I always wanted a conversion. Should make things even more interesting.
If a file runs in the sandbox, there is no need of an av controlling it. Of course, it would be good to send the file to Comodo cloud for analysis.
The firewall would be a good addon, but in my opinion it should be something based on windows firewall (such as tinywall or binisoft wfc)
I see that you are referring to components. Should be separate from Sandbox & added later given enough interest in my opinion.
I’m not sure if “simple as possible” is a good foundation. I’d like to see many options in such a product. Actually… is it aimed at average user? Usability / Choices. When you think about it-- this kind of user might not use AV at all.
Since third-party products get officially in the game, rate of unexpected cases are on the rise. A “simple product” might not be easy to troubleshoot.
Just some thoughts.
Every time someone points out a weakness of Comodo, Melih answers “you have the sandbox to protect you”.
So, the sandbox should be the heart of Comodo protection.
Then, of course you need usability. And here the cloud lookup comes to help.
The problem is, the average user thinks that AV is everything you need, so Comodo should add it.
Then, there are the experienced users that, like you, wants more settings and more control.
If Comodo implements my suggestion, they can have one modular product that can cover nearly any taste:
- CASB for users who want a simple, but robust protection, maybe combined with other sw
- CCAV for the average users who want a “set and forget” sw
- CIS for experienced users who wanna fine tune their sw
I too would suggest as Jon79… :-TU
Standalone Sandbox - (No Need AV)
AutoSandbox
Cloud Lookup
ViruScope
Firewall
Simple, Light & Effective Protection… :-TU
Regarding the firewall part, keep it really simple (like it is done on mobile phones). By default, prompt user for connection (outbound/inbound). The user then allows/denys connection (with option to remember). So in the GUI part for the firewall, applications would be listed showing 3 icons per application.
- Application allowed to run (prompt, allow, deny)
- Outbound connection (prompt, allow, deny)
- Inbound connection (prompt, allow, deny)
… and that’s it really. By default, all options would be set to prompt (unless set to allow all or deny all). Any clever filtering (which is required for security reasons) is actioned under the hood.
An example of this layout (GUI) can be seen in NoRoot Data Firewall (Simple Good Mobile)
i’d prefer the approach of tinywall:
- use windows firewall with advanced setting and block both in and out connections by default
- cancel every pre-defined rules and add own pre-defined rules (to be chosen by the user)
- don’t allow any app to add or modify rules
maybe you can add an option during installation to have either the av realtime protection or just the sandbox protection.
something like “use comodo cloud av module to detect threats in realtime (uncheck if you already have an av)”
I’ve not heard of Tinywall before but as long as it’s simple to use, it get’s my vote. As good as CIS (or CFW) is, I feel alot of the options available could be hidden (from GUI) and are actioned behind the scenes.
I’m not sure about blocking all connections by default unless you mean this is applied to all unknown applications.
If a modular approach were to be taken, then you could do away with CIS (inc. CFW, CAV) and CCAV. New application could be called Comodo System Protection (CSP) which only includes a Sandbox by default. During installation, user is presented with a list of additional features (security modules) given a detailed description of what each of them does. This way you can either have the ultimate protection or base your configuration around existing security products.
To be more exact, in your example, two sandboxes would appear (CCAV, CIS). 
Here two proposals:
[ol]- The first one is about a modular approach to have CASB, CCAV and CIS with one interface only
- The second one is only about CCAV, with the option to use cloud AV or not[/ol]
Those are good solutions, from my experience I think the first one is better.
First option as well, although I would put CCAV under “Antivirus”. Within Antivirus module, have an option (slider) to choose between traditional signatures (downloaded) or cloud based lookup (online).
Hi Graham1,
in my view, cloud lookup (something similar to the one present in CIS under “file rating settings”) should be included in the default auto-sandbox package (even if with the option to disable it):
This feature doesn’t prevent the use of a third-party realtime AV.
The Cloud AV I mentioned is something similar to the realtime scan currently present in CCAV:
These feature can’t be used alongside a third-party realtime AV
The offline AV is something similar to the AV present in CIS:
I agree. I haven’t used CIS for a while now so unsure how “File Rating Settings” is setup compaired to CCAV.
The Cloud AV I mentioned is something similar to the realtime scan currently present in CCAV: https://help.comodo.com/topic-394-1-767-9243-Antivirus-Settings.html These feature can't be used alongside a third-party realtime AVThe offline AV is something similar to the AV present in CIS:
Realtime Scanning Software, Virus Protection | Comodo Internet Security
I still think both types of antivirus (CAV and CCAV) should be integrated within one Antivirus module (component) as they both offer different styles of detection (local vs online), although with the default sandbox feature, you could do away with the offline version.
i think currently in ccav there isn’t a file rating → cloud lookup because everything is done by the realtime cloud av.
so, in ccav files are checked online whenever you download, select, copy or move it. in cis (or better, in cfw) files are checked online only on execution, when you try to run it.
that’s why cfw is so lightweight compared not only to cis, but also to ccav.
has anyone tried to use ccav with the realtime av disabled? how a file is deemed good, bad or unknown? only by the local trusted vendor list?
I always thought CCAV checked applications on execution and then marked executable as either good (trusted application), bad (quarantine) or unknown (sandbox). Then after 10 days, status of executable is reset but maybe I’m wrong.
has anyone tried to use ccav with the realtime av disabled? how a file is deemed good, bad or unknown? only by the local trusted vendor list?
I would guess that by not having the antivirus part enabled, executables would be trusted if in the “Trusted Vendors” or already in “Trusted Application” (unless reset after 10 days), otherwise treated as unknown and sandboxed.
The real-time scanner (aka ‘On-Access Scan’) is always ON and checks files in real time when they are created, opened or copied (as soon as you interact with a file, Comodo Cloud Antivirus checks it). This instant detection of viruses assures you, the user, that your system is perpetually monitored for malware and enjoys the highest level of protection.
The CCAV file rating system is a cloud-based file look-up service (FLS) that attempts to ascertain the reputation of files on your computer by consulting a global database. Whenever a file is first accessed, Cloud Antivirus will check the file against our master whitelist and blacklists and will award it trusted status if:
- The application/file is included in the local Trusted Applications list
- The application is from a vendor included in the Trusted Vendors list
- The application is included in the extensive and constantly updated Comodo safelist
Trusted applications are excluded from monitoring by Auto-Sandbox - reducing hardware and software resource consumption.
So, maybe the file rating is still working even if you disable the realtime scan
Thanks for the quotes and links Jon79. Much appreciated
So, maybe the file rating is still working even if you disable the realtime scan
I couldn’t find any documentation on this so I’ll post this question on the forum.