Hello,
What scan options does the right-click “Scan with Comodo Antivirus” use?
- Cloud
- Heuristics
???
Thanks,
HJLBX
Scans for malware are static; they’re compared to white / black-lists, i.e. the A/V defs. Unknown files are looked up in the “cloud”. The file will then be deemed either black or white or unknown. If the latter the file is submitted to Comodo servers for analysis.
Heuristics only come into play concerning file access. This functionality is dependent upon the A/V security configuration, i.e., on-access or stateful. The former incurs overhead penalty of malware scan every time a file is accessed. The latter incurs the penalty only for those files accessed since the last A/V defs update. If a file has been scanned since the last A/V defs update, it is not checked, [shadow=red,left]deemed[/shadow] to be safe, and accessed immediately.
Frankly, I advise against scans of any sort. This is most especially true if CIS Defense + HIPS is implemented; any arbitrary file that was determined to be clean can not arbitrarily become malicious without the actions of some process. Processes do not mysteriously arise without having permissions to do so, nor can another process or file be altered without the altering process having explicit permission to do so.
Even if none of the other components were implemented, CIS A/V provides robust security in that files are always scanned per configuration, i.e., either stateful or on-access. So for a system critical process, e.g., SVCHost, to become compromised implies something else has to compromise it and that something will get scanned when it executes. Furthermore, after updating A/V defs file, all processes previously deemed safe are examined - at least once - to see if they actually indeed are safe. This is accomplished utilizing CRC technology; changing a single bit in a billion teraquad file will change the CRC value and will NOT be construed as the previously deemed safe file.
I was wondering what scan options the right-click “Scan with Comodo Anti-Virus” uses…
Does it simply use the “Full Scan” settings defined by the user ?
It’s a minor detail that is not clear.
Just for knowledge, that’s all…
Thanks,
HJLBX
Hi guys, see the quote below.
Kind regards.
Thanks CaptainSticks,
That’s the infos I was searching for…
Since a typical user will only be scanning a single file or folder, following the “Full Scan” options works fine; I do not think the context menu scan needs to have its own configuration - at least on my part.
However, such options would perhaps meet individual, highly specific needs of those that wish to have a more targeted context menu scan.
Thanks again…
Best Regards,
HJLBX
My previous post was vague regarding ‘heuristic’ analysis. This is applied to images that are inconclusive concerning white / black-lists either local host or in-cloud. As such, the jury is still out and heuristics apply, i.e., CIS A/V engine observes the behavior of the unknown organism and if the unknown organism’s actions are observed to be outright malicious or deemed suspicious the CIS A/V engine throws a flag on the play. Said file is immediately put into the Quarantine folder. That flag, however, is subject to video review and may be overruled by making said process / image implicitly ‘safe’ - by placing into the exclude list - and becomes immune to subsequent flags thrown because of its actions.
Thank You, WxMan1
Your explanation of heuristics is thorough, plus there is some key infos regarding how the AV scans work in relation to when the signature database was updated.
It’s perfectly clear.
Best Regards,
HJLBX
You are welcome. 