hi all, (:WAV)
just wanna know, if we submit something via CFP3 submit files option, and it turns out that the submitted file is a malware,and… what’s next? we know that CFP uses white list/safelist, isn’t it great IF CFP defense+ has a black list as well?
I would like to know if someone can help me in a doubt regarding CFP 3.
I am running it for about 1 week, and it is working very fine on all my machines. I have noted only one strange behavior while it is running: frequently on bottom right of my desktop, while I am working on my computer, the “submitting the file(s) for analysis” dialog box opens automatically and “apparently” sends some file(s) to Comodo, without any interaction from my part (this happens just for a few seconds).
I would like to say that I frequently execute the “purge”, “lookup” and “submit” options to the files that appears on “my pending list” option, but the above mentioned sending is occurring frequently, without any interaction from my part, even if there is not any file on “my pending list”.
Someone has any idea of what could be the cause of it?
The default option is that pending files not on the safelist will be sent automatically to comodo. Even after you clear the pending list these unknown files will enter a queue in the files to submit list. If it fails to send some it will try it again later.
The queue can be found under Miscellaneous/Submit suspicious files.
These files should appear first on your pending list. It have just came to my mind that after doing whatever action with the pending files it poped up a message asking if I wanted to send the files to comodo. I checked the box “don’t ask again” so in my case this is why the submission is automatic.
Files which are not in the Comodo safelist and are also unknown to the user can be submitted directly to Comodo for analysis and possible addition to the safelist.
File Submission Process
Files can be transferred into this module by clicking the ‘Move to…’ button in the ‘My Pending Files’ and ‘My Own Safe Files’ areas. The interface also allows you to manually add files that you would like to submit. Click ‘Add’ to manually add suspicious files to the ‘List of Files’. Similarly, to remove a file from the submission process, click the ‘Remove’ button.
This was from the help file…not much of a help though…
From what I see it shouldn’t send files without your consent unless you clicked “remember” your option when asked for submission. I had some problems with few bigger files btw. It wanted to send skypesetup.exe and it always failed with a network error ??? regardless of its failure to send it it tried it periodically thus the submission icon appeared often but it was sending the same file all the time. If you duble click on the icon you can see what is sent or being tried to send.
The queue can be found under Miscellaneous/Submit suspicious files.
These files should appear first on your pending list. It have just came to my mind that after doing whatever action with the pending files it poped up a message asking if I wanted to send the files to comodo. I checked the box "don't ask again" so in my case this is why the submission is automatic.
I have found the queue, thanks. But it is empty.
I always purge, execute a “lookup” and submit the unknown files already existent on “my pending files” list to Comodo, manually, and I never had used any “remember” option here. So, due to this I’m not understanding the so frequent dialog boxes regarding sending files.
Now, for example, I can see that my “my pending files” list is empty, but since I have started this post, the dialog box has already appeared a few times.
And I have already experienced the same bug you experienced with the skype file, with some “bigger” files. It seems that there is some type of bug when submitting bigger files, because always occurs the error you have mentioned.
A user reported that asp.net would not work because of temp files. He identified .dll’s, but I suspect that there were other files that needed permission - either as a temp executable or as an exe trying to run a temp file. It is very hard to give permissions to do either without resorting to wildcards and possibly creating other problems.
It is a characteristic of rootkits that its files are hidden from most ways of viewing them. If such a hidden file was identified when it was seeking permissions, it might not show up again when being checked in the Pending Files list or by any other way of searching for those files except for a few anti-rootkit tools.
A game player reported that one of his games created temp files that needed internet access. This was successfully resolved by the creative use of wildcards, but it is a task beyond the average user’s talents.
Given the above, and the question of vanishing files possibly being related to rootkits, some form of inspection of those files (possibly in memory) should be built into CFP. If it becomes necessary to give such files permissions, it is difficult in the ordinary way. If a record of the inspected file could be used to grant permissions to it, that would deal with some of the problems.
I have a few questions about pending files. I have submitted a file in my “files for review” list and am waiting for COMODO’s response. How long should we expect to wait for the submitted files to be researched and added to the safe files database. Is there a definitive answer to submitted files or do we just assume they are unsafe if they are not added to the safe files database after a certain period of time. What do we do with the pending files that are not added to the safe files database (should we search for these files on our hard drive and manually delete them?). Thanks in advance…Jim
Thanks for your response Hikertrash. My question was not so much about the majority of the files on the review list but those few files that are unknown and that I have submitted to COMODO for further assessment. My understanding is that when COMODO finds them safe they will automatically add them to their safe database and when I check this file again it will show up as safe and I can then delete it from my “waiting for review” list. I have 3 questions about how this process works.
How does it take COMODO to assess a submitted file?
Does COMODO advise me directly about the outcome of my submitted file or do I just assume its not safe if the file is not added to their safe database after a certain amount of time?
What do you do if COMODO does not add the submitted file to their safe list. Should I search for the offending file on my hard drive and manually delete it?
Hi there jim, I can’t answer all your questions with certainty but I can certainly try to answer a few: (:CLP)
I should think it wouldn’t take Comodo too long to assess a submitted file. To be on the safe side I’ll say a week or less, but thats just a guess. Only the people who actually do it would be able to say for sure. Maybe one of them will chime in.
Comodo does not advise users directly about the outcome of the submitted files. You can just assume its not safe, but where’s the risky living in that? (:LGH) Once again, I at least do not know the certain amount of time necessary to analyze a file and deem it safe or unsafe therefore I can’t venture a guess as to what you should do there. I suppose its what you’re comfortable with. By and large, many of the files are probably safe.
Due to the uncertain nature (at least for me) of adding the files to the safe list I would hesitate (read as: I can not) actually advise you to delete the files off of your hard drive just because they have not been added, especially since one really does not know the amount of time necessary to do this.
Hope this has helped you somewhat, perhaps someone who knows more than I do will drop on in later on.
Navigating as follows: Firewall>Proactive Defense>Waiting for your review>
brings up “My Pending Files” list with 34 items. I select the first one by clicking checkbox, then Submit, and see “Submitting the file(s) for analysis…”. But the file that it is submitting is not the one that I selected. (It may be one that I had previously selected, not sure.) After about 2-3 minutes (I can see the progress bar move a couple of ticks), I get a message box saying some of the files could not be uploaded and clicking on YES in that box says “connection with the server was terminated.”
I’ve had other puzzling results trying to submit files that are “waiting for your review”. Such as runtime errors, apparently not responding to submit requests, and suddenly seeing a window popup saying that files were being submitted a long time after dismissing the My Pending Files window.
I’ve tried to follow the instructions in the help files, but I don’t really know what to expect or watch for. Can someone help me get a handle on the SUBMIT function?
Running COMODO firewall, anti-virus, and BOClean.
After you click on all the files and click submit, you can see what the files are that are already in Comodo’s list by right clicking on the sending icon in the system tray and opening it. You can there delete any that have already been sent in or that are not appropriate to sent.