May I quote you, Jacob, to the topic in the malware research?
Thanks
Regards,
Valentin N
Sure thing
Jake
Not quite similar to your suggestion. Your suggestion is more complicated and will be more intrusive to non-advanced users who don’t care about customizing the TVL (just my own view). My idea (or others who have suggested this before) is just provide user capability to edit TVL like the “Tursted File” list and also have option to disable update of the TVL to avoid overwritten of the local customized TVL.
Can they possibly recheck the people on the trusted vendor list every so often or allow questionable vendors to be reported straight from the Comodo GUI, then allow a blacklisted vendors list so Comodo will be set to make them sandboxed as blocked if they are on that list.
Bypass #5…can you check this application?
Accent Office Password Recovery 5.1 uses Passcovery Ltd digital signature and is trusted by Comodo.
But this one is also flagged by numerous AV companies as bad file.
Hi siketa,
We are going to investigate this and get back to you after reaching a conclusion.
Regards,
Ionel
Hi siketa
These are those odd cases, where if you have lost password as an end user you will seek such application and try to recover password. As we have analyzed, we do not see anyway that any module can be misused by a malware, although there is every possibility that this application can be installed by someone else in your PC and can try to recover your password.
Again this is not a typical malware case although to keep TVL clean as some users may have objection to it, we have removed it from TVL.
Thanks
-umesh
Thanks, Umesh!
And what about this one…what do you think of it?
Hi siketa,
We found no malicious behavior with the file you mentioned, therefore was not marked as malware.
Regards,
Ionel
after an update my vendors list contains some entries with no letters. there are just squares as a name.
my “favorite” is this one
(o=square… dont know how to write them)
ooo(oo)oooooooo
Chinese vendors. You have to install proper fonts to make it visible.
I just think trusted vendor list is against the principle of default deny that’s been trumpeted by COMODO.
Shouldn’t be an option not to use this list again? There is actually I know but people seem to suggest that unchecking the option simply will not help.
If you’re talking about the Automatically trust files from trusted installers setting, this isn’t the same thing as not using the trusted vendor list. This option just considers the files created by a trusted installer trusted as well, keeping them out of the sandbox.
I view it as intelligence added on the Default Deny principle.
Default Deny does not need to mean “Deny All”, I think it should mean “Deny Unknown”. Otherwise, all windows processes need to be denied, all exe need to be approved by user. You may try it by using “Paranoid Mode” in D+ and see if you would love it or not.
Well there’s always the look up(cloud).
This intelligence has proved to be the achilles heels of COMODO from time to time. Looked more a liability than strength. Just my 2 cents worth
Whether looking it in the cloud or in local TVL and local file white list, the principle and logic behind is similar. It’s just move something used to do locally to the cloud. If you won’t accept it doing locally, why would you accept it after moving to the cloud?
On the other hand, I agree that the current intelligence is not smart enough and has weakness. For example, it is illogical if a malware can be identified by Comodo’s AV but was trusted because it got a signature in TVL. It really need strengthening.
Bypass #6…guys, can you check this application?
wsseu.exe uses WhiteSmoke Inc digital signature and is trusted by Comodo.
Although VT says that it is detected by Comodo as Unclassified Malware, it is still not the case.
I tried Real-time and On-demand scannings with High Heuristics and latest DB.
Hi siketa,
We will verify it and get back to you with the conclusion.
Regards,
Ionel