?
The files was running inside the sandbox, and no files became encrypted as far as i can see.
CCAV 1.4 / 1.5
Instead of my first video when the file was run inside the sandbox and managed to launch outside the sandox and encrypted the files.
CCAV 1.3 and older
I just tested CCAV sandbox against the spy shelter security test tool and it failed in webcam capture, all of the screenshot tests, all of the system protection test and the sound record test. If I remember right the CIS sandbox does not fail most of these tests.
CIS also failed when I was using it. I only care about System protection test
and on Valkyrie the test tool was marked as “Clean” I reported it but I do not know this problem solved or not.
If CCAV trusts a file, it allows to take screenshot of your screen, sound records, and all other test senarios. So you see fails.
The problem was CIS was due to the new UAC setting coming with Windows 10:
https://forums.comodo.com/resolvedoutdated-issues-cis/limited-and-restricted-block-screen-capture-but-untrusted-does-not-m399-t95001.45.html
Test of CCAV:
Check at 1.40 min. He runs an exe (which should be malware) and it seems that CCAV doesn’t sandbox it
[at]Jon79, It’s not malicious. That’s why.
Does anyone know if there is a test of CCAV vs. wannacry ransomware? I have only found a test about cfw
https://malwaretips.com/threads/comodo-firewall-10-vs-wannacry-ransomware.71403/
I could not find a test of CCAV vs. wannacry, but I don’t see why it wouldn’t be blocked.
I agree, but it would be nice to see more tests about CCAV 
I would be interesting to see if valkyrie could detect unknown ransomware. When browsing valkyrie I saw additional details which I didn’t see before, particularly activity and screenshots (see attachments).
A lot of ransomware do indeed modify desktop background. Very excited to see the maturation of valkyrie.
For now killchain is for any submission detected as malware.
https://forums.comodo.com/comodo-valkyrie-fls/new-kill-chain-report-section-rereedit-t119280.0.html;msg857660#msg857660
Thanks for the clarification. I’m assuming this is to test it first and make revisions as necessary until they have the required infrastructure to analyze all unknown files, obviously that will take considerable resources.
All unknowns are analyzed…
Killchain is only applied to malware files…if after analysis we find that its malware, we create the killchain report of it.
This killchain report is unique and companies pay a lot of money to have this kind of intelligence…so enjoy it 
Ah, so I guess all unknown files are analyzed in the same manner, the killchain report is only generated after malware detection is added. Based on what futuretech said, I thought that the killchain was a different detection system applied only to already detected malware. In the past all unknowns were analyzed with CAMAS, so it makes sense that the same goes for Valkyrie. Therefore Valkyrie should have the ability to detect unknown ransomware and block it in CCAV, or at least eventually remove it (it is taking a while to detect the samples in my testing).
human analysis? it’s a bit unclear.
I’m almost entirely sure they are automated based on the reports I have seen, it’s similar in function to hybrid-analysis at https://www.reverse.it/. COMODO probably also uses sandboxes within server farms to evaluate application behavior. I’m guessing that even before human verdict classifies the file as malware, they already have the killchain report for malware analysts to view once the automated analysis is done, which in turn facilitates the process of providing safe or malicious file verdicts. Hopefully COMODO will clarify this.
On page 23 they wrote: “Software provider Comodo quickly implemented appropriate security rules for scripts and applications run by a PowerShell interpreter”
Any more info about this? Is it the new “block incoming/outgoing connections of sandboxed apps” feature?
To analyze a malware is a mixture of automated systems and human analysis.
not every file can be analyzed by automated means. It will fail if you did that.
A percentage of the files must be analyzed by hand…human analysts digging into the code, analyzing it.
Yes, in addition to automated analysis human analysis must be done for accurate detection. Automated systems usually blacklist malware if the file is malicious with a high level of certainty. For the rest which are not high certainty and for unknown files in general human analysts come into play. Human analysis alone is not feasible because they would have to analyze and blacklist 300,000+ malware files every day and provide verdict for safe files.
@Jon79 that is related to the embedded code detection for interpreters such as powershell, wscript, cscript, etc, for sandboxing of so called “fileless” malware.
:-TU :-TU :-TU