Thought files would get analysed and marked safe/malicious within 15min, not 24h

There has been a forum wide misunderstanding , including yours truly, prior to release that within the mentioned 15 minutes a file also could be deemed safe.

A file can be deemed malware in 15 minutes.
Deeming a file safe is done by human analysts and is therefor considerably slower.

Thanks. I have already acknowledged my misunderstanding.

i can confirm that malicious files can be detected by the cloud ultra fast. I had today a couple of files that were sandboxed automatically submitted and detected as malicious in less than 1 minute. With unknown safe files the situation is different but people may just put files from a sandbox to trusted themselves. I had some Radeon driver components sandbox and i just put them manually to my trusted files

If you are asking me then yes winword is in the list. I am using Microsoft Office 2000 & it was always sandboxed from the time autosandboxed was introduced.

CIS 5 also autosandboxed MS Office. Though I know MS Office is a safe program & can be shift from Unrecognized to Trusted, but I was waiting for the automatic shift. After 4-5 days Office was still in the Unrecognized so I tried Online Lookup & Excel & Powerpoint were shown safe & shifted to Trusted Lists but Word & Access are still Unknown why??

I asked this to a Dev & provided screenshot of Unrecognized Lists. He is looking into the matter & will reply accordingly.

I want to know if a file is in Unrecognized Lists for few days coz it is unknown, will it be shifted automatically to Trusted Lists when it is declared safe?? Or I will have to perform the Online Lookup manually??

Few info on MS Office I think I should give here

MS office 2000 was preinstalled on the system. I didn’t got any CD. I dont know if its a Trial Version, Full Version or an OEM version. But its working fine, only thing is I cannot update it coz update asks for a CD which I dont have. I got this system in 2006.

How can I check if its Digitally Signed or not?? In Program Files - Microsoft Office - If I check the properties of Word, Excel, etc there is no Digital Signatures tab. If its not Digitally Signed, this may be the reason for autosandbox.

Thanxx
Naren

Files found safe will automatically be moved to Trusted Files as CIS does online lookup for unrecognized files.

Thanks
-umesh

OK Thanxx.

What about MS Office 2000 for which I provided you screenshot of Unrecognized Lists

It’s being looked into. Team is evaluating all instances with those file names we have seen so far so we fix for all possible versions.

Thanks
-umesh

OK Thanxx for the info.

Regards
Naren

Hi naren,

Please verify if files listed in the screenshot are now properly recognized by CIS.

Thanks and regards,
Ionel

4 files are there in the unrecognized Lists. Tried online lookup but unknown. Other files automatically shifted to trusted lists.

MS Word & Outlook is still unknown. Attached is the screenshot.

Thanxx
Naren

[attachment deleted by admin]

Hi naren,

Can you please submit respective files as False-Positives at Comodo Antivirus Database | Submit Files for Malware Analysis and mention in comments section the link to this topic?

Thank you for the feedback!

Regards,
Ionel

MS Word & 1 other file was automatically shifted to trusted lists.

Outlook & 1 other file remain.

Attached is the screenshot.

Thanxx
Naren

P.S. I want to know like files in unrecognized are automatically shifted to trusted when declared safe, processes unknown too are automatically set to trusted or not when declared safe??

[attachment deleted by admin]

Everything is automatically shifted to trusted now. Thanxx.

I want to know one thing.

I want to know like files in unrecognized are automatically shifted to trusted when declared safe, processes unknown too are automatically set to trusted or not when declared safe??

Please elaborate what you mean by ‘processes unknown’.

Thanks
-umesh

I am talking about these.

Attached is the screenshot.

[attachment deleted by admin]

After a process runs in sandbox, it can not be terminated or switched outside sandbox just because file has been found safe in later scan. Once application is considered safe, CIS ensures that next execution happens outside sandbox.

I hope that explains.

Thanks
-umesh

But for these processes sandbox is disabled & the verdict is unknown. And these processes are from the beginning - I mean when CIS is installed & restarted the processes are there in this way sandbox disabled & verdict unknown.

When I installed CIS 5 for the first time there were app 10 Processes unknown. But when I reinstalled CIS after 12 days then few processes were trusted & the number of unknown processes were reduced to 6. That means few processes were declared safe so when I reinstalled CIS after few days the number of unknown processes reduced.

Thats why i asked the unknown processes are automatically set to trusted or not when declared safe.

Every time an unknown application is executed, we check if application is safe or not, if safe, it is added as Trusted Files.
So it applies for all applications.

Thanks
-umesh

I think the underlying question is why a file that is not deemed safe still is run “disabled & the verdict is unknown”. One would expect an unknown file to be sandboxed.

Can you explain this contradiction?

Actually what I wanted to know is that

I always install CIS 5 connected to net coz CIS 5 installation performs cloud lookup for running processes & the results can be seen in trusted files after installation.

When I first installed CIS on 14th the release date 10 processes were unknown.

After few days I reinstalled CIS then out of 10 unknown 4 processes were declared safe & 6 remain unknown.

Today I again reinstalled & now out of 6 unknown 2 processes are declared safe & 4 are unknown now.

This means that when the processes unknown are declared safe the verdict in the Active processes Lists is changed from unknown to trusted, but this trusted verdict I can see only when I reinstall CIS & not in the already installed CIS - I mean a processes in my active lists is unknown & the processes was declared safe by comodo so the verdict for this unknown process should automatically change to trusted but this is not happening. It is always unknown, but if I reinstall CIS the verdict is trusted.

So I wanted to know the verdict of the uknown processes automatically changes to trusted or not when the unknown process is declared trusted by comodo.

Your point is also correct.

Thanxx
Naren