New CIS Recognizer is released !

Hi Guys,

We have just released the latest version of CIS Recognizer version !

Existing CIS users will receive a recognizer update for the new release.

This version includes the following families (some of them were added on previous versions):

  1. Cryptolocker
  2. Necrus
  3. Ranbyus
  4. Ropest
  5. Bladaindi
  6. Poweliks
  7. XSWKit
  8. Kovter
  9. Nivdort
  10. Generic Detection Malware like:
    a. Trustzeb
    b. Remastu
    c. Spatet
    d. Sopinar
    e. Lethic
    f. DarkKomet
    g. Censer…

For your attention please.

We will keep improving ! !

Kind Regards

This is the great new that I want to hear for a long time…
Recognizer updates :-TU

Thanks Comodo, great job!

Yes this is very good news!

Extra recognitions are much needed… so long as sure there will be no false recognitions and so false reversals.

Will the beta version receive this update too?


Hello Redstraw,

This update only applicable to CIS 8.x version, we will be sending the recognizer updates to CIS10 as well.

Kind Regards

:slight_smile: :-TU

Thank you. It’s good to see an important step taken with the development of recognizers. I hope 2017 will be the year of further development of recognizers.

Here you can see 2 things:

  • sandboxed malware will encrypt all files in Downloads directory;
  • the new recognizer triggered at the end of the test, after files were encrypted ;D

You set an exclusion so that files in “Downloads” folder are not virtualized, so it’s pretty clear why they can be encrypted…
In the video I can’t see it, but I guess your configuration was Internet Security. It would be interested to do the same with Proactive Security Configuration.

It is by default! Have you really assumed I would show you a bypass and changed settings that have led to it? :o

owww noo ;D

No, I was just trying to understand your meaning, since you didn’t explain it in your post and I can’t read Polish :slight_smile:

I already knew “by default” settings are not good enough for security but usability.

@morphiusz , I am not ready for “proactive security config” bypass :smiley:

I’ve described it here, and please continue a discussion on this topic in the linked thread.;msg844983#msg844983

The two main competitors of CIS have exactly the same problem. It seems there is an indiscriminate permission of the files of the system, which ends up allowing the success of trojancrypt. Example: svchost-explorer, svchost-dllhost, svchost-rundll32, “wscript” -cmd, System-conhost-cmd, system-text-image files and video … :-TD

So, my approach is better: block unknown instead of run virtually :-TU

It is the true default-deny approach :wink: :-TU

It seems that if there are some intensive disk operations (or for example downloading and installing new Unreal Engine 4.14) that new Viruscope plugin can eat up one core (or thread) of CPU with cmdagent.exe process. They only solution is to turn either Viruscope or the module off for the time being :slight_smile:
Also I noticed WHEA thread on System module (using Process Hacker 3) which I believe was also connected to this issue (it caused quite a stuttering on i7 4771 CPU). But this happened only once. Cmdagent.exe eating one core/thread happens much more often.

Could you look into that?
I include actual config of CIS, but I discourage any normal user to use that one :slight_smile:

Thanks Comodo and keep up the very good work.