standalone autosandbox

General Category Which Product do you want Comodo to develop next?
1

something like the current CCAV, but without the realtime AV e Valkyrie.
Just cloud lookup to check if a file is in the whitelist or blacklist, a sandbox to automatically sandbox unknown and viruscope to revert changes.
or, if you prefer, CFW without firewall and HIPS

2

Couldnt you run CCAV with the AV disabled?

3

i guess i’ll have a red X and a warning… plus, i dont think i’d be able to run it alongside another av

4

yea i guess that would be a workaround until the functionality/product gets developed. Instead of a new product i think the best option would be to add an option in ccav to have on demand scanning only instead of realtime.

5

Well, actually, if what umesh said will become true:

CCAV could become more intresting as it.

But with a standalone autosandbox, anyone could build up his/her own best security pack (for example, tinywall + comodo autosandbox + qihoo 360)

6

I would also like to see a standalone Sandbox application. Ideally, this being Comodo’s flagship product (no CIS or CCAV) but making it modular so that you can include (during or post installation) additional modules like a firewall, antivirus (inc. cloud based lookup), hips and any future technologies that may come and go.

I’m really buying into the sandbox (virtualization) protection as the main form of protection but I can understand Comodo’s approach to including other modules by default (i.e CIS with antivirus or firewall or CCAV with antivirus) as most users “still” believe this offers the best protection.

Regarding making said Comodo product compatible with other third party security products, good idea but must be tricky/hard work for Comodo developers to acheive this.

:slight_smile:

7

Yeah, that would be the best :slight_smile:

Totally agree, average users just check the detection rate, something Comodo has never been on top…

I think if they just remove (or make an option to disable) realtime protection, then there should not be any compatibility issue

8

I see this as a request for a product “Comodo Sandbox”.

Lets create a poll and see the interest.

9

I thought there is a poll already. At least, that’s what I voted for.
https://forums.comodo.com/news-announcements-feedback-cis/standlone-comodo-virtual-kiosk-t93891.0.html

10

Thanks for pointing.

Let us come up with a proposition of exact nature of it.

11

What do you guys think about following proposition:

  • On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.

What this means:

  • You can still run it along with any other AV products.
  • There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
  • You have all the benefits of Cloud
  • You still have default deny i.e. if file unknown, it runs in Sandbox.

So you have a mix of
“Low Impact on System” + “Default-Deny” + “Traditional AV detection” + “Compatibility with any other AV product”.

and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch :slight_smile: other AV and rely on light weight product that protects you against old, new and yet to born viruses as that’s the future of client security as traditional detection approach can not be sustained.

Your feedback is appreciated.

Thanks
-umesh

12

It seems a nice idea :slight_smile:

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
I’d avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

My idea is to get a CFW without HIPS and with a light FW (maybe relying on Windows Firewall and just adding the outgoing filtering. Or just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360’s sandbox):

[ol]- Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown

  • Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
  • Viruscope like it is now[/ol]
13

umesh,

I kinda like the idea… :-TU

What do you mean by “Traditional Signatures”?..And how it will be implemented for detection?

14

Hi Jon79,

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
It's out of CCAV i.e. the way CCAV works, where we have Valkyrie integrated and a promise of ZERO-unknown running in system. Soon we are going to get into a state where we can start giving SLA for files to be cleaned up either safe or malware. Work in progress.
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.
Comodo Firewall is a great product but not everyone understands Firewall(except very technical people like you :)), people look for AV, which can do other things.
just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):
Sure can be added as an option in this product for advanced users.
15
What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

You see, there are different types of malware, some malware are of type where each instance of malware is totally distinct per PC and for any cloud product, it must be uploaded unless it can be stopped based on further malicious behavior, for which we have recognizers aimed in CCAV, recognizers can be supported by additional detection routines which can identify these unique instances also.

Considering scanning over head is only for files running in Sandbox, you won’t even like to turn off.

16

So, basically, any new app will run sandboxed first. Then, once Valkyrie gives the final verdict, the app will be either quarantined or allowed to run out of the sandbox

17

In my view, the standalone autosandbox should be as simple as possible, the first step in Comodo protection:

[ol]- CASB (Comodo Auto SandBox) with only the features I wrote below:

[/li]

  • CCAV, which is CASB + realtime cloud AV + Valkyrie + light AV local DB + light FW
  • CIS, which is CCAV + strong AV local DB + strong FW + HIPS + Secure Shopping[/ol]
18

umesh,

It will be different product or you mean a proposition to turn CCAV into…?

19

Hi Jon79,

- Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown - Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox) - Viruscope like it is now

Agree. This allows you to run product alongside other AVs.

What if you still have following as optional for advanced users:

  • AV for files running on Sandbox
  • Firewall to control apps running in Sandbox
20

Either way, new product or CCAV converted.
The goal is:
You should be able to run this protection from Comodo alongside other AVs without performance hit and still be able to use Comodo’s default deny architecture.