Change the way CCAV connect to COMODO DNS/server (bandwidth eater)

[vitim]

Please change the way CCAV keep connecting to the COMODO DNS/servers so it can stop eating user bandwidth. If possible, change CCAV behavior to only lookup to the cloud when an unrecognized file is running.

On the way it is now CCAV keeps connecting to the cloud and sending data without stop and this cause problems for users with limited bandwidth. In my case, in 30 minutes CCAV sended about 50mb to the cloud. In other user case he alleged that CCAV sended about 1gb of data to the cloud. This is sick. It has to stop.

And by stoping it CCAV will eventualy use less memory ram than what it takes right now.

[khanyash]

+1

In my case in 1 & half - 2 hour it sent app 1.29 GB data.

I thought it sends hash. Sending hash of programs should be very little, right?

Is it sending full executable? Whats the reason of huge bandwidth usage?

[vitim]

and I guess its it that is causing the ram usage going high...

ccav has great potential but right now its a mess. sadly.. offcourse.. Im waiting to see if they will atleast "read" these wishlists posted by me and others.

on the other hand, im waiting for cis 9 hoping it will come with the same gui as ccav, its light and nice...

[Sanya IV Litvyak]

It is also sending files that haven't been seen yet to Valkyrie (up to 20 MB per file) If I understand correctly. Although it seems farfetched that that would amount to 1.29 GB... Perhaps failed uploads so it tries again many times? I don't know, just making guesses.

[BuketB]

Hello guys, yessnoo,

QA will be checking the bandwidth problem and inform back to us about what is the reason behind and how we can improve . We should also consider  that for now CCAV makes auto analysis for each installer on endpoint with Valyrie submission.  Will get back to you once we get further information from QA s .

Kind Regards,
Buket

+1

In my case in 1 & half - 2 hour it sent app 1.29 GB data.

I thought it sends hash. Sending hash of programs should be very little, right?

Is it sending full executable? Whats the reason of huge bandwidth usage?

[khanyash]

It is also sending files that haven't been seen yet to Valkyrie (up to 20 MB per file) If I understand correctly. Although it seems farfetched that that would amount to 1.29 GB... Perhaps failed uploads so it tries again many times? I don't know, just making guesses.

I was testing CCAV usability. I had all the programs latest installer already downloaded before CCAV installation.

Before test I checked my net usage with my ISP website. It was at 884 MB. I shutdown the system. After an hour when I started the test I again checked my net usage it was at 884 MB.

I started the test. The programs installed were Bluestacks, Andy Android, DriverTalent, TeraCopy, HDSentinel & few portable software. I didn't do any browsing, no programs update during test & no Windows Updates, nothing, etc...

After test when I checked my net usage it was at app 2175 MB.

Why CCAV sends executable? Why not hash or hash only?

[Sanya IV Litvyak]

Why CCAV sends executable? Why not hash or hash only?

I'd imagine it's hard to do behavioral analysis of a hash?

Edit: I think it uses both hash and upload, first hash and if the file hasn't been seen by Comodo before then CCAV uploads it to Valkyrie and tests it. <- Assumption based on nothing.

Edit 2: I still think 1.29 GB of data is excessive for uploading executables though, that's roughly 1320 MB and I think Valkyrie has a file size limit of 20 MB which means 1320 divided by 20, which equals roughly 66 files of exactly 20 MB... So it does seem like something is wrong.

Edit 3: Just to be clear, it couldn't have been one of the applications you installed during the test that also contributed to the used data? Just wondering if CCAV was really the cause of the 1.29 GB of data or if all the installed applications + portable apps could have caused a portion of that too?

[EricJH]

Hello guys, yessnoo,
We should also consider  that for now CCAV makes auto analysis for each installer on endpoint with Valyrie submission.

Buket

Could you rephrase this? I am not quite understanding what you are saying I'm afraid. 

[khanyash]

Edit 3: Just to be clear, it couldn't have been one of the applications you installed during the test that also contributed to the used data? Just wondering if CCAV was really the cause of the 1.29 GB of data or if all the installed applications + portable apps could have caused a portion of that too?

No none of the already installed or programs installed/portable for usability test, etc... downloaded/updated/upgraded anything.

Either CCAV is uploading every executable accessed, And could be 20MB limit as you say is not working i.e uploading executable more than 20MB limit.

And I also performed quick scan. May be quick scan is also doing the same thing i.e uploading every executable scanned & also executable more than 20MB.

Anf if hash is not found in the database & for behavior analyze executable upload is needed...would be good to have an option to upload or not or ask before upload, etc...with default upload limit option like you mentioned 20MB.

[khanyash]

Could you rephrase this? I am not quite understanding what you are saying I'm afraid. 

I hope he doesn't mean currently CCAV uploads any/all installers to analyze with Valkyrie irrespective of the installers already present in the database or not.

[EricJH]

I hope he doesn't mean currently CCAV uploads any/all installers to analyze with Valkyrie irrespective of the installers already present in the database or not.

That's what I am trying to figure out. If that is the case that would be bizarre.

[vitim]

Hello guys, yessnoo,

QA will be checking the bandwidth problem and inform back to us about what is the reason behind and how we can improve . We should also consider  that for now CCAV makes auto analysis for each installer on endpoint with Valyrie submission.  Will get back to you once we get further information from QA s .

Kind Regards,
Buket

any answers from QA?

[Flykite]

Hi ,guys ,vitim , yessnooo ,


   I have two questions about your test ：
   
   1 do you run some files in sandbox ?
   2 do you run some installers ?
 
  CCAV  upload these files to analyze with Valkyrie if valkyrie server does not have these files ,next version we will change the way


  Best regards
 

[EricJH]

Is Valkyrie not hooked up to the regular Comodo Cloud? Could you comment on the changes you are talking about?

[vitim]

Hi ,guys ,vitim , yessnooo ,


   I have two questions about your test ：
   
   1 do you run some files in sandbox ?
   2 do you run some installers ?
 
  CCAV  upload these files to analyze with Valkyrie if valkyrie server does not have these files ,next version we will change the way


  Best regards

Hi Fly.

No files on sandbox and no installers running. In fact, nothing was running when i was testing it. I just installed it, rebooted the computer and let the pc on my desktop to see whats going on and thats when I saw the issue related on this topic. What are going to change on next version? Is it already getting tested in hq?