When you submit a file to VirusTotal for scanning, we may store it and [u][b]share it with the anti-malware and security industry[/b][/u] (normally the companies that participate in VirusTotal receive files containing virus samples that their engines do not detect and are catalogued as malware by at least one other engine).
Question : Is it redundant to submit malware samples to COMODO that were already shared on VirusTotal ?
"Comodo takes pride in maintaining the most accurate and up-to-date database of viruses and malware. User submitted files are a very important element in helping us to maintain this accuracy." http://www.comodo.com/home/internet-security/submit.php
Submit malware or suspicious files allow a deeper analysis of the behavior of these samples, and help map new techniques used by malware developers in a shorter time.
Despite the CIS use technology containment - signatures are important for the detection of certain threats and mainly for usability.
The important thing is to send samples by CIS or CIMA, or if a threat may not have been detected is also interesting to share the SHA1 or link of VirusTotal here, so it can be analyzed.
My understanding is that it’s not redundant. It is true that all samples submitted to Virustotal will be forwarded to Comodo for analysis.
However, the number of samples coming from Virustotal is very large. I assume, although I’m not sure, that they likely run these new samples through CIMA for detection. However, for those which are not detected there they are likely placed in a long queue, or perhaps sometimes not checked at all. I’m really not sure.
However, especially for speed of adding samples to the database, it is definitely not redundant to submit them to Comodo directly. That will receive a much higher priority for manual submission, if necessary.
If that is true (and I hope it’s not) then it’s plain wrong. And I doubt it as it seems silly.
Let’s say that the number of samples is the actual problem => Comodo should take initiative to prioritize by file requests (the number of users that request the verdict of file). Seems fair enough.
Not sure. Sometimes the “whitelisting team” request the actual files (even though those are present on VirusTotal) as I’ve noted from my slight observations but this might be correct as you need to whitelist the whole product.
If they do then I can’t see any notice about their relationship with companies that create packers. In conclusion, even if you do try to analyze these files, you don’t know what they are and it results in a bad file verdict. My point of view.
They may do something like this to prioritize. However, I am not sure as I am not Comodo staff. That said, it seems to me that submitting it manually is still worthwhile because it ensures that it cannot fall between the cracks of such an algorithm.
I have seen this as well, and am not sure why they don’t always have access to the actual files. Sorry, not sure.