i can confirm that malicious files can be detected by the cloud ultra fast. I had today a couple of files that were sandboxed automatically submitted and detected as malicious in less than 1 minute. With unknown safe files the situation is different but people may just put files from a sandbox to trusted themselves. I had some Radeon driver components sandbox and i just put them manually to my trusted files
If you are asking me then yes winword is in the list. I am using Microsoft Office 2000 & it was always sandboxed from the time autosandboxed was introduced.
CIS 5 also autosandboxed MS Office. Though I know MS Office is a safe program & can be shift from Unrecognized to Trusted, but I was waiting for the automatic shift. After 4-5 days Office was still in the Unrecognized so I tried Online Lookup & Excel & Powerpoint were shown safe & shifted to Trusted Lists but Word & Access are still Unknown why??
I asked this to a Dev & provided screenshot of Unrecognized Lists. He is looking into the matter & will reply accordingly.
I want to know if a file is in Unrecognized Lists for few days coz it is unknown, will it be shifted automatically to Trusted Lists when it is declared safe?? Or I will have to perform the Online Lookup manually??
Few info on MS Office I think I should give here
MS office 2000 was preinstalled on the system. I didn’t got any CD. I dont know if its a Trial Version, Full Version or an OEM version. But its working fine, only thing is I cannot update it coz update asks for a CD which I dont have. I got this system in 2006.
How can I check if its Digitally Signed or not?? In Program Files - Microsoft Office - If I check the properties of Word, Excel, etc there is no Digital Signatures tab. If its not Digitally Signed, this may be the reason for autosandbox.
After a process runs in sandbox, it can not be terminated or switched outside sandbox just because file has been found safe in later scan. Once application is considered safe, CIS ensures that next execution happens outside sandbox.
But for these processes sandbox is disabled & the verdict is unknown. And these processes are from the beginning - I mean when CIS is installed & restarted the processes are there in this way sandbox disabled & verdict unknown.
When I installed CIS 5 for the first time there were app 10 Processes unknown. But when I reinstalled CIS after 12 days then few processes were trusted & the number of unknown processes were reduced to 6. That means few processes were declared safe so when I reinstalled CIS after few days the number of unknown processes reduced.
Thats why i asked the unknown processes are automatically set to trusted or not when declared safe.
I always install CIS 5 connected to net coz CIS 5 installation performs cloud lookup for running processes & the results can be seen in trusted files after installation.
When I first installed CIS on 14th the release date 10 processes were unknown.
After few days I reinstalled CIS then out of 10 unknown 4 processes were declared safe & 6 remain unknown.
Today I again reinstalled & now out of 6 unknown 2 processes are declared safe & 4 are unknown now.
This means that when the processes unknown are declared safe the verdict in the Active processes Lists is changed from unknown to trusted, but this trusted verdict I can see only when I reinstall CIS & not in the already installed CIS - I mean a processes in my active lists is unknown & the processes was declared safe by comodo so the verdict for this unknown process should automatically change to trusted but this is not happening. It is always unknown, but if I reinstall CIS the verdict is trusted.
So I wanted to know the verdict of the uknown processes automatically changes to trusted or not when the unknown process is declared trusted by comodo.