Comodo Cloud Antivirus v1.8.407941.426 Released

umesh · January 25, 2017, 8:17pm

Hi All,
We are happy to announce release of Comodo Cloud Antivirus v1.8.407941.426.
This release has major functional changes.

DOWNLOAD:

Path: http://download.comodo.com/ccav/installers/ccav_installer.exe
SHA-1: 611a97edfb23821ae71ed627b0571d15b4f00ef5

FIXES:

Protection against Petya Ransomware as reported below:
https://forums.comodo.com/news-announcements-feedback-ccav/comodo-cloud-antivirus-18407387418-hotfix-version-is-released-t117941.0.html;msg849687#msg849687

NEW:
In order to bring efficiency and make CCAV and back-end cloud infrastructure responding to latest unknowns faster, we are rolling out solution in two phases:

1st Phase: This CCAV release.
2nd Phase: Within next two weeks Valkyrie infrastructure changes will be completed.

What does this release mean?

1 - Only applications, which end up running in Sandbox will be submitted to Valkyrie directly and will be classified into Trusted or Malicious on priority basis. Therefore, “Valkyrie Analysis Results” section will only show status of applications, which have run in Sandbox.

2 - You can always submit files to Valkyrie using right click option (i.e. “Comodo Cloud Antivirus → Submit to Valkyrie”) or via “Help → Submit File” menu.

3 - Applications, which are encountered during scanning (custom or full) and are found absent in Comodo back-end, will be uploaded to Comodo for analysis, same way like we have in Comodo Internet Security.

4 - Now “Settings → File Rating → Reported False Positive” has been renamed as “Settings → File Rating → Submitted Applications”, it will list all applications, which were reported as false-positive or were submitted during on-demand scan. All applications listed in this interface, won’t be looked up into Cloud periodically, if you want to know latest status of file verdict, you should re-scan them. As explained earlier, in case applications are executed, cloud lookup is done and if they run in Sandbox, they become part of Valkyrie sub system and looked up periodically so can be classified into Trusted or Malicious quickly.

5 - Rating scan has been removed and instead we use Full scan as default scan upon new installation.

6 - When you update to this latest version, “Valkyrie Analysis Section”, will start from zero and show analysis results of applications which going forward run in Sandbox.

After we are done with 2nd phase i.e. server side changes, we can expect following:
A - Cloud lookup problems as have been frequently reported, should disappear.
B - Applications part of “Being Analyzed” section should be cleared out faster rather staying there for long period.

We consider Comodo Cloud Antivirus as future of client side security due to it’s light weight, direct Valkyrie integration and Default Deny architecture.

We are committed to make CCAV a better product with every release and need your constant feedback and support.

You should receive program updates.

Thanks
-umesh

lugo_58 · January 25, 2017, 9:21pm

One of the great changelog I have ever read! Thanks umesh :-TU

Waiting for the stable Valkyrie :-TU Full steam ahead…

btw, please add a direct download link

BlueTesta · January 25, 2017, 9:51pm

Nice :-TU
the upgrade went smooth and “Valkyrie Analysis Results” was cleared correctly

started a new full scan and have 2 files in Valkyrie Analysis Results, even if they havent run in the sandbox.

c:\windows\system32\installagent.exe
c:\windows\servicing\trustedinstaller.exe

umesh · January 25, 2017, 9:54pm

Hi BlueTesta,
There is an exception, which will be dealt in next release. If application path has “install” word, it gets submitted to Valkyrie.

Thanks
-umesh

BlueTesta · January 25, 2017, 9:56pm

Ok, thanks :-TU

Melih · January 25, 2017, 10:22pm

Beautiful Valkyrie is starting

khanyash · January 25, 2017, 11:00pm

Hope upcoming & future versions will have a changelog like this.

Rating Scan replaced by Full Scan…hope full scan is improved & good/fast.

Looking forward to upcoming release.

When will you introduce decided new GUI from the POLL?

umesh · January 25, 2017, 11:23pm

Hi Yash,

Rating Scan replaced by Full Scan...hope full scan is improved & good/fast.

When we are done with server side changes fully, we will ask you to check this part, at the moment delays are possible.

When will you introduce decided new GUI from the POLL?

By March 1st half max.

Thank you.

felipeeanne · January 25, 2017, 11:33pm

Great! Thanks umesh and team! I will test Valkyrie a lot.

khanyash · January 25, 2017, 11:36pm

CCAV uninstall creates 2 files ccavstart & cmdhtml in Users - UserName - AppData - Roaming, why?

Those 2 files shouldn’t be there.

Citizen_K · January 26, 2017, 12:33am

Thank you for the release and extensive description of how Comodo is handling the file look up process.

khanyash · January 26, 2017, 2:35am

Please during install provide an option to not install “Internet Security Essentials”.

And I think you should have removed rating scan in the upcoming version, full scan is very very very slow.

khanyash · January 26, 2017, 2:47am

I am thinking of installing CCAV on my & cousin family systems.

Unknown Installers run sandboxed & everything is cleared - No probs here.

Whitelisted Installers run out of sandbox BUT if couple files get sandboxed - Probs here i.e how would I know if the programs my family installed were installed completely or incompletely i.e couple files were sandboxed?

umesh · January 26, 2017, 2:55am

Hi Yash Khan,
Thanks for pointing out. They are actually intermediate files and should be created in temporary folder.
You can delete those.

We will fix it in next release.

Thanks
-umesh

umesh · January 26, 2017, 2:57am

Hi Yash,
There are areas of improvement on full scan and we will be addressing in back-end.

Thanks
-umesh

umesh · January 26, 2017, 3:03am

Hi Yash Khan,

Whitelisted Installers run out of sandbox BUT if couple files get sandboxed - Probs here i.e how would I know if the programs my family installed were installed completely or incompletely i.e couple files were sandboxed?

When you install a trusted installer, all files dropped by it are treated Safe. But in case you have old installation, decision is made based on executed application’s file verdict.

So if you install a new setup and if setup is safe, you should not see any files in sandbox.

Please let us know if you see any problems.

Thanks
-umesh

khanyash · January 26, 2017, 3:08am

Whitelisted Installers & Whitelisted Programs/Installers are different, right?

I meant Whitelisted Programs.

umesh · January 26, 2017, 3:48am

Hi Yash Khan,
Sorry, i don’t follow question fully, will give a try. An application may be installer or non-installer type.
If application (installer or non-installer) safe, it will run outside Sandbox.

Thanks
-umesh

khanyash · January 26, 2017, 4:05am

If I am correct, you or other Dev have previously mentioned that “Trusted Installers” & “Whitelisted Programs” are different in CCAV.

Trusted Installer - You mentioned, “all files dropped by trusted installers are treated safe”.

Whitelisted Programs - If I install a whitelisted program, “all files dropped by whitelisted program are treated safe” too?

umesh · January 26, 2017, 4:17am

Hi Yash Khan,
Let me give you an example.
If A.exe drops B.exe and if B.exe is unknown by itself, B.exe will be treated safe if A.exe was safe and installer type.

So to answer your question, if A.exe is safe and non-installer type and B.exe is not safe on it’s own, B.exe won’t be treated safe.

If I am correct, you or other Dev have previously mentioned that "Trusted Installers" & "Whitelisted Programs" are different in CCAV.

I am not sure where and in what reference it has been mentioned. But i guess with example i gave, it should clear up as what you can expect.

If i have to define “Trusted Installers” & “Whitelisted Programs”, i will put following way:
If a “Whitelisted program” is installer type, it can be called “Trusted Installer”.

Thanks
-umesh