection” they had installed.
So NOW you have to choices:
Run CCE and other cleaning tools on each endpoint, 1 by 1. Which will take you lots of Hours/Days!
Install and Deploy CIS from the Console. Once installed, you use the CLEANING capability from CIS to clean the PCs. Once they are cleaned, they are meant to be protected by the PROTECTING capability.
I would honestly prefer option 2, because will save me lots of hours.
EOL:
I honestly believe that CLEANING and PROTECTING are 2 different things.
But I also believe that at somepoint you need both at the same time.
Why? As you would have false-positives and bypasses in the CLEANING process, you would also have bypasses and whitelisted malware infecting the so called PROTECTED “clean” PC with CIS. In other words, You will never have a 100% clean/protected PC as you would never have a 100% effective tool to clean all existing malware. At that point is where Cleaning and Protecting meet and complete each other.
I am strongly in favor of combining CCE scanners into CIS. IF it were possible for CIS to provide 100% protection then Melih’s argument would make sense, but CIS does not and never will provide 100% protection so there will be occasions where CCE capabilities are required. An example of this (which applies to any security suite) would be zero-day malware that has bypassed CIS but can be disinfected once the signatures and/or software have been updated.
If Melih were trying to market an advanced 4-wheel drive vehicle in the same way that CIS and CCE are presented it would only use 2-wheel drive for ordinary terrain, and to switch to 4-wheel drive for the really rugged stuff it would be necessary to stop the engine and manually engage 4-wheel drive from outside the vehicle. He would lose a lot of sales to the competition who could provide automatic 4-wheel drive engagement while on-the-move.
So, Melih you need to look at CIS from an ordinary user’s point of view, NOT from a technical point of view. Of course it is easier to separate protection and cleaning but most ordinary users want and expect automatic cleanup of any infections. Apart from various boot-time disinfection CDs do you know of any other security suites that separate protection and cleaning? If you want CIS to be considered serious mainstream security it must provide excellent protection, excellent disinfection, be suitable for novices to use, and it must be seen to be competitive with other security suites (i.e. very easy to use with very high detection rates).
