Viruscope works if Autosandbox/HIPS is disabled?

I’m wondering if Viruscope will actually function if Auto-sandbox and HIPS are both set to Disabled? For example, you want behavior blocking functionality, but you don’t want to be bothered with any Auto-sandbox and HIPS popups. Just when it actually detects malicious activity?

Yes, and it works even better when auto-sandbox is disabled. The final goal would be for VC to work with auto-sandboxed apps (monitoring virtualised apps) and alerting user. But it’s hard and will take time to be fully working.
VC will work better with auto-sandbox disabled for now.

Hmm… why would you need auto-sandbox (unless set to fully virtualized), when you have VC? I mean when it’ll become populated with triggers.

Ah I misunderstood the cached help files, when I read them I thought VirusScope was only for the Sandbox (Which I thought was really confusing since it would be more valuable outisde of it) but now reading this made me re-read the cached help files and see that it actually monitors applications outside of the sandbox too. That’s good to know.

Even those in trusted files list?

I’m not sure about that one, all I know about Viruscope is what I read here:

Yes but it does not alert on them. Discussion is going on about that.

Has anyone actually tested Viruscope with settings i’ve asked about and got detections with it?

Viruscope has a very limited set of recognisers currently active:

It is Comodo’s plan to add more recognisers over time. They can be brought in by the updater mechanism if I’m not mistaken. Viruscope at this point is not an alternative for D+/Sandbox.

Tests with malware have been done, and detections where seen.

Any idea how Viruscope rules can be updated? Only via program update or they can add new detections with virus usual definitions?

No, as usual definitions, like Dyna rules I’d say. During update process, CIS will also check for new recognisers.

Hopefully they will add more rules during beta and not long after final release…

IDK how the process will work.

Personally I believe it would be a good idea to test them during beta and see any negative effects now rather than after “full” release where more damage could be done. I mean, isn’t that what beta is for? ;D

Sounds like the behavior blocker is in the early stages. I am sure they will make it more effective over time.

Yes :slight_smile:

I am really glad to see Comodo adding new features. They are really stepping up the usefulness of CIS. :-TU

I understand that the BB will be improved based on new rules, new monitoring actions…
Will this new rules be reflected somewhere like when in the HIPS you can see whitelisted programs, or it will be hidden for the end-users?

I think it would be nice to have the rules listed in CIS something like
svchost.exe || Rules version 1.23 (23 actions monitored)

Tested on real system XP SP3 32
CIS7 Beta Default IS config but AutoSandbox disabled.
Modern Theme was applied.

Website Filtering - I thought its not working but it works though not that good. Logs showed it blocked few sites. There is no notification for blocked sites. CIS should notify.

AutoSandbox - If AutoSandbox is disabled then installers monitoring i.e Unlimited Rights is disabled too i.e installers are allowed, right? Is this new change? This is good for those who wants to use only FW & AV.

Can anyone confirm this beta blocks or corrupts Google Chrome? Google Chrome didn’t open & gave error.

Viruscope - I tested for this. I didn’t get any popup. Does it issues popup with name Viruscope or the popups are same i.e AV popup for this too. I didn’t get any alert named Viruscope.
I tested with quite a few malware. 7-8 malware active processes were there. I got a popup from CIS that to complete the process CIS needs to restart the system. After restart (restart took 15-20 mins) no malware active processes were there. No malware entries in msconfig - startup. Nothing malicious autostarted. CCE - Quick Repair showed no modifications/disabled.
I dont know if Viruscope did anything here. Logs showed nothing about Viruscope. There was nothing in Programs Folder related to those 7-8 malware processes.

After restart everything in CIS was intact, only show notifications was unchecked.

Applying databases takes longer & slow down the system more compared to V6.

It is heavy compared to V6.