Information about signatures, Virus detection rate, HIPS

Hi there,

hm, looked a bit around in the forums, but there are so many topics, that it’s impossible to read all - so I don’t know, if some (all) of my points were already discussed.

First of all, I want to mention, that I’ve found no way to get the information of how many different signatures are in your virus database. I can only see the time of the last update.
I admit, this doesn’t help much to detect a virus, but a big number of signatures makes a good feeling :wink:
Also it would be nice to have more detailed information about the types of malware. (For example: Database contains 100,000 signatures! In detail: virus signatures: 50,000, trojan signatures: 25,000, spy/adware signatures: 20,000, …)

The next mostly cosmetic thing: It seems, that the GUI-Version of your virus scanner (CavSn.exe) doesn’t support any parameters like “*.*” - so I have to use the command line version (CAVSCons.exe)
Background: The resident scanner is configured to check only for Applications and not in archives.
When I download a file, I have the option in my download manager to get it checked automatically with a command line scanner. And since downloads are a potential risk, I want to check all files. And most downloads are zipped…

Is there a more or less objective comparison from CAVS with other (free) virus scanners?

Because: one thing that worried me: I wanted to test the scanner and took some attachments out of mails from my spam folder (at least it’s good for something, that I’m flooded with this ■■■■). But all files weren’t recognized as malicious. I uploaded them to VirusTotal and they were recognized as virus/trojan/downloader by most scanners there.
This brings me to HIPS - for now, CAVS is still very secure for advanced users because of the HIPS feature, but the Comodo Firewall v3 will bring it’s own HIPS (I’m using v2.4 at the moment) - and from what I saw so far, it’ll be more comfortable to use compared to HIPS from CAVS.
So, if the detection rate from CAVS isn’t really good, the new Firewall could replace CAVS almoast complete? Or is there any difference in the HIPS features, which makes the one from CAVS more efficient? (Or any other big advantage of CAVS)

I can’t imagine that using two applications with a HIPS feature is even advisable concerning system performance and the one application conflicting with the other.
So will in the final version one HIPS system be disabled? On my test system, I got either a message from Defense+ or from CAVS, but couldn’t recognize a system behind that.

Last, but not least: CAVS crashes, when clicking the “Manage” button in the settings of HIPS on my machine. I also get a message here, that I should disable DEP for this application. But then, it crashes just silently… I already read some reports about that here, but found no solution.

Thank you in advance for any hints, comments or other opinions :slight_smile:

my system info:
cpu: AMD Turion64 (DEP enabled for all applications)
ram: 1024MB

os: WinXP SP2, with IE7, hopefully all patches installed (32bit)
antivirus: CAVS
firewall: Comodo Firewall
additional: Spybot - Search & Destroy

See attached regarding virus list.

As for the rest; CAVS is still a beta product and this development of the software is about to begin the next phase with CAVS 3 currently under development. Hopefully the first CAVS 3 beta released will be very near to a final release version and this will be a massive improvement on CAVS 2.


[attachment deleted by admin]

Wow, I’m quite amazed - and should have had a closer look to the reports section.
Thank you!