Comodo Cloud Antivirus - v1.15.435958.619 Released

umesh · December 18, 2017, 5:16pm

Hi All,
We are pleased to announce availability of Comodo Cloud Antivirus - v1.15.435958.619.

Thank you for all the feedback during test builds.

https://download.comodo.com/ccav/installers/ccav_installer.exe
Size: 9.42 MB (9,886,464 bytes)
MD5: 291BA090B251C1296159BD5424C69436
SHA-1: 674251E05C93049540905D11A41F5A7CC6370083

At this moment we have made this available on website for new installations only.
We will release updates to older versions later this week.

If you want to update older version, you can have following (c:/windows/system32/drivers/etc/hosts) hosts entries and then run updater from main interface:


91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com

The focus of this release is to improve usability and here are the changes:
1)
Improved Usability with Clipboard Based Protection:
Earlier you could not copy-paste in and out of Sandboxed applications. We have made two changes in this regard:
a - You should be able to copy text from sandboxed application to outside Sandbox. This is by default.
b- If you want to paste text from application running outside sandbox in application running inside sandbox, we have added a new check box in Sandbox Settings as “Enable clipboard access to Sandboxed applications”, de-selected by default, as we don’t want a Sandboxed applications to have access to passwords from outside. So if you want to paste text in a sandboxed application, you can select check box and be able to paste in.

Improvised message for possible file-less malware cases:
We introduced support of file-less malware in v594 in similar fashion as we have in CIS. But as one of CIS users pointed here, he didn’t have enough information to act on alert.
So we have improved message and user will know as exactly what was the application that executed another application and passed command line params. Please see attached snaps of alert. We are further working in this area to auto analyze and block true cases of file-less malware.

Improvised handling of sandboxed PDF cases:
We had two problems in there:
a. When PDF executed in Sandbox, e.g. launched from email client, user had no idea as why pdf will be Sandboxed.
b. When PDF running in Sandbox is saved, it ended up saved as in Sandbox itself, so user could not find it. And it could be very confusing.

In this release, we have improvised the message user sees when pdf is sandboxed and also, in case you save PDF, it will always be saved outside Sandbox. The reason is, if you trust the PDF, natural reaction would be to save it, that means user trusts the PDF.

Exception list of applications in case of conflict with CCAV
This version uses a server based configuration file allowing to define list of applications, which can be excluded from CCAV in case of conflict as a quick fix; while team can resolve conflict in next releases. This will be internal list and be updated when program updates are checked.

We are working on next release where our focus is to make file-less malware and script sandbox alert cases only when there is a real possible threat and also improve visibility of files in Sandbox, so you can easily move files out if needed.

Thank you for all your support.

Please share your feedback.

Thanks
-umesh

megaherz33 · December 18, 2017, 5:22pm

Good :-TU :-TU :-TU

BlueTesta · December 18, 2017, 6:07pm

Looks good. but

I would like that CCAV should upload any Unknown file that trigger the sandbox alert, and not just the Unknown files that are being sandboxed.

When Upload to comodo with Cloud Based Behavior Analysis. is enabled

“You should also submit the file to Comodo for Analysis.”

You cant upload .ps1 files with CCAV.
(for now)

umesh · December 18, 2017, 6:27pm

Yes, we are planning to make some changes on that side.

BlueTesta · December 18, 2017, 6:29pm

:-TU

BlueTesta · December 20, 2017, 11:00pm

Improved Usability with Clipboard Based Protection

Comodo could add this option to the CCAV icon in the taskbar,

Enable Sandboxed applications to access the “desktop” clipboard, for 1 Min
Enable Sandboxed applications to access the “desktop” clipboard, for 5 Min
Enable Sandboxed applications to access the “desktop” clipboard, permanently

umesh · December 20, 2017, 11:53pm

Seems good idea.

Ploget · December 21, 2017, 10:34am

I’d probably not use it too often, but that is a very good idea for ease of use :-TU

umesh · December 21, 2017, 4:55pm

FYIP,
updates to older versions have been released today.

Thanks
-umesh

khanyash · December 22, 2017, 6:18pm

In CIS, Web Protection is in the Cloud + Local Heur now, right?

Any plan to add Web Protection in CCAV?

umesh · December 22, 2017, 6:35pm

No.

miloszcz · December 22, 2017, 11:24pm

You guys once said it (website protection) will eventually be an extension. So I guess no need to add it to CCAV right now. Let’s wait for the separate tool.

Jon79 · December 23, 2017, 7:41am

+1
Please keep CCAV simple and not bloated :-TU

umesh · December 23, 2017, 2:46pm

Yes, in works. We will have 1st preview version soon.

khanyash · December 23, 2017, 5:21pm

Wouldn’t web protection in CCAV be better than an extension?

DecimaTech · December 23, 2017, 5:27pm

No because an extension (assuming a browser add-on/extension) will make it compatible with all web browsers, whereas current implementation in CIS relies on hooking SSL functions to see into the encrypted stream that includes the URL. That is why HTTPS filtering only works on IE, Firefox, and dragon/icedragon.

khanyash · December 25, 2017, 10:57pm

Why the I/O read bytes are higher? No other software processes read bytes are higher than 9 figure.

11 figure read bytes for 1 of the 2 CCAV processes.

Does it affect the disk?

Jon79 · December 26, 2017, 8:38am

It has been reported several times, even in other forums, but I have never experienced this issue, so it might be system-related

umesh · December 26, 2017, 6:08pm

This is typically the case where you have some disk intensive software opening files in execute mode and thus causing on-access event.
You may want to disable on-access and check the usage. Also, if see what security software you have, which may be disk intensive.

khanyash · December 26, 2017, 9:06pm

I don’t run multiple security software.

I was runnning CCAV & Windows 10 native firewall, & CCAV I/O read bytes were high i.e 11 figure.

Now I am running F-Secure Safe & Windows native firewall, & Fsecure I/O read bytes seems normal.

I noticed, CCAV installed, I/O read bytes for one of the CCAV processes was 11 figure. And CCAV installed, few other software processes I/O read bytes were 9 figure.

Now F-Secure installed, all the software I/O read bytes are 6 figure, sometimes 9 figure & return back to 6 figure & less. No processes I/O read bytes reached 11 figure like CCAV.

And I have watched task manager - processes for quite a long time, all the software processes remain at 0, but CCAV 1 process time-to-time disk & network field show 0.1, 0.2, etc, & sometimes when this happen, disk usage goes up like 60, 70, 90, 99 & takes time to settle down.
I have tried Kaspersky, Avast, Fsecure, Eset, Emsisoft & CIS on this system & didn’t notice the behavior with any. I have mostly run CFW on this system as I find CFW light & good.

I have tried CCAV on 1 other system too & noticed all the above mentioned behavior on that system too.

Any system I have tried CCAV to see any difference with other systems, the experience have been the same on all the systems i.e high disk usage, lags starting/installing programs, etc. This have improved compared to previous versions but still…

All the systems I have tried CCAV have 4GB RAM & 500GB HDD except mine have 6 GB RAM & all are laptops.

The experience gives the impression like there is something in CCAV coding itself.

I have tried CCAV on 2 systems for a long time & other systems just to see any difference with other systems.