Comodo VirusScope: Improvement

1. What actually happened or you saw:
   I wanted to do some small tests to Comodo’s VirusScope feature and HIPS (Defense+). I turned off all the other protections like containment and “just” turned on the VirusScope feature and started to testing it against most known ransomwares. So i ran the Petya ransomware and instantly VirusScope gives me alert that requesting me to make choice between “Clean or Ignore”. However, by the time i reading the message the Petya do all of its job and my virtual pc is dead.
2. What you wanted to happen or see:
   What i want to see is, VirusScope blocks the malware’s processes/operations 'til the user select a choice between “ignore and clean” when VirusScope detects something and gives a alert to customer/user/you?
3. Why you think it is desirable:
   As you know the viruses like Wannacry/Petya/Cookie Stealer finishes their jobs in just 3-4 seconds after you ran/open them.
   Lets say there is new Cookie Stealer Virus that obfuscated or pretty new,
   You opened the Cookie Stealer virus and VirusScope gave you a warning but thats doesnt matter because by the time you read the message and understand the situation, the Cookie Stealer virus has already sent your cookies to their servers.
   And in this situation the VirusScope feature becomes completely disfunctional, the VirusScope can only clean the virus after completing its operations.
4. Any other information:
   Its not about Petya or Cookie Stealer or Wannacry, i just gave them for example.
   You can say, just turn on the “Do not show popup alerts” setting/option and you’re right. But it is important to remember that the VirusScope feature can also make false detections and most of the people using this setting off.
   If you say just use “containment”, then what does VirusScope or Antivirus or HIPS (Defense+) do? Because “containment” just making impossible to harm system from viruses. So we dont need to use anything except the “containment”.
   And attributing everything to just Containment feature isnt good.
   And some of the programs cant work under “containment” (restricted).

Hi Lexylixi,

Thank you for reporting.
We will take this to the team notice and update you.

Thanks
C.O.M.O.D.O RT

Of course I understand what you mean. But that is the point of security software: that all security elements are or are activated.

i.e.
CSS has already immediately terminated my Internet connection several times due to remote attempts.

Secure Shopping (auch wenn es nicht mehr Teil von CIS ist)
Hides sensitive online data from other processes running on your PC
Warns you if there is a remote connection to your computer
• Stops hackers and malware taking screenshots of your session
• Detects fake SSL certificates to stop man-in-the-middle attacks

Virtual Desktop
Prevents malicious websites from installing viruses malware, rootkits and spyware onto your real computer
and provides protection against hacking
Advanced Network Firewall Engine
Stealth Mode to make your PC completely invisible to opportunistic port scans;

VirusScope
Apart from forming yet another layer of malware detection and
prevention, the sub-system represents a valuable addition to the core process-monitoring functionality of the Behavior Blocker

Kaspersky also have this feature. it blocks everything about malware/application until the user decides.

I know, when all features are combined, the best protection is always provided. However i think VirusScope is a very important feature in terms of protection., and it is (VirusScope) a little lacking without this feature/improvement.

And some programs cant work under restricted.

Also i forgot about the firewall factor while writing the topic. logically the malware cannot send my information unless the firewall allows it. so sorry about that (it (Firewall) came to my mind when i saw/see your forum message.) but i still think its necessary

Thank you for your reply.

I want to know how long the virusScope has been updated, because it has been a while since it received updates.

Would you receive current information about happiness every month, 6 months or once a year?

If someone knows how and or the process please share or conceive.

They actually updating VirusScope.

image768×76 7.46 KB

Probably the next update (about VirusScope) will be on Comodo Internet Security 2026 when it comes out. other than that, i think there will be minor updates 'til 2026 version comes out.

Im really thinking about who voted “No” to this feature.

I can be sure that these are people who have no knowledge of security and technology. hahahaha

Same problem in File Rating Scanner(?). @C.O.M.O.D.O_RT
Im really confused. Idk but i cant select the problem is about VirusScope or File Rating Scanner.
Im realised that the problem is not about “VirusScope” maybe, (?) it can be about File Rating Scanner too.

or because they do not switch off these components, as I do not do it either (but I did not vote):

But which components are also involved in Kaspersky’s protection process that you haven’t turned off or can’t?

For me, comparisons like this aren’t the most meaningful.

If you leave all the components that you’ve deactivated in CIS activated, you’ll still end up with an unprotected or infected PC? That would be fatal. But if not, then your test is wrong.

I’ve been using CIS almost since its inception and have never had any problems with malware. So why should I change settings in this direction (turn off, disable, etc.)?
Of course, an immediate reaction, as you expect, would be advisable. But how will CiS react if you don’t turn it off and perhaps increase the protection level a little?

Sometimes I have doubts about “requests for improvement” because they are unnecessary for me and could possibly downgrade the protection by opening up new opportunities.

