Comodo is installed on my computer. and Comodo is installed on my virtual computer too.
For a small test i turned off all other features and turned on only the VirusScope feature and i was going to test for Petya.
So when i open Petya, VirusScope give’s me alert.
however Petya was so fast that my computer crashed before i could read the alert message.
so what i want is, why dont adding another feature that terminates the file or blocks its operations/processes ('til user select a choice between ignore and clean) when VirusScope detects something?
Its not about petya. if you encounter a virus that steals cookies in your browser it will most likely have stolen all the cookies and sent them to its servers by the time you read the alert message from VirusScope.
VirusScope uses Static and Dynamic Behaviour Analysis
the official site is Comodo Valkyrie Customer Login | Advanced File Analysis System you can upload files here and check if they are clean or malware also for VirusScope you have the option to automatically quarantine the file
I know if i enable the “Do not show popup alerts” option it just automatically quarantine the files.
however this feature (VirusScope) can give false positives so me and most of the ppl choose to manually quarantine/ignore it instead of automatically quarantining it.
as you know viruses such as Petya/Wannacry/Cookie stealer work very fast and they complete their work within 3-4 seconds after you open them.
For example lets say you opened a cookie-stealer virus and VirusScope alerts you and until you read the alert, its too late. it gives a warning but the virus has already completed all its operations until i read the message.
So here is what i want is, why not adding a feature that blockes the malware’s processes until the user select a choice between ignore and clean when VirusScope detects something and gives a alert to customer/user/you?
By disabling containment you are disabling the best protection of the CIS.
I believe that with the valkyrie being powered we will have better detection of malware of all types.
That’s what I think. because I don’t know if the valkyrie is really being powered and being used completely for the users who use the free CIS.
Many friends here on the forum say yes, but I always notice that the valkyrie for FREE CIS users takes a long time to return the verdict to the CIS.
That’s why I have several files here that cis says are unknown.
Then what does the VirusScope feature do? Since the virus/or smth runs within containment so they cant harm the computer.
And like i said “some programs/applications cant work under containment” so its not my choice. So i “need” to disable the containment. (dont get me wrong, i love the containment feature).
I dont know coding but i think this feature is not very difficult to do.
Just when VirusScope or HIPS detects something, they (HIPS and VirusScope) blocks all tasks of the program/application/virus until the user selects the action. Thats what i want. It is up to Comodo officials to add it or not.
You should submit the apps you have issues with in containment in the whitelist topic. I have to whitelist my Asus OEM software in Containment so what’s wrong with just whitelisting the files you have that are being contained?
But what if the file is virus? Lets say the file is obfuscated or extremely new, Antivirus didnt detected the virus and the virus cant run under containment. And you can just block the virus with VirusScope or HIPS right? Yes. But there is a problem, VirusScope alerts me and when i reading the message (so making choice about ignore or clean) virus do all its jobs and my computer dea*ds when i reading the alert message.
Files are run in containment for a reason, because they are untrusted by Comodo or perform dangerous behaviours. HIPS and Viruscope alone aren’t enough protection though Viruscope monitors for suspicious behaviour, it in itself is not a antivirus.
HIPS protects system files from unknowns for protected areas unless you have the whole drive protected. To do this, under protected files adding ?:* will cause HIPS to protect all files on all volumes and drives.
You should not have Containment disabled with CIS or CF, that’s the best protection. It’s AV detection isn’t great, HIPS works if you do what I’ve indicated above along with:
*add \Software* and \System*. Under protected COM interfaces, adding \RPC Control\ntsvcs monitors access to the service control manager, LocalSecurityAuthority. allows you to control process token privileges, and {} and . will cover many COM interfaces by CLSID and ProgID.
You need to understand how each component works and disabling features leaves yourself up to risk of infection. What files are you having issues with?
And attributing everything to “containment” isnt good…
Do you think this VirusScope feature request is useless (im asking this seriously do you think it would be unnecessary to add this feature?)
All the layers are important so I’m all for all of them being improved including the ideas you have suggested. Might be worth putting a post in the Wishlist Board and see if they consider implementing it.
They’ve added TDT and BypassIO technology into CIS 2025 for better detection and performance but it’d be great to see more development.
