Comodo Cloud Scanner

I can’t understand how it works.

I installed the RC 2 last night and tried to download exe files form MDL. But only signature scanner detected something (and also not so good) but cloud was silent. I thought if you don’t have signatures for this malware CAV checks this file in the cloud. SO why the detection is so poor? Is the cloud still not so big?

+1! What’s in the Cloud??? Are there signatures like Immunet from all AV competitors added from time to time or is it only Comodo work??? Please tell as we are confused here, this is not so clear!!! ;D
EDITED: FOUND THIS ANSWER IN THE FORUM https://forums.comodo.com/beta-corner-cis/can-someone-explain-cloud-scanning-for-me-t61045.0.html

What’s in the Cloud??? Is it a well kept secret policy at Comodo (may be for security reasons?), as I find no good answers??? ???

The Comodo cloud holds:

  • the latest signatures of the AV
  • on line behaviour analysis of unknown files by CIMA (Comodo Instant Malware Analysis). It is aimed to get a CIMA judgment in 15 minutes
  • My Trusted Software Vendors is now in the cloud

And how does the Could Scanner work?
Someone mentioned in the thread above that CIS upload the file to the server. Doesn’t CIS send a signature to the server first, before uploading the file?

I think it sends a hash code first to see if it is has been already submitted. The answer the file has been submitted comes much quicker than actual file upload would take…:smiley:

So it probably does not work. Because I downloaded at least 10 malicious files for last 2 days and none of them was blocked by cloud scanner. 20% of them were blocked by definitions and other were not detected. So no cloud scanning and no cloud behavior blocking for me ???

Adonis 5000+ for you the cloud nor the signatures are doing nothing L0L. I missed the first beta of CIS 5.0 the cloud and signatures actually worked. now it does nothing can a mod or admin please explain why they are not working? A professional product is suppose to move up when it’s almost out of beta not move down :o

I was so anxious to try CIS 5.0, because i wasn’t so impressed by CIS 4.1 level of detections (first i installed it it was really good and i thought that COMODO AV really improved, but now it detects only 2-3 files out of 10-15 i try to download from MDL). But in CIS 5 I see the same level of detection as I had with CIS 4.1. Cloud AV and Cloud BB never detected anything. Only signatures work detecting something but they do it very poor again (CAV is only good in detecting ZEUS, this i must admit)

+1 tried dowloading 10 recent malwares on malwaredomainlist and only 1 was caught by CIS v5… :-TD (i had to put my heur. av settings to medium >:()

OK, those malwares didn’t infect my PC because of sandbox efficiency :wink: but i wonder if i will go on with this av…

Could someone from Comodo tell us if the cloud is actually working ??

BTW, what’s the use of an AV that answers in 15 minutes :stuck_out_tongue: :o you never wait so long to click on a downloaded file… :THNK

I didnt test it but is it possible that detection percent is the same?

15 minutes issue i can understand. Because unknown file will be sandboxed and after 15 minutes you’ll get CIMA verdict and the file will be deleted as malicvious. Only it never happened. I kept last night a malicious file in the sandbox for 1 hour and never got any CIMA verdict. So i rebooted and cleaned my sandbox. The file was still partially limited so i waited for 1 hour more. and no answer again. SO i put it into blocked files and deleted from there

Theoretically without Cloud scanning you get the same CIS 4.1 poor level of detection

I think that in ver. 4, i could see “submitted online” in the D+ event report and when it returned positive, it was also noted… in v5, Nothing is written → I believe that cloud and cima are not activated at all !

I ran Just Cause 2 and Bad Company 2 and saw in D+ events such entries: Scanned Online and found Safe

did you try that in v4 or v 5 ?

I use the latest RC of CIS 5.0

strange, on my machine, i ran many malware samples and never saw any “online lookup” in D+ logs…

U need to anable the cloud scanning ;D

ahmedhhw that is only for the manual scanning the cloud scanning should work in real time without it enabled.

anyway it’s enabled