Malware Process not Seen by Comodo Cloud Scanner

Beta Corner - CCS
1

Today I downloaded some malware and ran it. Yes, on purpose. :wink: I allowed it to be automatically sandboxed. I disabled the AV in CIS, but it was caught and removed by the online lookup. Still, it was able to start a process. The problem is that this wasn’t seen by Comodo Cloud Scanner!

Please see the pic.

Also, for those of you who think this might not be malware please see the virustotal report:
http://www.virustotal.com/analisis/2c7fb6010fee59c7f856184819cc09ff044b62fb6d520f42cbac525632944523-1279138465

Is this because of my specific circumstances, or was this actually able to run ‘under the radar’ so to say of CCS? ???

If you want the malware to test then I can send you a link. Thanks, this has me worried.

[attachment deleted by admin]

2

As an update I just tried to manually scan the file with CCS, but CCS crashes. Check out the pic.

Is CIS possibly protecting it because I released it from quarantine?

[attachment deleted by admin]

3

Here’s the CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=2c7fb6010fee59c7f856184819cc09ff044b62fb6d520f42cbac525632944523

Anubis seems to have a bit of a backlog at the moment. It tells me it’ll take more than a day. In fact it’ll take 1 day and 36 hours. :smiley:

Also, here’s the ThreatExpert Report:
http://www.threatexpert.com/report.aspx?md5=32857bf06423f3a200ec5df34bf76899

4

I don’t know what to say about CCS, I have tested it plenty of times and for some reason it really does not work that well. Even if CIS has a signature for the file. I really hope they will fix it.

5

Hello!

Can you provide the additional link with malware to create the specific conditions, do aditional tests and corect these problems.
Thanks for your good testing!

6

Thank you. I’ve sent you a link to the malware in a PM.

If it helps I’m running Windows 7 x64.
Also I am using CIS V4.1.150349.920 and CCS Beta V2.0.

Also, Anubis is now working again, so here’s a link to the results generated via Anubis:
http://anubis.iseclab.org/?action=result&task_id=18fe7350068fdb4442513b9a1f8259f12&format=html

7

I’ve got an update on the situation. I just fired up my virtual machine. I had CIS installed, but I disabled all of the components. I then downloaded and installed the newest Beta version of CCS.

After this I downloaded the malware I’ve been talking about and ran it.

When I tried to run a scan with CCS it locked up. This seems like a bug, or just a vulnerability. The virtual machine was also running Windows 7 x64. I’ve attached a pic.

Please let me know if you need any more information to recreate my results.

[attachment deleted by admin]

8

Any update on this?

I’ve found another malware that it doesn’t detect. What scares me is how easy it was to find another.

Have you identified the problem, or is this something that can’t be solved?

9

Hello Chiron,

Please check with the last BETA2 setup functionality of CCS when scaning those malware and notify me if there were changes because we repaired a lot of issues regarding this.

Regards,
Corneliu Deleanu

10

I ran a fake AV in a virtual machine and CCS was not able to see the process. I’m going to do some more tests later today, so I’ll give you the details then. I’m going to post it here:
https://forums.comodo.com/news-announcements-feedback-ccs/post-malware-invisible-to-ccs-here-t59866.0.html

Is that okay or should I post the information here?