Comodo Cloud Antivirus - v1.15.435004.610 - Beta

umesh · December 4, 2017, 11:36pm

Hi All,
We are pleased to announce availability of beta version of Comodo Cloud Antivirus v610.

BETA - Warning:
Following setup is a BETA setup and it is not recommended to test on production machine and it is intended only for beta testers.
So please try at your own risk.

http://91.209.196.83/ccav/installers/ccav_installer.exe
Size: 9.40 MB (9,866,880 bytes)
MD5: 402b1c43e9322c7213a0e243ab56890c
SHA-1: 1e5a5987038ccbf81d5451f9dd87b7b4da68ae97

If you don’t want to do fresh installation, alternately you can also have following hosts entries:


91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com

and use manual updater option and update to this version.

The focus of this release is to improve usability and here are the changes:
1)
Improved Usability with Clipboard Based Protection:
Earlier you could not copy-paste in and out of Sandboxed applications. We have made two changes in this regard:
a - You should be able to copy text from sandboxed application to outside Sandbox. This is by default.
b- If you want to paste text from application running outside sandbox in application running inside sandbox, we have added a new check box in Sandbox Settings as “Enable clipboard access to Sandboxed applications”, de-selected by default, as we don’t want a Sandboxed applications to have access to passwords from outside. So if you want to paste text in a sandboxed application, you can select check box and be able to paste in.

Improvised message for possible file-less malware cases:
We introduced support of file-less malware in v594 in similar fashion as we have in CIS. But as one of CIS users pointed here, he didn’t have enough information to act on alert.
So we have improved message and user will know as exactly what was the application that executed another application and passed command line params. Please see attached snaps of alert. We are further working in this area to auto analyze and block true cases of file-less malware.

Improvised handling of sandboxed PDF cases:
We had two problems in there:
a. When PDf executed in Sandbox, e.g. launched from email client, user had no idea as why pdf will be Sandboxed.
b. When PDF running in Sandbox is saved, it ended up saved as in Sandbox itself, so user could not find it. And it could be very confusing.

In this release, we have improvised the message user sees when pdf is sandboxed and also, in case you save PDF, it will always be saved outside Sandbox. The reason is, if you trust the PDF, natural reaction would be to save it, that means user trusts the PDF.

We will be further improving handling of Sandbox files as discussed here in next releases.

We will be carrying these changes in CIS as well soon.

Please give it a try and share your feedback.

Thanks
-umesh

Redstraw · December 4, 2017, 11:52pm

Very nice update, thanks:)

Ploget · December 5, 2017, 12:07pm

Updated to the Beta on test Win10 - no problems and running well

miloszcz · December 6, 2017, 12:19pm

IMO these alert will be very confusing and skipped by most of the users. Their appearance and text should be simpler. Technical details should be hidden and expandable if anyone wants to. They look a lot like regular sandbox alert - I would give them a slightly different graphic to accentuate a specific situation.

umesh · December 6, 2017, 12:34pm

By default we have Auto sandbox in both CIS and CCAV.

All you see file X has been sandboxed.

A little more information, even though auto Sandboxed, may be helpful, specially in case of pdf files, where user won’t understand.

Their appearance and text should be simpler.

Any suggestions?

Ploget · December 6, 2017, 12:40pm

I agree to some extent; they could be made simpler w/o a lot of the technical detail. Unfortunately, it is almost invariably going to depend on the user, their knowledge of their system and their familiarity with the names & details of the descriptions given.

If one of these popped up in the middle of a ‘normal’ work session, or browsing, email etc., then instinctively the reaction is to block. During an install or update, or even a download, then there has to be at least some background knowledge to make any informed decision.

I can’t really see any way to create a warning that involves 2 of the most ‘unknown’ commands in Windows, to allow an average user to make such an informed choice

Ploget · December 6, 2017, 12:43pm

I think the pdf warning is fine. Not too much and quite straight forward. I’ve been caught out myself during emails and get the Auto-Sandbox and have to backtrack to save it then read!

umesh · December 6, 2017, 12:45pm

What do you suggest for potential file-less malware case?

Jon79 · December 6, 2017, 12:46pm

What about adding an option to have simple alerts (like they were before) or advanced alerts (like the new ones)?
Like this the user can choose which kind of alerts he/she will get - simple for basic users, advanced for experienced users

Then, maybe alerts about fileless malware could have another color (purple?) just to allow the user to easily recognize them

Ploget · December 6, 2017, 12:59pm

That’s probably the best compromise. As morphiusz said; hidden technical details - expandable as required

I like the idea of a different color for the pdf notice, which is a quite common and more recognized occurrence than the file-less warning

miloszcz · December 6, 2017, 1:20pm

Then, maybe alerts about fileless malware could have another color (purple?) just to allow the user to easily recognize them

+1
I would change a graphic for both pdf and file-less malware alerts: for both to indicate special situation.
a PDF alert is only informative and not so complicated. I guess it’s ok. Though you can make it simpler with the text “The PDF was isolated to protect you from potential threats. If you trust the PDF you can save it.
Learn more”

The file-less malware alert should have different graphic (maybe a different icon? maybe a CIS style ) and different colouring; there is too much text and technical details (it will be skipped without reading by most of the users). The initial message has to be clear and short (and technical details hidden and available for user if he wants to).
For PDF file alert I would change icon to the pdf file in the box

umesh · December 6, 2017, 3:02pm

You see, default setting is auto-sandbox, only advanced users switch to alert mode and for that case, more the better.
As i pointed for user, who could not make sense of alert.

Considering auto-sandbox is more of notification than an alert as it times out fast, lets think on more ideas on auto-sandbox notification.
How can we improve that?

nikos200 · December 6, 2017, 4:09pm

i cant submit files…is there any problem???thanks

umesh · December 6, 2017, 4:13pm

Seems server side issue, being looked into.

miloszcz · December 6, 2017, 9:37pm

Still, you can make it simpler and not that HUGE. Less is more It will just look more professional.
For the ‘ask’ alert changes as proposed, for the ‘auto-sandbox’ make this notification more compact as well, i.e.:

klaken · December 9, 2017, 1:24pm

The program is sending me secure applications to the sandbox. Eg: firefox … It does not react correctly when you tell it not to put it back on.

Improvised message for possible file-less malware cases:

I have not tried it, but it’s a lot of information for a newbie user.

-That such a system of% … Ex: This action is 40% of malaware. Or viruscope classifies at u 20% as malware

Viruscope that works outside the sandbox. This protects the user when it runs out of the sandbox … (we are talking about novices).
Personally I think the best thing is to improve valkyria to classify faster the strangers and more precision … Domestic users is difficult to be taken with a file of minutes of life.

Ploget · December 9, 2017, 1:25pm

Updated to 1.15.435588.615 . . . no problems

umesh · December 9, 2017, 2:54pm

Yes, here is announcement:
https://forums.comodo.com/beta-corner-ccav/comodo-cloud-antivirus-v115435588615-rc-t121140.0.html

Thanks for checking out
-umesh