Create An Untrusted Vendor List (UVL) [M1324]

1. What actually happened or you saw:
I saw only a trusted vendor list in CIS. It determines good software and applications using the digital signature of signed files.

2. What you wanted to happen or see:
I would like to see an Untrusted Vendor List in CIS. This would be used to determine bad/potentially bad software for files which are digitally signed. Any Vendors added to this list would not be trusted through any other component of CIS.

3. Why you think it is desirable:
Because Comodo is running on only right flank but we also have left flank. An UVL can improve Comodo’s adware detection rates without any additional signatures! You know, many adware have digital signatures these days and Comodo is not good at catching adware and potentially unwanted software.
This vendor list must be optional. If users want to activate “Detect Potentially Unwanted Software” they can. If do not want to use this list they can opt-out of this option. Many users are currently infected by adware which are digitally signed by bad digital vendors. The list would help to protect them.

4. Any other information:
There should be a section on the Comodo Forum where users can submit those adware vendors to experts. It could be something like “Submitting Malware”. We will submit bad vendors to Comodo to add them to Untrusted Vendors List.

Surely, this “Untrusted Vendor List” will give greater power of detecting adware to Comodo. This list can be local in CIS or it can be cloud. Below is a screenshot of where it could be placed:

Many advanced users could also add this kind of bad digital signatures into their own list to detect them all in one step! To me this seems like a great idea, and one which I believe many others would embrace as well.

What do you think about it ? If you like this idea please vote to add this into future versions of CIS!

Kind Regards,

Nice idea, but the question is if the implementation of the idea, Do will be helpful
The answer is no!!!
Comodo very bad viruses in addition to the engine
Comodo is very bad in addition phishing sites and malicious sites
Comodo is very bad in addition to the white list applications

After traveling through time
Comodo is very bad to add digital signatures untrusted


Yes maybe you are right :slight_smile: But it will detect maybe thousands of new adwares variants only adding one bad vendor :-TU
This will not best in its first times but it will be better in time :wink:

how would this list work? the tvl works based on digital signatures, its not like there are digital signatures for bad files.

I can understand using digital signatures to enhance the effectiveness of the AV to detect malware. However, I would hope that one way or the other this is already done. Also, I believe it’s still true that most malware is not digitally signed. Obviously not all is unsigned, but most.

Also, what I’m uncertain of, and I think this would be the biggest issue with this, is how to define adware. How can you tell the difference between products which are very similar. For example, some would consider CIS adware because it comes bundled with other software which must be unchecked. Should a product like CIS be detected if something like this was implemented in another security software?

I believe that adware is not the biggest problem. The biggest problem is serious malware, and Comodo already adds signatures to its database for adware which is potentially dangerous. Thus, perhaps I am confused, but what sort of adware programs are you recommending would be included with a feature like this?


Yes there are digital signatures for many of adwares. Some adwares these days have digital signtatures.
for example;

All of these adwares digitally signed, you can see them under “File Detail”
by the way Comodo cannot detect them. If my wish had been made. Comodo already detected them with UVL(!)

It’s already implemented although it’s not listed; blacklisted certificates → detection.

Perhaps, what you actually desire is blocking certain vendors from being added to the TVL once you remove them.
Example Scenario – Remove certain vendor from list, Run application(s) from vendor, “Cloud Lookup” adds it back since it’s rated “Safe”. Not sure.

You can see an adware sample here:

AVG looks has this feature:

@Chiron, yes bundled softwares is a fact against this option. Comodo will not add the to this UVL . and Chiron we also know this, there are some bundled and Trusted Digitally signed applications are exist in our TVL. Even some exact malwares determined as “Safe” into cloud. >:-D Adding adwares one by one is a pain in the head :-\ even Comodo cannot add exact malwares into database “quickly”. :-TD

In my opinion this option I mean UVL shoul be in future CIS version. I hope I can explain my dolour with my poor english :slight_smile:

Are you saying that you would like the ability to manually enter lists of Untrusted Vendors, but not to have Comodo supply them for you? If it were possible to import them from a text file then this could become community-based. It’s just that I don’t see how Comodo could supply this, but if that were what you wanted I could see it as an added feature which users could manually choose to use.

What are your thoughts on this?


Why Comodo cannot supply this ? Comodo also know these kind of certificates and they can update the list rarely.

Also it can be community based. With some of our “Malware Research Group” and “Star Group” members can maintain this option and they can release new list weekly or monthly :-TU Because they (me) collect too many samples in this period.
You are right “Export/İmport UVL list” option will be good for all users.
MRG and Star group release a list, users who want this feature download it. And ımport from .txt file to UVL. All done! Now their CIS will detect most of adware varianst :-TU

The reason I say not Comodo is that it seems to me that if they felt a company was sufficiently dangerous adware, and digitally signed, they would already detect it using the AV component. Therefore, it seems to me that you are asking for additional protection, in addition to what Comodo believes is sufficient protection from adware.

I don’t see how their list would be any different than what the AV component detects. Am I confused about how this would work?


Maybe it looks like under “File Rating Settings”

If your way, Comodo have to whitelist all good files one by one from one vendors. It is same with adding adwares to virus database one by one. It is hard. My way is easy for Comodo.

From what qmarius said here I am assuming that something like this is already done. qmarius, am I misunderstanding you?


Yes. You will notice that on certain detection(s) that the vendor is displayed in malware name. :slight_smile:
That’s what I meant.

I did not notice such detections :-
@qmarius can you show me one ? The detection name that came from vendor of file?

There might be a certain pattern. I do not know ; I do agree that it’s not (very) obvious.

  • Signer : Somoto Ltd.
  • Malware Name : Application.Win32.Somoto.DTL
  • Malware Name: Teststring.Eicar

However, your wish should be voted by users and maybe taken in consideration anyway from my point of view. There are some important parts to be considered by devs.
I’m guessing that if you could block vendors from being added then blocked vendors would be added to a list (as you suggested) which is a pretty cool idea. Why not.
(Obvious advantage: You will not loose cloud capabilities. )

I saw in Melih’s video “What Makes Comodo’s Technology Superior?”
He said “We have Good files, bad files and unknown files.”
Good files are in TVL and cloud.
Bad files in database and maybe they will be in UVL like TVL.
Unknowns for Sandbox Tech. and Comodo will be more bulletproof :-TU
Thanks for your links and support :slight_smile:

Okay, so at this point, with the additional information provided by qmarius, what are your thoughts on this wish?


I said what I think on this wish.
Please move it to “Waiting Area” and lets see what people think on it.
It will be abandoned in some time because noone look these wishes :-\

Thank you. I made some changes to the first post. I also saved a copy of the original, which I will delete before forwarding this. Does everything seem correct in the first post?