CIMA (Comodo Instant Malware Analysis) New Version out 12 Jan 2009

Even more powerful than the previous one. check it out.

We will have Igor tell us all the new features tomorrow.


Will there be a link in CIS?



Nice. Do you know if/when it will be able to analyze installers that require user input?


Cheers Melih!

This version is faster and looks good. This will hopefully give you the ability to create even better heuristics for CIS in the future while maintaining very low FP’s. :slight_smile: Great work CEO :-TU


[attachment deleted by admin]

Looks good :slight_smile:

Will there be an option to save the results to pdf ?


New features added in this version:

  1. Table structured report format with column names etc.

  2. General info section with file size, md5, sha’s and final execution state

  3. Support for files with popup user interface - default button clicked

  4. Reduced number of redundant rows in Events and Mutexes sections

  5. General performance improvement


In this version - no - sorry. But maybe in next.

Please add it in wishlist.

Wow, this version really has something to be proud of.

It is nice to know that the new version features comes with a tabled structured report and general information section.

This new features will help us use CIMA’s new version. Just like 3xist said: “It is much faster and the interface looks good.”

And of course its general performances improved.

Nice Job from Comodo! :wink:

What does this mean?

Auto Analysis Verdict

Thanks. :slight_smile:

I believe that means the program makes no harm to the computer.

Thanks. Yes, you are right. There is a thread about Undetected (started after I posted). :wink:

i want help

I loaded the file

and only got this

Auto Analysis Verdict

CIS halts for a virus!

Heur.Dual.Extension in NEWA7C8.tmp.EXE

what does this mean?

This means that the Heuristics detection finds it suspicious that the file has a “double extension”

normally the file would be .tmp or .exe not .tmp.exe as extension so based on this fact only it flags it as suspicious because this trick is used for malware to trick users to “run” it, but i assume you have set Heuristics detecion to High for this kind of alerts correct?

No idea I did not touch the Heuristics settings

Can you please check the AV settings for Real-Time and Manual scan see how Heuristics is set?


Hi Ronny, all tabs are LOW.

I think you can safely conclude it’s a False Alert. It’s just the heuristics engine complaining about the double extension…

Hi Guys,

Leaving aside the fact that I’m not using Comodo’s AV, I may say that none of the antivirus / antimalware solutions should flag anything based on any file names.

That is less than funny.

Yes, there could be worms in files like , we all know that…

But we have this “multi-extensions” feature and we have rights to use it.

Some programs are dynamically generating executables. The double/ triple extension could be a part of the process… (I am using that in some coding)

Would Comodo trigger the detection when on rename simple text file and call it “textFile.txt.exe”??? … in such situation probably even file type will not be analyzed???
Why not? Is that’s what’s going on? WoW!!!

Neither signature nor heuristics analysis should not look at the names and make conclusions based on that.
The code is analyzed either based on fingerprints for the first plus “algorithmic guessing” is added to that for the latter.
The Behaviour Blockers are analyzing the code without signatures based on the code’s actions and the potential outcome of such actions.

What file names have to do with any type of such analysis?

That should not be the case.
Neither False Positives nor Real detections should be made based on any names