From what i see, all unknown files that get marked as safe from the cloud scanner are automatically added to the trusted files zone. What concerns me now is, what happens if the file is really malware and cloud scanner failed to recognize it as malware for the time being? It will be added to trusted list and then running with full rights. Or am i missing something here. Because not even online behavior scanner can be 100%.
Please, make this topic [at] https://forums.comodo.com/comodo-cloud-scanner-ccs-b200.0/
Regards
BlackList
The one that is part of the CIS5 and how it interacts with Trusted applications feature/section, i don’t care about anything else (like stand alone program that doesn’t even use Trusted files feature).
I believe the cloud scanner, in addition to checking the file against the blacklist, also checks it against the whitelist. Thus if the file is in the whitelist it will be added to your trusted files list.
But like RejZoR said: if the scanner fails… the file will pass, won’t it?
Isn’t Comodo policy the deny default one?
Yeah, my main concern is when online behavior analyzer fails to identify malware (which IS a real malware).
Signatures don’t pick it up and it doesn’t have any whitelist entry. How Comodo treats such files considering all that passed online check went into Trusted right away.
If the scan don’t detect nothing and it’s not in the whitelist the program will be sandbox until he get the verdict of trusted. verdict of trusted= Withelisted.
It will ofcourse NOT be added to the trusted files unless an explicit reposnse got from the cloud. Do you ahve such a case or you are just assuming?
CIS does NOT add any unknown file to trusted files unless they are SAFE in the cloud.
Thanks egemen. That makes sense.
I suppose the user can manually add - by his/her own risk - the file to the whitelist.
yes.
Another concern is when it is finally out of beta will the servers be able to handle the users? Have they been stress tested or will this process occur during the beta test period?