Did someone accidentally have problems with automatic WiFi deactivation?
I ask him why with the previous version it happened, with this (using currently Kaspersky Free) I could not test it.
Honestly I do not even know whether to return to CCAV or keep Kaspersky Free that has some more functionality, for example automatic scanning of USB drives, web filtering, email protection, all for free.
No issues with wifi at all.
We are talking about two different products. Kaspersky free is a signature based av, it only rely partially on cloud, and it’s a stripped down version of its Internet security with many less funtionalities. In addition to this KAV free is a “classic” default-allow antivirus. CCAV is a full cloud av, with default deny technology.
As far as I know, web filtering will come also for ccav, probably with the addition of COS browser extension. Regarding automatic scanning of usb and email…well, you need protection when its needed, not automatically scanning every file, but when you opening/interacting with them. A malicious .exe left there is not really a threat until you double click on it. If some malware manage to auto-execute (usb example), it will be caught anyways by ccav.
Thanks for the reply.
Can you explain better the difference between the two antiviruses?
I’m curious to know in detail how it works.
Among the two in your opinion, what is the best in terms of PC protection.
The difference is in the approach.
KAV uses many protection layers: definitions, heuristics, behaviour, file reputation over the cloud and some local static/dynamic analysis.
But what if KAV met an unknown file? (KAV is just an example, we can also talk about Bitdefender or eset…) This file will be scanned, will be analyzed but if it is found to be harmless, the antivirus would let it execute. All good if the file is really harmless, but this file could have used a good obfuscation or analysis avoid technique. It will result in an infected pc, or in a worst scenario, in an encrypted pc if the file was a ransomware.
CIS and CCAV use the same technologies and the approach is different from other avs.
If CIS ran accross an unknown file, it will be scanned by the av module first, then it will be checked on cloud by FLS to see if the file is known. If the antivirus won’t find a match in its db or in the cloud, the file will be allowed to run only inside the sandbox (containment now). In this way if the unknown file was a malicious one, it wont harm the real machine. This includes also ransomwares.
CCAV doesnt have a local antivirus database, so it will rely on cloud. Whenever an executable is interacted by the user, it will check on cloud if it’s a known file. Otherwise the file will be executed in the containment and uploaded to Valkyrie to check it.
Among the two AVs i would recommend Comodo, not because I’m writing here in Comodo’s forum, but because the effectiveness and the intelligent approach made to prevent infections rather than run after malware creators like the av industry does nowadays were they are just trying to update their virus database as soon as they can, leaving their userbase opened to attacks.
I personally prefer CIS due to a good web filtering module in addition to the good protection it offers, but CCAV is more light suitable for older pcs and it has a lightning-flash installation, perfect to deploy an antivirus in under 20 seconds ready to use and to protect.
Default-deny means everything not whitelisted will be prevented to run freely in your PC (either blocked or contained).
Default- allow means everything not blacklisted will be allowed to run freely in your PC.
As jackor pointed out, most traditional (default-allow) AVs are not just based on signatures, but they have other way to check if a file is malicious.
For example, Avast implemented the Hardened Mode: any exe never seen before will be blocked by default. Since Avast has a lot of users, the risk of false positive (block a legit app) is very low, while with Comodo products the false positive ratio tends to be quite high.
Plus, there have been cases (even recently) of false negatives (allow a malware to run) because someone in Comodo mistakenly whitelisted a malware.
So, if you want a real default-deny app, better to use an anti-exe, such as NoVirusThanks ExeRadarPro or Re:HIPS. Like that, it’s you to choose what is whitelisted and what not.
Couple it with a good traditional AV (such as Kaspersky or Avast) and you are done
I used CCAV before, but then I found out it slowed down my browser, plus CPU and disk usage was quite high.
Now I use Avast with Hardened Mode. Avast allows the user to install several modules, most of them pretty useless… I have installed the field shield only, which checks any file written, read and executed in the PC. But the strongest point is the Hardened Mode for sure.
Then, I couple it with NoVirusThanks OSArmor, which is a kind of behavior blocker (it has some predefined rules that you can enable to block specific vulnerable processes, but also unsigned exe and other stuffs).
Kaspersky Free (especially the new version 19) is very good, it’s one of the first AV to get signatures for new malware, plus it has several protection modules.
I tried it in the past, but I had some issues with the automatic updates, so I switched to Avast.
