Recognizer v1.6.1 Released for Comodo Internet Security v10

Hi All,
We are pleased to inform that we have released Recognizer v1.6.1 for Comodo Internet Security v10.
Thank you to all users who participated in RC testing.

Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:

Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet

Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks

Password Stealer Trojan (1)
Primarypass

Ransomware (59)
7ev3n
AdamLocker
BleedGreen
BTCLocker
Cancer
Censer
Cerber
CloudSword
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kangaroo
Kelnoc
Locky
Manifestus
Matrix
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
Spora
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xmas
Xorist
XRatLocker
YourRansom

Trojan (24)
Carberp
DarkKomet
Lethic
Necrus
Rematsu
Ropest
Sopinar
Spatet
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus
Nivdort

Virus (1)
Grenam

We have released recognizer in test mode where in case recognizer detects a file, it won’t report to user but will inform to back-end and after we have analyzed detected files and ensured we do not have false-positive, we will update recognizer again and release in alert mode, where user will be notified of detected malware.

You can run program update manually or via auto update you will get recognizer.
You could verify if you have latest recognizer by looking at “Settings → Advanced Protection → VirusScope”, where you will see latest recognizer as shown in enclosed snap.

You should also be able to verify following file:
C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizerCryptolocker.dll
File Size: 268 KB (274,624 bytes)
SHA-1: b8edeb5e6040156b38a89d7faa19ffdbca497846

In case you observe any abnormal CPU or RAM usage, please do report with list of active applications in sandbox.

Going forward you can expect more frequent releases of recognizers.

Thank you for all the support and feedback.

Thanks
-umesh

:-TU :-TU :-TU

Nice :-TU

I guess what I would like to know is if those of us who participated in the RC should now remove the manually added IP address to obtain the recognizers? :-\

You can just disable that IP Address with the slider on. From what I gathered it’ll be the same address for future beta recognizers. I removed mine but could have just used the slider to disable it.

Eric

Thank you kindly for the prompt reply. I just wanted to be sure that if I disable it, I will still receive recognizers via the other address.

Could it be that recognizerCryptolocker is removed again.
I just installed CIS and only see recognizer_v10.0.1.6246.
There is also no recognizerCryptolocker in the C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10 map.

Maybe it is combined in the new recognizer 6246?

They have temporary prevented the new recognizer from being offered.

They are live now and new recognizer 1.6.1.0 is in test mode still.

New recognizer released as part of the new CIS release.

Comodo Internet Security v10.0.1.6254 Released