Viruscope - how it works

Thanks I’ll pass that on to Comodo.

The value of having a list of process activities accessible from each alert (HIPS/FW/ etc) is underestimated I think. OK it’s not all that helpful for the average user though it will have some value, but for experts its great :slight_smile:

More information now posted, having gained permission in second post:
https://forums.comodo.com/beta-corner-cis/viruscope-how-it-works-t101366.0.html;msg735184#msg735184

What is the difference between comodo heuristic and property viruscops

:slight_smile:

What Comodo currently calls heuristics in AV/D+ is static heuristics - checks file characteristics and potential for damaging behavior. Viruscope is dynamic heuristics - monitors actual program behavior.

Great! Thank you for the info. :-TU

Thank you :azn:

Is it just me or the “Recognizers” entry in Updater means behavioral detection rules for Viruscope?

Yes please see my notes here

That way VC will be updated regularly instead of once every few months. :slight_smile:

Hmm, so I think I just had my first run-in with Viruscope and it was rather confusing.

Just as an early warning, I have Firewall Beta installed which does not have the AV component at all. HIPS is running in Paranoid Mode and Auto-Sandbox is disabled.

What the effects were is that it caused one of my (esoteric) games to be unable to properly create and sometimes load saved games. In HIPS rules, it is considered an Allowed Application and the save files are in its own %APPDATA% folder. The files are certainly binary, but they’re not executable.

Turning off Viruscope immediately fixed the problem. It sounded like I should have seen an alert of some kind if Viruscope was doing some sort of trickery. Is it because the AV component is not installed? I certainly can’t view the AV logs because the AV components are not installed.

Please do report this as a bug, in the Beta bugs forum, using the bug reports format.

It’s the sort of thing they need to know about.

Mike

from what i read , Viruscope is kinda similar as Webroot SA rollback feature; it seems to journal the process’ behavior and revert malicious changes of the system if any

I did some more debugging and it seems it had nothing to do with VC rolling back changes, then not showing an alert. It was causing a file sharing violation. cmdagent tried accessing the file before the game was completely done with it, the game went to re-open the file handle and would get a sharing violation and freak out.

Now that I actually know what’s going on, I’ll write that bug report.

Thanks, much appreciated

So. the viruscope, from everything that i have read, is going to replace the cloud technology or not?

No they will compliment each other like all the other layers in CIS