Putting CAVS to the test.....

Found a pc that is infected with a virus at a site that I am currently working at so I am going to just install CAVS right in the middle of it to see what happens. This pc had Norton Corporate AV installed and it did not find it. Now this AV was supposed to be scanning the Exchange mailboxes for viruses.

How it was found in the first place was they had installed Avast on another machine and that machine got an email from the infected machine. Avast caught the email on the second pc and so they checked the other machine by installing Avast there and it was infested. We had to stop all work until all of the machines were scanned with Avast and deemed safe before anyone could get back to work.

I asked if we could keep the infected pc off the network for testing and the company gave us permission to have at it, especially since I told them that Comodo products were free. They are watching this test to see how Comodo stacks up. I did tell them that CAVS was still in beta and it will not scan Exchange email so they know it is not finished yet.

So anyway to make a long story even longer Monday morning I am going to put Comodo programs to the test to just see what will happen. This is a small network of about 150 pcs and they are looking to save money just like any other business is so Comodo drew their interest. They do a lot of web stuff also so I am trying to get them to switch their certs to Comodo.

We will know the results Monday when I just set Comodo right down in the middle of it and let it do it’s thing. I am also going to test both firewalls, CAVS, and CBOC to see what happens. This should be interesting to say the least.

Go get 'em Comodo!! (:AGY) Stay tuned for the results.

jasper

throw Boclean at it too pls Jasper, after CAV to see the difference it makes.
thanks
Melih

Sure will !! Will try CBOC by itself with no AV installed.

jasper

ok thanks…

Melih

(:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP) (:CLP)

go get em comodo.
can’t wait to see the result

■■■■ waitin for you to come home safe & sound & win. :■■■■

Fight! Fight! Get yer peanuts here! Fresh buttered popcorn and toasty warm peanuts!!!

Ok people, Comodo Antivirus passed with flying colors.

The virus that was on the machine was called Win32.Warezov by Avast and Email.Warezov.fs by CAVS. That wasn’t the whole name but that’s close enough for government work.

This machine had been in service for 2 years and had at least 10 profiles stored on it so it took awhile to scan this baby.

I intentionally cleaned the files from the actual operating OS and left only the System Restore files dirty using Avast. I did this intentionally so that I could make it as unfair as possible. I then uninstalled Avast and rebooted so the virus was able to kick up again. I then installed CAVS with the virus active with no problems and updated it. I used another adsl line straight to the pc and not the network.

I knew the bad files were in the System Restore folders so I just set CAVS to do a thorough scan and let her set there for about 1 1/2 hours. CAVS found new bad files in the System32 folder and about 8 other places that weren’t there when I uninstalled Avast.

I have not had a chance to test CBOC yet as I want to clean the OS part again and then install CBOC and let it reboot to see if it will catch anything when they try to create themselves in memory. There will be no antivirus this time, only CBOC all by its lonesome.

I don’t know how old this virus is but Avast shows it in their 2006 Windows list of viruses:

http://www.avast.com/eng/win32-warezov-family.html

I was totally unfair in my test and just stuck Comodo right down in the pile of dog pooey on the pc just to see what would happen. Comodo Antivirus came thru with flying colors. CAVS was never compromised by the virus and did not shut down when it could not repair the files. It did offer to submit them to Comodo though.

Neither Avast or Comodo caught the files replicating in real time. I had to do a scan of the pc in order to find them.

Well Melih on to CBOC. I am wondering though it might take a couple of days for the virus to get into memory for CBOC to find it so the next test might not show anything for a couple of days at least.

There ya go people. Maybe this test isn’t such a great test but I abused CAVS as much as I had time for today and it still performed.

Now I’m gonna drink some ■■■■ and watch some football.

jasper

EDIT: I used the default settings from a fresh install of CAVS. I changed nothing in CAVS itself.

Thanks for that Jasper, really useful real life example and test :slight_smile:

We are improving CAVS even further and the next beta will be better, faster and consume much less ram…

thanks
Melih

Nothing earth shattering I admit but I just always wanted to see what would happen.

I’m sure the next version will be quite a bit improved as you say. I look forward to trying CAVS3.

jasper

can’t wait for CAVS 3

(V)

Ya ya, all of us kno dat. But the more u promise, the more trembling I am. I keep chekin dis forum everiday for new announcements…

LOL Can I get some or am I late?
:■■■■ :BNC

october is a month you should expect a new beta of the CAV (hopefully… so don’t hold me to it if we can’t make it then :slight_smile: )… we are hoping that this beta will be very close to the final version.

thanks
melih

:BNC

Melih,

that’s great news!

Do you expect this new beta to be for Vista as well?

Harry (:NRD)

I think you still have time for the BOC test run. Up next… Round 2!

most likely not…

however, once we get this release out, things should move much faster…
Melih

ok, now i got a date, much relieved. Just tak ur time, Comodo.

Sorry it took so long to post the CBOC results but it took until Friday for the virus to pop up its head again. I originally had cleaned everything up on the machine except the System Restore files. I told the guys to just run programs normally and not to do anything out of the norm to get the virus working again.

CBOC just sat there all by itself not detecting anything for 4 days. I was beginning to wonder if I was going to have to do a system restore to get the virus to start up again or maybe CBOC just wasn’t detecting anything. Anyway I pretty will had given up on anything happening so I just went about my business and just let it set there. On Friday afternoon the virus came alive and tried to start a file in system32(a wireless .exe file) and CBOC nailed it. I let it delete the file as I wasn’t concerned about anything working on the machine or not. The virus then tried to start another .exe file and CBOC caught that also. I stopped the test after the second file as that was proof enough for me. CBOC deleted the first file without any trouble and I did not check to see if by deleting the files that something got broke. All I was after was to see if CBOC would stop them or not. I also do not know how many other files were created by the virus before or after CBOC caught the first 2.

I would say CBOC passed the test very well. I have to assume that the virus was setting itself up to send emails out over the weekend. Maybe it had a built in timer or something I don’t know.

I called in the company IT people to take a look and CBOC is going to be installed on all of the pc’s they have. They got to see CBOC stop the second file and that was enough to convince them to put it on all of their pc’s.

Well, my half-baked test is complete and CAVS and CBOC both did a fine job of holding their own. I won’t be able to test CFP3 as they need the pc back(small network with limited resources). One other thing, I tried to abuse the Comodo products as much as I could. I did this on purpose to try and break the programs unfairly. I did not test any other vendor’s products and that’s not to say they wouldn’t have done just as well. All I know is the virus got in on that pc thru another vendor’s antivirus program that was current and up-to-date in it’s virus definitions.

Good job Comodo. (:CLP)

jasper

Yay, very good.

I had bet all my money on this fight, now thanks to Comodo I’m rich instead of having my legs broken. [/kidding]
(:TNG)
:-* (B) :-*