Thank you for your reply. I was only using System Watcher at Kaspersky

I know we need to turn on all features for “good” results. Like containment, Firewall, HIPS (Defense+).
But that doesnt mean VirusScope wont be improved, right? We dont need antivirus feature because we have containment, everything can be blocked in containment so we dont need to improve antivirus feature? (just a example)

Actually i dont want instant reaction, no one can detect the virus instantly (if the virus is not in the database).
There is no chance to reduce protection with this feature (i think so).

What i want is, when VirusScope or File Rating System detect a malware and gave alert to customer (for choice between ignore or clean), i want all operations of the virus to be prevented/stopped until the user decides between the two options (ignore and clean).
I dont know it can be added or not but if Comodo add this feature, i think it will be good.

And i cant decide the problem is about VirusScope or File Rating System.
@prodex

I think the same as you, we need what you said.

How to detect Petya ransomware

Petya originally relied on user gullibility in order to gain access to computers. You’d have to open the malicious email, download the attachment, open the attachment, and then also agree to give it administrative-level permission to alter the Windows operating system. Only after the completion of this process was Petya able to begin encrypting the MFT.

At this point, the victim’s computer rebooted, then displayed Petya’s ransom message.

Congratulations!

What do I have to do to protect myself? Old rules:

1. Don’t do anything you did. Maybe that’s why I’ve never had viruses. My X computers/laptops with X versions of Windows have run without any problems so far.

2. I even scan attachments in emails from friends/relatives first before I open them

3. I have a motto: I don’t sign anything I don’t understand, I don’t trust anything I don’t know (don’t trust the unknown)

4. Emails with links to enter data - these kinds of fake emails from senders I know, such as banks and offices, are well done these days, so I’ll ask first. It’s already protected me from fake emails supposedly from Amazon, IT providers, etc.

5. I trust my security software (here, Comodo with all levels of protection) more than my faith in humanity or my gullibility.

This strengthens my trust in Comodo again. Comodo has stopped security shopping several times and terminated it because of an attempt by an external computer/person behind it to gain control of my computer.

Zero-Trust Strategy!

Or be careful what you install!

What is Petya Ransomware | Protect & Detect

After the victim unwittingly installs Petya onto a Windows computer,…

Is not what you want: Activate or ignore?

https://wiki.comodo.com/frontend/web/topic/how-to-configure-virusscope-in-a-profile#configure

I have threats extinguished, so I never had to do with the selection. I know what I want or not want. I don’t want anything unknown or malignant.

Isn’t that possible as quickly as with Kaspersky?

Kaspersky also uses various levels for its protection.

Again: Why should I switch off protective levels if I can choose from the outset at COMODO between
(only in xcitium?)

• Ignore Once - The process is allowed to run this time only. Another alert is shown if the process attempts to run again.

• Ignore and Add to Exclusions - The file is allowed to run and will not be flagged as a threat in the future.

• Ignore and Report as False Alert – The file is allowed to run and CCS submits the file to Xcitium for analysis. If the false-positive is verified (and the file is trustworthy), it will be added to the Xcitium safe list.

I do not understand the meaning behind it that I should switch off everything that protects me. You have the selection.

Hi, i downloaded Xcitium for trial and i see that this feature already added.

I dont know its added before this topic or not. Da best!

Does this feature exist in CIS?

No… I dont think they even improving the CIS. They are slowly switching to Xcitium i think.

I vaguely remember having this choice once, but don’t know if it prevented what @Lexylixi wants.

Manual for cis Version 12 Page 165:

• Location - The installation path of the suspicious application
• Malware Name - The malicious item that was detected
• Action - How VirusScope handled the malware.
• Reverse - VirusScope attempted to undo any changes made by the malicious item
• Quarantine - VirusScope placed the suspicious file in quarantine
• Detect - VirusScope observed malicious activity, but did not quarantine the file or reverse its
changes
• Ask - VirusScope detected malicious activity and showed an alert. The alert asks whether you
want to quarantine the file or reverse its changes
• Status - Whether the action taken was a success or failure
• Alert - Click ‘Related Alert’ to view the notification generated by the event
Note: VirusScope alerts are only shown if ‘Do not show pop up alerts’ is disabled in ‘Settings’ > ‘Advanced
Protection’ > ‘VirusScope’.
See VirusScope Configuration for more details.
• Activities - Click ‘Related Alert’ to view the notification generated by the event. An example is shown below:

But why should I experiment with security when comodo has protected me from malware and malicious software up to now. Cruelsister’s settings are already the basis, you don’t really need any more.

Yes, Cruelsister’s settings are so good that we dont need any other settings, it will probably give you %99 or %100 protection ratio against new threats.

I love Comodo, but some features needs to be improved. For example, VirusScope very good at detecting ransomwares and cookie stealers but VirusScope bad at detecting some trojans/autoruns/spreaders/downloaders (For example, it cannot detect GLManager (an 2021 trojan that have autoruns,spreaders,downloaders,keyloggers etc… Maybe VirusScope cant detect GLManager because of its own “driver” i dont know.)
Anyways, GLManager can be blocked with Containment and File Rating System (tested).