Maybe I miss something, but how does Comodo ensure, that the reported checksums really belong to malware?
Are the patterns simply added to the signatures? Or is there any QA?
I mean - not every file uploaded to VirusTotal is actually malware. What if Comodo simply doesn’t detect it, because the file isn’t malware?
What if a user posts checksums of important system files or legit programs?
They analyze the files like other AV vendors.
If you look at FlorinG signature it explains what you are expect to do before posting SHA1 lists.
Signature
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.
So, if they got the files from VirusTotal for analysis, why would it be needed to report any checksums from VT here!?
In the sticky topic “Malware SHA-1 sources” submitting files is not mentioned and if I submit a file to Comodo as suspicious, I expect, that it will get analyzed without any further forum post needed!?