Have you seen the “Lucky You” feature in Valkyrie?
1)This shows, by checking with Virustotal, if the unknown file submitted that turned to be malware (after analysis), was detected by anyone in the AV industry at the time of submission.
2)This does the same thing, but compares a specific vendor. In the settings you can choose who your specific vendor was.
This way you can see how LUCKY you are that you switched to Comodo. Because each and every one of these that are not detected would have been a guaranteed infection
I see that, we can even select our favorite AV software. New Valkyrie is very powerfull :-TU I will be happy if it will be integrated into CIS.
Because this Valkyrie is only for Comodo Cloud AV, “integration to CIS” is under discussion
Yes, maybe Virsucope more important than Valkyrie implementation. In my opinion, when offline, Viruscope is the only shield that analyze the sandboxed process. It can stop the sandboxed malicious actvity while offline.
I am looking forward to Viruscope updates more :-TU
Signature database is one defense line. Valkyrie is much different, so it will not affect the signature database, but increase overall detection rates. Once a file is verdicted, it will of course be reflected on all products.
Thank you for this question. Valkyrie is fully operational now for Comodo Cloud Antivirus, but we are also developing new features (such as “Category-based Filtering”) and they will be added.
As for how it works: when an unknown file is found, Cloud Antivirus sends the file to Valkyrie, and it returns the verdict of the file.
The way it gives the verdict is very different though. It performs various different analysis including tens of different static detections, based on file static attributes + it performs a dynamic analysis by running the application in a virtual environment and monitors its behaviors for more than 1000+ features. Then it combines all the resulting activities and find outs the malware file (or clean if it is not).
What’s the max file size that gets uploaded? Can the user change the max file size? If not, will the user be able to do so in the future? Are executable files compressed before sending? If not, will this be the case in the future?
Does CIS also send the file to valkyrie? If not, will it in the future?
Why aren’t they compressed? With LZMA2 compression, even using the lowest setting yields better results than standard Deflate. You’d save tons of bandwidth, but you’d offload that on decompression load on the CPU’s on your servers. Is that the reason you guys are avoiding compression of submitted samples?