Change the way CCAV connect to COMODO DNS/server (bandwidth eater)

Please change the way CCAV keep connecting to the COMODO DNS/servers so it can stop eating user bandwidth. If possible, change CCAV behavior to only lookup to the cloud when an unrecognized file is running.

On the way it is now CCAV keeps connecting to the cloud and sending data without stop and this cause problems for users with limited bandwidth. In my case, in 30 minutes CCAV sended about 50mb to the cloud. In other user case he alleged that CCAV sended about 1gb of data to the cloud. This is sick. It has to stop.

And by stoping it CCAV will eventualy use less memory ram than what it takes right now.

+1

In my case in 1 & half - 2 hour it sent app 1.29 GB data.

I thought it sends hash. Sending hash of programs should be very little, right?

Is it sending full executable? Whats the reason of huge bandwidth usage?

and I guess its it that is causing the ram usage going high…

ccav has great potential but right now its a mess. sadly… offcourse… Im waiting to see if they will atleast “read” these wishlists posted by me and others.

on the other hand, im waiting for cis 9 hoping it will come with the same gui as ccav, its light and nice…

It is also sending files that haven’t been seen yet to Valkyrie (up to 20 MB per file) If I understand correctly. Although it seems farfetched that that would amount to 1.29 GB… Perhaps failed uploads so it tries again many times? I don’t know, just making guesses.

Hello guys, yessnoo,

QA will be checking the bandwidth problem and inform back to us about what is the reason behind and how we can improve . We should also consider that for now CCAV makes auto analysis for each installer on endpoint with Valyrie submission. Will get back to you once we get further information from QA s .

Kind Regards,
Buket

I was testing CCAV usability. I had all the programs latest installer already downloaded before CCAV installation.

Before test I checked my net usage with my ISP website. It was at 884 MB. I shutdown the system. After an hour when I started the test I again checked my net usage it was at 884 MB.

I started the test. The programs installed were Bluestacks, Andy Android, DriverTalent, TeraCopy, HDSentinel & few portable software. I didn’t do any browsing, no programs update during test & no Windows Updates, nothing, etc…

After test when I checked my net usage it was at app 2175 MB.

Why CCAV sends executable? Why not hash or hash only?

I’d imagine it’s hard to do behavioral analysis of a hash?

Edit: I think it uses both hash and upload, first hash and if the file hasn’t been seen by Comodo before then CCAV uploads it to Valkyrie and tests it. ← Assumption based on nothing.

Edit 2: I still think 1.29 GB of data is excessive for uploading executables though, that’s roughly 1320 MB and I think Valkyrie has a file size limit of 20 MB which means 1320 divided by 20, which equals roughly 66 files of exactly 20 MB… So it does seem like something is wrong.

Edit 3: Just to be clear, it couldn’t have been one of the applications you installed during the test that also contributed to the used data? Just wondering if CCAV was really the cause of the 1.29 GB of data or if all the installed applications + portable apps could have caused a portion of that too?

Could you rephrase this? I am not quite understanding what you are saying I’m afraid. :-\

No none of the already installed or programs installed/portable for usability test, etc… downloaded/updated/upgraded anything.

Either CCAV is uploading every executable accessed, And could be 20MB limit as you say is not working i.e uploading executable more than 20MB limit.

And I also performed quick scan. May be quick scan is also doing the same thing i.e uploading every executable scanned & also executable more than 20MB.

Anf if hash is not found in the database & for behavior analyze executable upload is needed…would be good to have an option to upload or not or ask before upload, etc…with default upload limit option like you mentioned 20MB.

I hope he doesn’t mean currently CCAV uploads any/all installers to analyze with Valkyrie irrespective of the installers already present in the database or not.

That’s what I am trying to figure out. If that is the case that would be bizarre.

any answers from QA?

Hi ,guys ,vitim , yessnooo ,

I have two questions about your test :

1 do you run some files in sandbox ?
2 do you run some installers ?

CCAV upload these files to analyze with Valkyrie if valkyrie server does not have these files ,next version we will change the way

Best regards

Is Valkyrie not hooked up to the regular Comodo Cloud? Could you comment on the changes you are talking about?

Hi Fly.

No files on sandbox and no installers running. In fact, nothing was running when i was testing it. I just installed it, rebooted the computer and let the pc on my desktop to see whats going on and thats when I saw the issue related on this topic. What are going to change on next version? Is it already getting tested in hq?

I saw someone talking about it and it seems that comodo valkyrie, camas/cloud will be merged into one service to rull them all :stuck_out_tongue: Maybe its this change Fly is talking about? … waiting to see whats next… ccav is great. it only needs a few fixes here and there…

In my case I had set sandbox option to “Run only safe programs”.

As mentioned in my previous posts I tried quite a few installers/portable programs to test CCAV usability. None of the programs were blocked except 2 files related to 2 programs.
I was under the impression that none of the programs were blocked with the sandbox option set to “Run only safe programs” means that all the programs I tried were found either on Local/Cloud whitelist.
And I was under the impression that if programs are found in Local/Cloud whitelist then they are not uploaded & only “Unknown programs” are uploaded to Valkyrie/Cloud for verification.
And if only “Unknown programs” are uploaded then in my case you can see that only 2 files were blocked.
So 1.29 data usage is very huge here or in normal circumstances too.

So dont know how Valkyrie works, what Valkyrie uploads or bugs or not, etc… but seems something wrong in CCAV.

And a detail explanation of Valkyrie, how it works, when it uploads, what it uploads, etc… is needed & would be good to get a clear idea of Valkyrie & its analysis.

Hi,vitim

Very thanks
According to our devs ,if you nothing was running ,ccav don't upload any file to our server .now CCAV makes auto analysis for each installer and runing sandbox file on endpoint with Valyrie submission.
 I will try to reproduce according your steps 

Best regards

Hi,yessnooo

Very thanks 
Now ,any installer file and runing sandbox file will  be upload if Valyrie server don't have these files .
For installer file,no matter these installer files to run in the sandbox inside or outside ,it will be uploaded
you can calculate the size of the installation you test runing 
Next version , we will improve the function

Best regards

Hi,EricJH

yes ,Valkyrie hook up to the regular Comodo Cloud ,I don't point out  any special things

Thanks  :)

Best regards