Hi All,
Thanks for all the feedback in last BETA v758.
Following is release candidate version of Comodo Cloud Antivirus for your review and feedback: http://91.209.196.83/ccav/installers/ccav_installer.exe Size: 10.0 MB (10,490,800 bytes) MD-5: 9795d02be6d3ce035bf16201fa5a4d96 SHA-1: 18a375d19cd7e1be22c616958ac5bf4af49c08e1
If you don’t want to do fresh installation, alternately you can also have following entries in hosts (c:/windows/system32/drivers/etc/hosts) file:
and use manual updater option and update to this version.
Here is the change list: Fix:
In last Beta we had a regression bug where in case you have CCAV installed with Comodo Internet Security, Virtual Desktop may not start.
We would like you test by de-selecting newly added option “Monitor only the applications running in the Sandbox” as available under “Sandbox → Sandbox Settings”.
Please give it a try and share your valuable feedback.
How can you run CCAV with CFW, you think 2 sandboxes would be very conflicting and disabling one would make the program not happy and have that red warning pop up about something being disabled.
[quote author=Ploget link=topic=122466.msg879495#msg879495 date=1532966864]
If you disable Auto Containment on CCAV - Yes, you will get that warning, but not if you disable it on CIS / CFW
They live quite happily together
[/quote
So disable it in CIS, but allow HIPS but also enable it in CCAV and all will be good?
Additional Trusted Vendor List options as discussed in wishlist item here
- Now you have following additional options under "File Rating Settings":
Do cloud lookup for trusted vendors (selected by default)
Do cloud lookup for malicious vendors (selected by default)
Do not update local list upon program updates (de-selected by default)
- And you have additional options to import and export Trusted Vendor entries under "File Rating --> Trusted Vendors" section.
Above advanced options allow you to fully control trusted vendor list. You can export, import and then control update and online look up of vendor list.
do they apply only to files with a digital signature?
I mean, let’s say that I uncheck “Do cloud lookup for trusted vendors” and I check “Do cloud lookup for malicious vendors”.
If I try to execute a file with a digital signature NOT included in my TVL, it will be treated as “unknown”, thus triggering the sandbox (depending on the user’s settings, it will automatically run sandboxed, be blocked or generate an alert about what to do).
But what happens if I try to execute a file without a digital signatures that has been trusted by Comodo team?
Will it trigger the sandbox or will it run out of the sandbox because it was trusted on cloud?
do they apply only to files with a digital signature?
Yes, only for digitally signed files.
But what happens if I try to execute a file [b]without[/b] a digital signatures that has been trusted by Comodo team?
This is Cloud antivirus, decision if file is safe or malware are made via cloud. In CIS or CAV, under File Rating Settings, you have option to disable cloud lookup, any such option is not applicable for Cloud Antivirus as it's purely based on look ups and has no local database unlike CAV/CIS. and even in CIS/CAV, local database also has safe ratings and you have no way to not to trust those.
Hi umesh,
yes, it’s clear, but unfortunately those options solve only half of the problem of malware mistakenly whitelisted (the one with a digital signature).
OK, let’s take this example of reported whitelisted malware/PUP:
Digital signature: Lavasoft Software Canada
Signature Based Detection: Clean
Static Analysis Overall Verdict: No Threat Found
Precise Detectors Overall Verdict: No Match
Valkyrie Final Verdict: Clean
If:
I unchecked “Do cloud lookup for trusted vendors”
I checked “Do cloud lookup for malicious vendors”
I don’t have “Lavasoft Software Canada” on my local TVL
how the file will be treated when I try to execute it?
Hi Jon,
If file has been marked Safe on cloud, Trusted Vendor List(TVL) settings won’t have impact.
TVL settings will only impact in case file is safe only due to TVL.
So in case you have removed related TVL entry and still see file safe, it has been marked Safe on cloud.
This can be reported to Comodo and team can remove safe sign for it in case file is really not trustworthy and then you shall not see it Safe.
Hi umesh,
what you said is clear, my suggestion was to allow user to use CCAV as a kind of anti-exe, if they want to, so that they can lockdown their PC.
If that’s not feasibile, no problem
Yeah, that would be great.
Basically, any new app either without a digital signature or with a digital signature not included in the TVL should be treated as “unknown”, thus either blocked or sandboxed (or generate an alert for the user), no matter what’s the result from cloud.
Actually, if you perform the cloud lookup for the blacklist database only, CCAV should also speed up :-TU
Hi Jon79,
Lets create a wish list item for this Anti-Exe feature under wish list section and we can also give some proposition and other users can also participate.
Actually, if you perform the cloud lookup for the blacklist database only, CCAV should also speed up :-TU
That doesn't affect. We have a single look up that returns file verdict, nothing like multiple look ups for each verdict type.