Recognizer v1.6.2.27 for Comodo Internet Security v10 (RC)

Hi All,
Y’day we released recognizer v1.6.2.25 for CCAV .

We would like to release recognizer for CIS also. Considering in CIS recognizers user different protocol, they need to be tested as well.

Earlier we released recognizers for CIS in test mode to verify performance and false-positive.
In this v1.6.2.27 false-positive have been fixed and recognizer will be released in non-test mode (i.e. when detection is made, you will be informed).

This version replaces previous test mode recognizer.

We have made recognizer version live on test server and you can use following steps to receive this new recognizer:

Steps to test:

Step - 1: Ensure you have either v6223 or v6246 of CIS installed
Step - 2:
Either
Modify host file with following entries:


91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com

OR

alternately you can also add 91.209.196.83 entry as shown in enclosed snap ‘Using_Beta_Server_In_CIS.png’ under “Advanced Settings → General Settings → Updates → Proxy and Host Settings” link.

Step - 3: Run updater from CIS interface and you should see new recognizer as shown in enclosed snap CIS_Recognizer_v1.6.2.27.png under “Advanced Settings → Advanced Protection → VirusScope”.

Step - 4: From “Settings → Advanced Protection → VirusScope” please deselect “Monitor only the applications in the container” checkbox, this will ensure all processes are watched and will be good test for stability.

Step - 6: Run your popular applications and watch out if you see any abnormal CPU / RAM usage, if you do, feedback is appreciated with system details and active applications.

Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:

Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet

Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks

Password Stealer Trojan (1)
Primarypass

Ransomware (52)
7ev3n
AdamLocker
BleedGreen
Cancer
Censer
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kelnoc
Locky
Manifestus
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xorist
XRatLocker
YourRansom

Trojan (21)
Carberp
DarkKomet
Lethic
Necrus
Ropest
Sopinar
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus

Virus (1)
Grenam

Few names have been dropped since last release as detection was false-positive prone.

Note: Considering recognizer work based on behavior, we have tried to detect typcal ransomware activities so even though a malware family may not be in above list, it may still be detected.

Please share some feedback about product stability.

Thank you
-umesh

I’ve tried the update using both methods, but no new update downloads and no change to the Recognizer version, which still shows 1.6.1.0

Updated :-TU

Still no change

When using the option of the hosts file, I get the error as below

When adding to the CIS update sections, no Recognizer update is downloaded and the version stays at 1.6.1.0

Clear dns cache disable host entries and make sure the default download.comodo.com entry in proxy and host settings is turned off while the IP address of http://91.209.196.83 is turned on. Also are you on 6246 build or on the previous 6223 version?

Hi futuretech

Done all that, but the same error occurs. I’m on build 6246

You quote http, but the first post shows https. Which is correct, although I’ve tried both with the same result
(Releases have always worked for me using one of these methods; this is the first time it hasn’t)

Attached is how I have it setup and I was able to get this new recognizer when I had 1.6.1 installed. When you choose to add a host without the http/https prefix, it automatically sets the http prefix. Not sure why its not working.

Back on 6223, I received the previous 1.6.2.24 recognizer, but now that I’ve upgraded to the 6250 RC the same proxy settings don’t seem to want to pull down the new 1.6.2.27 recognizer. Is this expected?

Hi All,
Recognizers have been released in production:

Please use Update button present on CIS interface to update your copy of CIS.

Thanks
-umesh

Hi All,
New recognizer v1.7.0.42 is available on test server as RC:
https://forums.comodo.com/beta-corner-cis/recognizer-v17042-for-comodo-internet-security-v10-rc-t120185.0.html

Thanks
-umesh