1. What actually happened or you saw:
Sometimes malware can mistakenly be whitelisted and it can run in the user’s pc when CCAV makes a cloud lookup
2. What you wanted to happen or see:
The latest release (v1.19.456424.771) of CCAV has added an option to control the TVL, but if a file has been trusted on cloud, it will still run without warning.
It would be good for some users to lockdown their PC and allow to run only apps either already whitelisted or with a digital signature in the local TVL.
This can be achieved, for example, by adding a “Block all new apps” feature
3. Why you think it is desirable:
To avoid whitelisted malware
Hi Jon79,
Please see enclosed snaps.
Assume you have “ENTER LOCK DOWN MODE” option available in some form, more ideas are welcome.
When you press it, user will be shown following small notification message:
[i]When you enable this mode, no new application (either safe or unknown) can run, except ones from Microsoft or Comodo. In case you still want to execute a new application, you can add that application in exclusion list as available in "Sandbox Settings". This mode is only valid till system is re-booted and upon next system re-boot will exit from this mode. You can exit this mode any point you want.
[/i]
Also added a new Sandbox mode, i.e. block all untrusted applications.
Hi Umesh,
Lockdown mode looks interesting, but limiting it to Microsoft and Comodo could lead to some problems (for example, what about Intel, Nvidia or Realtek?)
About sandbox mode, what do you mean by untrusted? Untrusted for the user or untrusted for Comodo Cloud?
My idea about this feature is that the user should have full control about apps that can run, either by manual whitelist or by custom TVL.
Any other app should be sandboxed unless the cloud lookup find it to be malicious (and the user still has the option to exclude such a file)
Lockdown mode looks interesting, but limiting it to Microsoft and Comodo could lead to some problems (for example, what about Intel, Nvidia or Realtek?)
Consider this as a state, you get in and get out and is non-persistent across boot, as during boot there can be number of critical apps and services that should run, so assume this as a post boot option, you can enable.
About sandbox mode, what do you mean by untrusted? Untrusted for the user or untrusted for Comodo Cloud?
That is not connected with Lock Down mode, just another option in case Comodo rating is untrusted, application can be blocked, right now we have default option as sandbox.
My idea about this feature is that the user should have full control about apps that can run, either by manual whitelist or by custom TVL.
Any other app should be sandboxed unless the cloud lookup find it to be malicious (and the user still has the option to exclude such a file)
In "Lock Down" mode, you can define applications that can run and also malicious will be blocked as well as cloud look up will be working. So it pretty much achieves what you are looking for.
Hi Umesh
Good ideas from Jon79 - and I think your explanations sound excellent. Would make CCAV a real ‘control’ and access application . . . . even more than at present
[quote="Jon79
Jon79 mode
Trusted if:
Digital signature in the local TVL
Trusted/whitelisted by the user
[/quote]
2nd one is covered due to exclusion, so mode can be extended to include to trust all entries in local TVL.
Only thing left will be persistence, in case you are using local TVL then it won’t hurt as persistence won’t cause issue.
The point is, in CCAV you can’t disable the cloud lookup, while in CIS you can.
It would be great if CCAV could lookup only for malicious files, letting the user choose what’s safe (custom TVL and manual whitelist).
But it’s OK, I have switched to Avast with Hardened Mode on Aggressive and I’m quite happy with it
