The buzzword “cloud” always seemed a bit suspicious to me. I’d like to control where my data is stored, don’t like to transfer it into a misty object in the sky where I cannot see who has access to it…
Now the new update promises:
NEW! Cloud based Antivirus
NEW! Cloud based Behavior Analysis
NEW! Cloud based Whitelisting
What exactly does this mean? A list of the files on my PC is being sent out to Comodo and compared to other users’ files? When I do a scan of my computer, are the names/checksums of files and/or threats being sent to Comodo and/or other users? Are suspicious files even sent out completely without me noticing? “Threatcast” has always been off here because I didn’t want something like that.
Any in-depth explanation would be welcome. I’m using CIS because I’m a control freak of course, and not exactly knowing what a security software doesn’t make me feel very comfortable.
Cloud based Antivirus
Options for this are not ticked by default you will have to change Scanner Settings.
Cloud based Behaviour Analysis
Cloud based Whitelisting
Any unknown files are checked in the cloud if they are found to be safe (Whitelist), they can then be entered into Trusted Files or Trusted Software Vendors automatically.
You can disable this if you wish second screenshot.
Any unknown files are sent to Comodo for analysis. If they are safe then every user using Comodo will benefit because they will be added to the whitelist.
If they are found to be malicious, or suspicious, then they will be added to the blacklist.
Your particular files are never sent to other users. Essentially “in the cloud” means that Comodo is doing the work, and storing many of the signatures, on their servers.
Can one explain what option send files somewhere? Whitelisting cloud checks mean only hash sending or both “cloud” options mean complete file sending not matter what size it is?
And manual checking & sending from unrecognized files has nothing to do with automatic sending to cloud via those 2 checked options?
Can someone, more experienced with Comodo, create a new FAQ like thread with a detailed explanation of how Cloud Based works in Comodo and how it is related to the whitelisting.
I am most curious with what happens when a vendor’s software is not signed and the software goes thru an update. I have seen issues with Comodo and Skype where I ask it to be trusted and then several weeks later it stops working, seemingly because of an update to the software itself.
When a file is unsigned or vendor unsigned, I assume then Comodo uses a file hash to uniquely identify the file. But the hash will of course change when program is updated.
Also once a file is whitelisted, what would happen if a trojan tries to inject itself into a trusted file, thus changing the hash. Does Comodo detect that and how?
I would think that another good way to approach this whitelisting is for vendors of software to get together and for program files like exe,dll, etc have an online registry where only the registered vendor can update and list file hashes for all releases. This way it provides a quick and simple way to verify the legitimacy of a file. Am I missing something here is this solution that seems to add another way to whitelist then having to analyze every file manually by Comodo techs.