If you like Kaspersky Free, keep it. You can check NoVirusThanks OSArmor and see if it’s worth to add it
About PCMag and other testing companies, don’t take those results as the Bible… they usually use old malware, so the AV vendors have time to make signatures for them… the best way to test an AV is to do so against a zero-day (a malware very new, never seen before), to check if and how the AV will protect the user (containment, heuristic, behavior, and so on)
I used Avast Free in the past, I liked it but the advertising popups annoy me when I switch to the paid version.
I tried the products COMODO and I like them but should be reviewed some things in terms of notification icon in the PC startup and especially in CIS and CAV also reading the various reviews and always under Avast Free, Kaspersky Free, Bitedefender Free, although I think if it gets better it could be on a par.
Kaspersky Free at the moment is not creating problems and in version 19 free have also enabled behavioral analysis that I think improves protection even against ransow and then it is without advertising.
If you block avastui.exe from connecting to the web (make a block rule in windows firewall) you won’t have any ads from Avast Free
Comodo products offer a great protection, but most of the testing companies just test detection, that’s why Comodo products don’t score well… the problem with Comodo is that there are a lot of bugs, especially on Windows 10.
Kaspersky is for sure a top notch AV, if you need more customization you can try Kaspersky Security Cloud Free (it’s the same of Kaspersky Free, but you can adjust the settings)
After reading what you wrote and seeing that Somunque CCAV I like as an interface and how it is done I wanted to try again to remove Kaspersky Free and try again to use CCAV. But I was a little disappointed because I did a test on about ten files (the first) of the following link: http://vxvault.net//URL_List.php
but I did not detect them all immediately as viruses, Trojans, etc … (unlike Kaspersky Free) most put them in the sandbox and then some later with Viruscope has recognized them as tojan eliminating them. But some files have been waiting for many minutes of the analysis of Valkyrie and then the thing that I do not really like is also the fact that once cleaned the sandbox must also clean the files reviewed. Let’s say it’s a bit too laborious to clean the system from potentially dangerous files, it would take more automation and I do not understand the usefulness of keeping these files to be reviewed after putting an application in sandbox.
Then I left 3 files that were not recognized and as soon as I reinstalled Kaspersky Free they were immediately recognized and I cleaned up the system.
In my opinion there is still a lot to work and improve in CCAV to get to Kaspersky Free levels and being both free I choose Kaspersky Free at the moment, I reluctantly reluctantly because I really like CCAV for how it was created and for the interface is very beautifulclean and simple.
Work on improving the readings of viruses, trojans, etc … better known and detected by other free and more simplified AV and automate the sandbox also reduce the analysis time of Valchirie, only so I think CCAV will become more competitive and will be a valid choice between free antivirus.
Wait
You dont have to clean the sandbox, nor the file(s) in review.
The sandbox is resetted as soon as the pc (or vm) is turned off and the files in queue to be analyzed are just there as reminder. Why those entries bothers you?
[QUOTE]as soon as I reinstalled Kaspersky Free they were immediately recognized and I cleaned up the system.
[/quote]
You didn’t cleaned the system, because the system wasn’t infected. Files executed in sandbox can’t infect the system. Executable which are not executed can’t infect the system either.
You are focused thinking that a product which can detect malwares is better than another one which prevents any infection. This is simply wrong nowadays.
And yes, nothing is 100% bulletproof
hello, can you explain better how the sandbox and its sandbox files work? Perhaps it is not clear to me the correct functioning and therefore I am wrong in understanding the correct functioning of CCAV. This is why I think maybe Kaspersky Free is better than CCAV, I do not fully understand its functioning, its protection and therefore the fact that it still keeps the system clean of malware. Thank you.
You can have a look at CCAV online help The Sandbox, Sandbox Computer Security | Internet Security, Cloud Antivirus Software
Basically, the sandbox is an isolated environment that emulates the real PC (disk, memory, registry and so on). When a file runs in the sandbox, it can make changes to the emulated entity, but not to the real one.
For example, imagine to have a document in your hard disk and you copy that document in the sandbox, then you run a ransomware inside the sandbox; the ransomware can encrypt the document in the sandbox, but not the copy in your hard disk.
When you reset the sandbox, the emulated environment will be erased as well as both the copy of the document and the ransomware
Thank you!
More than anything else I’m interested in understanding how CCAV works. For example I did not know that the sandbox and the revised files are reset when the PC restarts … interesting.
