Comodo Cloud Antivirus - v1.16.439475.642 - BETA

umesh · January 30, 2018, 6:12pm

Hi All,
We are pleased to share BETA v1.16.439475.642 of Comodo Cloud Antivirus:

BETA - Warning:
Following setup is a BETA setup and it is not recommended to test on production machine and it is intended only for beta testers.
So please try at your own risk.

http://91.209.196.83/ccav/installers/ccav_installer.exe
Size: 9.53 MB (9,994,696 bytes)
MD-5: 485fc437829a55b37ba454d29f543012
SHA-1: 7c665b6e8f2ddd6826c274b9328bf53caeee5877

If you don’t want to do fresh installation, alternately you can also have following hosts entries:


91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com

and use manual updater option and update to this version.

Here is the change list:
New:
1.
In Sandbox Files Management:
Based on wish list item discussion here, you can now manage files, which are created by Sandbox application. So if you run browser in Sandbox, you can manage which all files you want to move out of it.

a - When an application in sandbox creates a file, with matching extension, please see enclosed File_Extensions_to_Track.png, as defined in “Sandbox–>Tracking Files Created In Sandbox” section, you will see a notification, as shown in enclosed InSandbox_Files_Created_Notification.png, this notification will appear only once per parent application i.e. if you are using browser and you download multiple files, it will be shown just once to make you aware that you can manage files created inside Sandbox and at the same time limiting notifications.

b - When you click on “Review Files” link in notification, same link is also present when you see applications running in Sandbox window, please see ReviewFiles_Button.png, you will be able to manage files as shown in enclosed InSandbox_FilesReview.png. In that interface, you can select a row and if you want to define a new location you can use “Move to specific folder” link else file will be re-stored to same location where it is currently present when you press “Move” button.

Improved Handling of Interpreters Launched Files:
Like CIS, in CCAV v594, we introduced support for file-less malware, but there were cases where even if batch files or commands were executed by safe applications, they could get Sandboxed, which is not expected user-experience. In order to improve user-experience, we have confined it to certain applications that could potentially be exploited. Please see enclosed LauncherApplication.png. This list can be updated from server side.

Changes:
3 - After update, in case user doesn’t re-start system we show reminder dialog to re-start system; we have added additional scheduling options in it including allowing you to pick a date as when you would like to be reminded again to re-start system, please see enclosed AdditionalReminderOptionsUponUpdate.png.

Please share your valuable feedback.

Thanks
-umesh

Ploget · January 30, 2018, 6:48pm

Updated and running well, while I explore

umesh · January 30, 2018, 6:52pm

Thanks, looking forward for it.

Jon79 · January 30, 2018, 6:58pm

This is a great improvement for usability :-TU
I’ll test it as soon as I have some free time

megaherz33 · January 30, 2018, 7:04pm

:-TU

BlueTesta · January 30, 2018, 8:21pm

Thanks :-TU

BlueTesta · February 1, 2018, 2:59pm

Add
*\Brave.exe
*\SkypeBrowserHost.exe

to the Launcher Applications inside the Launcher Applications.

Every application listed have [/b]Name.exe
but [b]*torrent.exe have **
(i presume it is to cover multiple torrent executable, like utorrent, bittorrent etc)

Exept \soffice and *pdf.exe

is it a typo or is it correct?
(just wanted to be sure, just incase :))

umesh · February 1, 2018, 3:10pm

Hi BlueTesta,

Regarding “Brave.exe”, we automatically add any installed browser into “Browsers” group as there are hundreds of chromium and mozilla variants. So it’s logic is generic.

Will check regarding “SkypeBrowserHost.exe”.

Other are intentional entries.

Thanks
-umesh

BlueTesta · February 1, 2018, 3:20pm

Ok thanks :-TU

umesh · February 1, 2018, 3:23pm

Regarding “SkypeBrowserHost.exe”, do you see it as parent of any executed file?

I see skype.exe, which is already in “File Downloaders” group.

BlueTesta · February 1, 2018, 3:39pm

Its not running right now, but its part of Skype Classic Version.

According to Microsoft, in this thread, this component is described by a Skype forum admin as:

  Quote

We are conducting an experiment to improve reliability of Skype by hosting browser related implementations in a separate process. The ‘Skype Browser Host’ background process is used to render the sign in flow and other web based elements essential to the operation of Skype.

umesh · February 1, 2018, 3:40pm

I think that’s for web contents, they show ads etc.

BlueTesta post:11:

Its not running right now, but its part of Skype Classic Version.

Skype Update and SkypeBrowserHost.exe Now Running - Windows 8 - MSFN
According to Microsoft, in this thread, this component is described by a Skype forum admin as:
  Quote

We are conducting an experiment to improve reliability of Skype by hosting browser related implementations in a separate process. The ‘Skype Browser Host’ background process is used to render the sign in flow and other web based elements essential to the operation of Skype.

BlueTesta · February 1, 2018, 3:52pm

Yea,
I thought it could be good to have, so i mentioned it.
(should have phrased my orginal post differently :embarassed:)

Saw this before. Edit2:
Apr 1, 2017 Skype users exposed to malware through in-app ads - Neowin
Feb 12, 2016 Skype users hit by ads spreading malicious Angler exploit kit • Graham Cluley

Edit1: Thanks

umesh · February 1, 2018, 4:02pm

Good point, won’t hurt to add.

cheater87 · February 1, 2018, 11:43pm

Will we be able to save jpgs and other pics as well that we download?

BlueTesta · February 1, 2018, 11:59pm

Yes, but you have to add the extension to the Tracking Files Created in Sandbox list first.
Works fine with Firefox

BlueTesta · February 2, 2018, 1:12am

[s]Saw something strange when updating CCAV to latest beta

CF (Custom Mode) alerted me that csginst.exe wantet to connect to internet.
AdTrustMedia Seacrh Engine Management SDK
https://adtrustmedia.com/guest/search-engine-marketing

Note: Seacrh

HTTP 69.57.168.134
https://whatismyipaddress.com/ip/69.57.168.134
Organization: FortressITX
ASN: 25653

Edit1:

C:\Users*\AppData\Roaming\Mozilla\Firefox\Profiles\ukdjgbgr.default\searchplugins\AdTrustMediaCCAV.xml

adds Yahoo search engine to my browser.

Yahoo!
AdTrustMedia Search Engine Management

Nvm nothing unusual [/s]

my browser search engine was changed.
gona reinstall CCAV and then update to CCAV Beta and check what happends.

I change my search engine and home page to google before every install, i also removed the AdTrustMediaCCAV.xml file manually.

Installed CCAV 1.15
Reboot.
added the host entries
updated to CCAV 1.16 beta, unchecked the Yahoo option.
Reboot
Firefox Search engine and Home page was changed to yahoo.

Installed CCAV 1.15
Reboot.
added the host entries
updated to CCAV 1.16 beta, left the Yahoo option checked.
(wanted to see if it was inverted)
Reboot
Firefox Search engine and Home page was changed to yahoo.

Installed CCAV 1.16 beta
Reboot.
Waited for the Yahoo Alert and i declined
search engine and home page was not changed.

cheater87 · February 2, 2018, 3:17am

Saving files was the ONE reason I switched from this to CIS, I might go back to CCAV due to this.

lugo_58 · February 2, 2018, 5:31pm

I got a new update v1.16.439786.648

umesh · February 2, 2018, 5:50pm

Yes, here is the RC:
https://forums.comodo.com/beta-corner-ccav/comodo-cloud-antivirus-v116435786648-rc-t121472.0.html

Thanks
-umesh