Comodo Cloud Antivirus - v1.15.435958.619 Released

Hi All,
We are pleased to announce availability of Comodo Cloud Antivirus - v1.15.435958.619.

Thank you for all the feedback during test builds.
Size: 9.42 MB (9,886,464 bytes)
MD5: 291BA090B251C1296159BD5424C69436
SHA-1: 674251E05C93049540905D11A41F5A7CC6370083

At this moment we have made this available on website for new installations only.
We will release updates to older versions later this week.

If you want to update older version, you can have following (c:/windows/system32/drivers/etc/hosts) hosts entries and then run updater from main interface:

The focus of this release is to improve usability and here are the changes:
Improved Usability with Clipboard Based Protection:
Earlier you could not copy-paste in and out of Sandboxed applications. We have made two changes in this regard:
a - You should be able to copy text from sandboxed application to outside Sandbox. This is by default.
b- If you want to paste text from application running outside sandbox in application running inside sandbox, we have added a new check box in Sandbox Settings as “Enable clipboard access to Sandboxed applications”, de-selected by default, as we don’t want a Sandboxed applications to have access to passwords from outside. So if you want to paste text in a sandboxed application, you can select check box and be able to paste in.

Improvised message for possible file-less malware cases:
We introduced support of file-less malware in v594 in similar fashion as we have in CIS. But as one of CIS users pointed here, he didn’t have enough information to act on alert.
So we have improved message and user will know as exactly what was the application that executed another application and passed command line params. Please see attached snaps of alert. We are further working in this area to auto analyze and block true cases of file-less malware.

Improvised handling of sandboxed PDF cases:
We had two problems in there:
a. When PDF executed in Sandbox, e.g. launched from email client, user had no idea as why pdf will be Sandboxed.
b. When PDF running in Sandbox is saved, it ended up saved as in Sandbox itself, so user could not find it. And it could be very confusing.

In this release, we have improvised the message user sees when pdf is sandboxed and also, in case you save PDF, it will always be saved outside Sandbox. The reason is, if you trust the PDF, natural reaction would be to save it, that means user trusts the PDF.

Exception list of applications in case of conflict with CCAV
This version uses a server based configuration file allowing to define list of applications, which can be excluded from CCAV in case of conflict as a quick fix; while team can resolve conflict in next releases. This will be internal list and be updated when program updates are checked.

We are working on next release where our focus is to make file-less malware and script sandbox alert cases only when there is a real possible threat and also improve visibility of files in Sandbox, so you can easily move files out if needed.

Thank you for all your support.

Please share your feedback.


Good :-TU :-TU :-TU

Looks good. but

I would like that CCAV should upload any Unknown file that trigger the sandbox alert, and not just the Unknown files that are being sandboxed.

When Upload to comodo with Cloud Based Behavior Analysis. is enabled

“You should also submit the file to Comodo for Analysis.”

You cant upload .ps1 files with CCAV.
(for now)

Yes, we are planning to make some changes on that side.

:slight_smile: :-TU

Improved Usability with Clipboard Based Protection

Comodo could add this option to the CCAV icon in the taskbar,

Enable Sandboxed applications to access the “desktop” clipboard, for 1 Min
Enable Sandboxed applications to access the “desktop” clipboard, for 5 Min
Enable Sandboxed applications to access the “desktop” clipboard, permanently

Seems good idea.

I’d probably not use it too often, but that is a very good idea for ease of use :-TU

updates to older versions have been released today.


In CIS, Web Protection is in the Cloud + Local Heur now, right?

Any plan to add Web Protection in CCAV?


You guys once said it (website protection) will eventually be an extension. So I guess no need to add it to CCAV right now. Let’s wait for the separate tool.

Please keep CCAV simple and not bloated :-TU

Yes, in works. We will have 1st preview version soon.

Wouldn’t web protection in CCAV be better than an extension?

No because an extension (assuming a browser add-on/extension) will make it compatible with all web browsers, whereas current implementation in CIS relies on hooking SSL functions to see into the encrypted stream that includes the URL. That is why HTTPS filtering only works on IE, Firefox, and dragon/icedragon.

Why the I/O read bytes are higher? No other software processes read bytes are higher than 9 figure.

11 figure read bytes for 1 of the 2 CCAV processes.

Does it affect the disk?

It has been reported several times, even in other forums, but I have never experienced this issue, so it might be system-related

This is typically the case where you have some disk intensive software opening files in execute mode and thus causing on-access event.
You may want to disable on-access and check the usage. Also, if see what security software you have, which may be disk intensive.

I don’t run multiple security software.

I was runnning CCAV & Windows 10 native firewall, & CCAV I/O read bytes were high i.e 11 figure.

Now I am running F-Secure Safe & Windows native firewall, & Fsecure I/O read bytes seems normal.

I noticed, CCAV installed, I/O read bytes for one of the CCAV processes was 11 figure. And CCAV installed, few other software processes I/O read bytes were 9 figure.

Now F-Secure installed, all the software I/O read bytes are 6 figure, sometimes 9 figure & return back to 6 figure & less. No processes I/O read bytes reached 11 figure like CCAV.

And I have watched task manager - processes for quite a long time, all the software processes remain at 0, but CCAV 1 process time-to-time disk & network field show 0.1, 0.2, etc, & sometimes when this happen, disk usage goes up like 60, 70, 90, 99 & takes time to settle down.
I have tried Kaspersky, Avast, Fsecure, Eset, Emsisoft & CIS on this system & didn’t notice the behavior with any. I have mostly run CFW on this system as I find CFW light & good.

I have tried CCAV on 1 other system too & noticed all the above mentioned behavior on that system too.

Any system I have tried CCAV to see any difference with other systems, the experience have been the same on all the systems i.e high disk usage, lags starting/installing programs, etc. This have improved compared to previous versions but still…

All the systems I have tried CCAV have 4GB RAM & 500GB HDD except mine have 6 GB RAM & all are laptops.

The experience gives the impression like there is something in CCAV coding itself.

I have tried CCAV on 2 systems for a long time & other systems just to see any difference with other systems.