standalone autosandbox

[Jon79]

something like the current CCAV, but without the realtime AV e Valkyrie.
Just cloud lookup to check if a file is in the whitelist or blacklist, a sandbox to automatically sandbox unknown and viruscope to revert changes.
or, if you prefer, CFW without firewall and HIPS

[wasgij6]

Couldnt you run CCAV with the AV disabled?

[Jon79]

i guess i'll have a red X and a warning... plus, i dont think i'd be able to run it alongside another av

[wasgij6]

yea i guess that would be a workaround until the functionality/product gets developed. Instead of a new product i think the best option would be to add an option in ccav to have on demand scanning only instead of realtime.

[Jon79]

Well, actually, if what umesh said will become true:

Finally it will have a light local AV (with zero performance overhead) and a light firewall added to it.

CCAV could become more intresting as it.

But with a standalone autosandbox, anyone could build up his/her own best security pack (for example, tinywall + comodo autosandbox + qihoo 360)

[Graham1]

I would also like to see a standalone Sandbox application. Ideally, this being Comodo's flagship product (no CIS or CCAV) but making it modular so that you can include (during or post installation) additional modules like a firewall, antivirus (inc. cloud based lookup), hips and any future technologies that may come and go.

I'm really buying into the sandbox (virtualization) protection as the main form of protection but I can understand Comodo's approach to including other modules by default (i.e CIS with antivirus or firewall or CCAV with antivirus) as most users "still" believe this offers the best protection.

Regarding making said Comodo product compatible with other third party security products, good idea but must be tricky/hard work for Comodo developers to acheive this.

[Jon79]

... making it modular so that you can include (during or post installation) additional modules like a firewall, antivirus (inc. cloud based lookup), hips and any future technologies that may come and go.

Yeah, that would be the best

I'm really buying into the sandbox (virtualization) protection as the main form of protection but I can understand Comodo's approach to including other modules by default (i.e CIS with antivirus or firewall or CCAV with antivirus) as most users "still" believe this offers the best protection.

Totally agree, average users just check the detection rate, something Comodo has never been on top...

Regarding making said Comodo product compatible with other third party security products, good idea but must be tricky/hard work for Comodo developers to acheive this.

I think if they just remove (or make an option to disable) realtime protection, then there should not be any compatibility issue

[Umesh]

I see this as a request for a product "Comodo Sandbox".

Lets create a poll and see the interest.

[qmarius]

I thought there is a poll already. At least, that's what I voted for.
https://forums.comodo.com/news-announcements-feedback-cis/standlone-comodo-virtual-kiosk-t93891.0.html

[Umesh]

Thanks for pointing.

Let us come up with a proposition of exact nature of it.

I thought there is a poll already. At least, that's what I voted for.
https://forums.comodo.com/news-announcements-feedback-cis/standlone-comodo-virtual-kiosk-t93891.0.html

[Umesh]

What do you guys think about following proposition:
- On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.

What this means:
- You can still run it along with any other AV products.
- There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
- You have all the benefits of Cloud
- You still have default deny i.e. if file unknown, it runs in Sandbox.

So you have a mix of
"Low Impact on System" + "Default-Deny" + "Traditional AV detection" + "Compatibility with any other AV product".

and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch other AV  and rely on light weight product that protects you against old, new and yet to born viruses as that's the future of client security as traditional detection approach can not be sustained.

Your feedback is appreciated.

Thanks
-umesh

[Jon79]

What do you guys think about following proposition:
- On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.

What this means:
- You can still run it along with any other AV products.
- There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
- You have all the benefits of Cloud
- You still have default deny i.e. if file unknown, it runs in Sandbox.

So you have a mix of
"Low Impact on System" + "Default-Deny" + "Traditional AV detection" + "Compatibility with any other AV product".

and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch other AV  and rely on light weight product that protects you against old, new and yet to born viruses as that's the future of client security as traditional detection approach can not be sustained.

Your feedback is appreciated.

Thanks
-umesh

It seems a nice idea

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

My idea is to get a CFW without HIPS and with a light FW (maybe relying on Windows Firewall and just adding the outgoing filtering. Or just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):

• Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
• Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
• Viruscope like it is now

[khanyash]

umesh,

I kinda like the idea........

What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

[Umesh]

Hi Jon79,

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?

It's out of CCAV i.e. the way CCAV works, where we have Valkyrie integrated and a promise of ZERO-unknown running in system. Soon we are going to get into a state where we can start giving SLA for files to be cleaned up either safe or malware. Work in progress.

I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

Comodo Firewall is a great product but not everyone understands Firewall(except very technical people like you  ), people look for AV, which can do other things.

just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):

Sure can be added as an option in this product for advanced users.

It seems a nice idea

Just a question: how will it decide if the file is bad, good or unknown? By cloud lookup (like in CFW)?
I'd avoid the traditional AV signatures, I like the way CFW works, purely on cloud.

My idea is to get a CFW without HIPS and with a light FW (maybe relying on Windows Firewall and just adding the outgoing filtering. Or just a simple option to block internet connection to apps that run in the sandbox - something similar to Qihoo 360's sandbox):

• Cloud lookup to decide if a file is good (whitelisted), bad (blacklisted) or unknown
• Auto-sandbox to block execution of bad files and to run unknown files inside the sandbox (plus the option to block internet connection to files running inside the sandbox)
• Viruscope like it is now

[Umesh]

What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?

You see, there are different types of malware, some malware are of type where each instance of malware is totally distinct per PC and for any cloud product, it must be uploaded unless it can be stopped based on further malicious behavior, for which we have recognizers aimed in CCAV, recognizers can be supported by additional detection routines which can identify these unique instances also.

Considering scanning over head is only for files running in Sandbox, you won't even like to turn off.

umesh,

I kinda like the idea........

What do you mean by "Traditional Signatures"?.........And how it will be implemented for detection?