I would like to add a suggestion to the wishlist and my suggestion is: Add a send to Comodo option in the Quarantine so that undetected viruses and false positives can be sent please.
yes same here +1
Undetected viruses and false positives can at present be sent using Miscellaneous>Submit Suspicious Files or zip - protect with password ‘infected’ and submit to malwaresubmit at avlab.comodo.com
The constraint is, I think if it is quarantined by ‘CAVS’ it means CAVS already detects the virus and there is no need to send them for analysis. In case if user is aware that a particular one is a ‘virus’ or ‘worm’, Comodo has already provided the provision and user can use one of the above modes before quarantining it. In order to safeguard our computer, we can also mark it as an ‘isolated application’ in defence+ before sending it to Comodo using ‘Submit Suspicious Files’. Hence, I am not sure whether developers would agree with this.
Of course I agree that sending after quarantining would give user a better feeling of protection and hence I also second your wish.
Would be a veery helpfull feature
This would be very good feature. Today CIS has detected unclassified malware. CIS moved it to quarantine. I wanted to send the sample to Comodo reaserch but it was impossible from quarantine folder.
Only if they are of executable type (file extension) and haven’t been Quarantined. Otherwise this method does not work.
I respectfully disagree. The file might be a false positive, and Quarantine is the most reasonable way to deal with the Alert.
I think the antivirus (especially with the new heuristics) will find some new variants (which are not specifically known to Comodo) and find some false positives (as suggested by JNavas). So, it I think it would be a useful and user friendly option to submit detections from quarantine. If things are easy and user friendly, more people will submit files…and sending these files to Comodo may help refine the heuristics, inform them of new variants, and fix false positives.
If a false + is found, it can be removed from quarantine and restored (this process can even be automated, so that when a submitted file is found to be a false positive, and CIS finds it in quarantine, the user can be informed “Comodo has confirmed that GHYTS.EXE was detected as a false positive. Do you want to restore the file and remove it from quarantine?”)
A major problem with the current email submission method is that Google Mail does not allow attachments with executable files (even encrypted in ZIP archives).
I made an example pic of an alternate Quarantine window that includes the above suggestions and some new ones.
- Add a submit button to quarantine.
- Add a column that indicates whether the file has been sent to Comodo.
- Add an option to have the antivirus scan the quarantine entries for false positives after a database update (see 2nd pic). If a false positive is found, CIS can warn the user: “Comodo has confirmed that GHYTS.EXE was detected as a false positive. Do you want to restore the file and remove it from quarantine?” If the user selects “no”, the item in quarantine will still be designated as a confirmed false positive (abreviated “FP” in the 1st pic).
- Get rid of the “clear” button. It makes more sense to change it to one of the following:
- Label it “delete all” - this is much more self explanatory than “clear” (I had to look up “clear” in the help file!), or
- Remove the button completely…it is redundant. The user can easily select multiple entries or blocks of entries and then hit the delete button.
[attachment deleted by admin]
You are actually limited in what you can send through CIS itself. I had a false positive in a .bin file the other day, but CIS doesn’t even allow me to see .bin files in the directory. If I can’t see them, I can’t select them to send in. I agree that in order for this to be more user friendly, users should be able to send any false positives to Comodo through the software. Most people won’t bother using the other method.
I like this. Perhaps another suggestion would be the option of whether or not this false positive should be added to the “threats detected” counter on the summary page. I’m of the opinion that any “threat” considered officially “detected” should be a real threat, not something that Comodo has falsely identified as a threat. Although I can understand that some may wish to see the total based on every file Comodo intercepted regardless of it’s actual “threat” to your system.
I edited Whoop-dee-Doo’s SS a bit. Instead of “Report to COMODO”, how about a link at the bottom explaining a bit more. This link could open a new box giving a short brief summary about what FP’s are and the ability to select which ones in quarantine that can then be submitted. It would be easier for novices.
After all, besides if it’s a FP, why would you report a file to comodo if it’s already detected?
What do you think?
[attachment deleted by admin]
- I definitely think there should be a “Send to COMODO for analysis” button, although CIS should offer to Send any new uncertain (heuristic) detection automatically.
- I’d change “FP” to something clearer like “Status” (ordinary folks won’t know what “FP” means) with initial detection reported as “Possible Malware” (heuristic) or just Malware (verified by SHA hash, locally or online).
- After analysis by Comodo, Status of “Possible Malware” would change automatically to just “Malware” or “Not Malware”.
- If changed to “Not Malware”, CIS would offer to automatically Restore it.
- If “Malware”, any attempt to Restore would get a strong warning.
- Change “Do you think COMODO Antivirus has identified a safe file as dangerous” to “What is Malware?” and “What is Possible Malware?”.
- False Positives tend to lower the users confidence. I’d much rather see CIS classify as “Malware” when there is reasonable certainty, and “Possible Malware” when there isn’t such certainty.
- Having a Close button is good. (Some CIS windows are missing Close buttons, which is confusing to ordinary folks.)
Have you tried renaming the executable file? e.g. name.exe → name.exe.fp or name.fp with a note saying the name had been changed, from to?
Princess Snowflake’s suggestion is similar to my own: add a “Send for Analysis” button to the alert popup.
If that’s meant for me, thanks, but I know how to work around the problem (without changing the file extension) – my concern is for ordinary folks, most of whom won’t be able to do it. ZIP and email is unrealistic IMHO.
Sure, but it should be in Quarantine as well.
Good suggestions…worth way more than 2 cents. when I have some time, I’ll try to make a new pic that incorporates them and add them to my post in the usability study.
Okay…here are some updated pics with your suggestions.
Edit: I changed the pics to include FaZio93’s and JNavas’s suggestions below.
[attachment deleted by admin]