Comodo Labs slow to analyze malware's !! why ???

Hello Everyone … ;D

Actually I have a large file of malware’s … and i also send the files to comodo labs by (submit file) on comodo IS from 6 day’s !!! … and there’s noting happening !! comodo scan still say’ing there’s no viruses !! … :-\ :-TD

then i send the malware pack to AVIRA LAB’S … and in just 24hour’s they send to me a email about Result of analysis :o

69 file’s malware
1 trojan file
1 damage file - (under analysis)

:-TU

I hope you give attention to your comodo virus engine … virus engine are very important for user’s ! … :-TU :-TU

Best Regards …

:wink:

I do not know the reason for the delay in analyzing malware in Komodo sometimes takes more than a week, but if the sample submitted for lab company nod may not take more than two hours at the

I think that this shortening of Comodo so why not be processing at least in two days :-TD

+1 ;D

2 Melih: nice article (i follow ars daily), but still remains fact that CIS was unable to prevent malware on abdulla1101 pc.

Number of Definitions Added Today:53
What’s going on?
From 20/30.000 to 53? :o Are these generic detections?

I don`t think abdulla1101 is saying his computer is infected while being protected by CIS…
what he is saying is: he has malware sitting in his computer that is not detected.

So that would mean that CIS (in this case) is unable to detect malicious app and remove/isolate it ?
From my point of view it’s the same thing as infected os. It could happen any time soon and make damage.

edit: update !
Eugene Kaspersky lashes out at Symantec’s ‘anti-virus is dead’ remark
http://www.theinquirer.net/inquirer/news/2343477/eugene-kaspersky-lashes-out-at-symantec-s-anti-virus-is-dead-remark

It will isolate them in the sandbox when those files would get executed. You would still be protected; even without AV signatures. That’s the cool thing about CIS. It makes it very hard for malware to get a foot on the ground.

After watching this video of an anonymous tester I was a little in doubt about it. According to tested this virus he created with simple tools found on a site popular download in my country.
Below is the link to the video:

Just up the security settings from CIS following Chiron’s recommendations as described in his article How to Install Comodo Firewall. That will most likely also stop that malware in its tracks.

CIS is a very powerful animal. You just need to change from the default settings.

Detection is the one of the most important part of security. Maybe Abdulla can run them and CIS will sandbox them. He will be protected. (ıf sandbox is FV or Block)

But I agree to Abdulla for this matter. Analysises are too slow!! I think experts refrain to add new samples because the database is too big (approx. 30 Million signatures)… sorry CIS :-TD

What if I prevented any malware from infecting your computer without detecting them?

What if this unknown application is safe ? Whitelisting is also too slow. Sorry Melih.

I agree, I submit many samples to McAfee, they usually reply after few minutes. These samples submitted by the topic creator were already submitted by me (he doubled my submissions) before, they should all be already detected, Comodo checks the samples a bit too slow.

if its unknown, it will still run in sandbox…so you get your application running anyway…

again, answer my question pls :slight_smile:

Containment is the most important aspect of security today!

What if a malicious application is whitelisted?

Partially Limited can infect system. Safe application in sandbox, it is so annoying. Please Melih, we want to improve CIS, we do not want to dispraise Comodo. Maybe your guys can be a little faster about these criritcal issues (adding samples and whitelisting… )

If you come with Default Deny, I want from CIS “Please do not sandbox my safe application!”

+1

If app is safe but unknown to Comodo ? autosandboxed ? But if this app stops working because of sandbox ? Do ppl (unexperienced ones so the biggest part of AV users) like to deal with them ?

It’s more problematic than stopping malware IMO ! Because at the end, ppl will delete that app that does not let their app to function correctly and will install something more quiet…

and 30 M of signs is getting a bit… :-TD :a0

to yigido : "If you come with Default Deny, I want from CIS “Please do not sandbox my safe application!”

it’s actually 100% impossible ;D It’s impossible for Comodo or any other vendor to whitelist ALL samples but they can simply deal with most used ones…

Hello my friend, I mean that you know me. CIS sandboxed my Notepad ++ app, some drivers. You know my point mate. But thanks for clarification :-TU