Submitting files for analysis - what happens when I do this? [v5]

Comodo Internet Security - CIS Defense+ / Sandbox FAQ - CIS
1

[ol]- Files may be manually submitted for analysis using the ‘Submit’ button in ‘Unrecognised Files’.

  • Files submitted in this way are subject to detailed manual analysis, not automated analysis by the Instant Malware Analysis facility.
  • Submission may fail if server load is high. Please resubmit these files manually using the submit button. Occasionally files persistently fail to submit. Please report this as a bug.
  • If files are analysed and declared safe they are automatically added to the cloud and local Trusted Files list, and removed from the sandbox. ‘Scanned online and found safe’ events are logged and action is taken as above.
  • If files are analysed and found malicious, they are added to Comodo’s antivirus blacklist, your copy of CIS is notified and will issue the normal AV alert, offering you the option of quarantining or deleting the files, when the file is next scanned or run. If it is run before it is scanned, then a ‘scanned online and found malicious’ event will be logged in the Defense plus event logs.
  • Note that this means that you are not informed immediately or directly regarding the results of the analysis. CIS behaviour changes next time the program is scanned or run - events are logged at that time. Only if the program is malware is an alert issued.
  • Files may take some time to be analysed. If you cannot wait for files to be analysed, you can submit them for automated analysis see here. If you need certainty you will need to wait for the results of the detailed analysis.[/ol]

I understand that Comodo is currently working to improve the rate of file processing by using more automated methods, and by uploading millions more signatures to reduce the processing backlog.

[i]Please help us improve this FAQ entry by posting suggestions to the ‘Sandbox help materials - Feedback’ topic here. This topic has been prepared by a volunteer moderator – with input from many other moderators and Comodo staff members. (Thanks everyone, especially Panic, Kail, Ronny, Egemen & Matty_R). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more about this topic. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.

[/i]