Ah I misunderstood the cached help files, when I read them I thought VirusScope was only for the Sandbox (Which I thought was really confusing since it would be more valuable outisde of it) but now reading this made me re-read the cached help files and see that it actually monitors applications outside of the sandbox too. That’s good to know.
Even those in trusted files list?
I’m not sure about that one, all I know about Viruscope is what I read here: http://webcache.googleusercontent.com/search?q=cache:ixxjhpgsOHQJ:help.comodo.com/topic-72-1-522-6307-.html+&cd=2&hl=en&ct=clnk&gl=uk
Yes but it does not alert on them. Discussion is going on about that.
Has anyone actually tested Viruscope with settings i’ve asked about and got detections with it?
Viruscope has a very limited set of recognisers currently active:
It is Comodo’s plan to add more recognisers over time. They can be brought in by the updater mechanism if I’m not mistaken. Viruscope at this point is not an alternative for D+/Sandbox.
Tests with malware have been done, and detections where seen.
Any idea how Viruscope rules can be updated? Only via program update or they can add new detections with virus usual definitions?
No, as usual definitions, like Dyna rules I’d say. During update process, CIS will also check for new recognisers.
Hopefully they will add more rules during beta and not long after final release…
IDK how the process will work.
Personally I believe it would be a good idea to test them during beta and see any negative effects now rather than after “full” release where more damage could be done. I mean, isn’t that what beta is for? ;D
Sounds like the behavior blocker is in the early stages. I am sure they will make it more effective over time.
Yes 
I am really glad to see Comodo adding new features. They are really stepping up the usefulness of CIS. :-TU
I understand that the BB will be improved based on new rules, new monitoring actions…
Will this new rules be reflected somewhere like when in the HIPS you can see whitelisted programs, or it will be hidden for the end-users?
I think it would be nice to have the rules listed in CIS something like
svchost.exe || Rules version 1.23 (23 actions monitored)
Tested on real system XP SP3 32
CIS7 Beta Default IS config but AutoSandbox disabled.
Modern Theme was applied.
Website Filtering - I thought its not working but it works though not that good. Logs showed it blocked few sites. There is no notification for blocked sites. CIS should notify.
AutoSandbox - If AutoSandbox is disabled then installers monitoring i.e Unlimited Rights is disabled too i.e installers are allowed, right? Is this new change? This is good for those who wants to use only FW & AV.
Can anyone confirm this beta blocks or corrupts Google Chrome? Google Chrome didn’t open & gave error.
Viruscope - I tested for this. I didn’t get any popup. Does it issues popup with name Viruscope or the popups are same i.e AV popup for this too. I didn’t get any alert named Viruscope.
I tested with quite a few malware. 7-8 malware active processes were there. I got a popup from CIS that to complete the process CIS needs to restart the system. After restart (restart took 15-20 mins) no malware active processes were there. No malware entries in msconfig - startup. Nothing malicious autostarted. CCE - Quick Repair showed no modifications/disabled.
I dont know if Viruscope did anything here. Logs showed nothing about Viruscope. There was nothing in Programs Folder related to those 7-8 malware processes.
After restart everything in CIS was intact, only show notifications was unchecked.
Applying databases takes longer & slow down the system more compared to V6.
It is heavy compared to V6.
its probably not worth testing the new features in CIS against malware yet. They have to build there database of urls and VC recognizers. Remember they are starting from scratch so it isnt blocking much yet.
I know but did a little test.
And during update (I did manual update) Viruscope update failed & about screen Viruscope was blank. I tried the update again & it succeeded & Viruscope showed recognizer. This was not an initial update. It was an incremental update.
I was able to provoke the Web Filtering but couldn’t get any popups from Viruscope. I guess i wasn’t launching the right malware…