Advice Request A question about Auto-Containment and VirusCope

[Nagisa]

Would COMODO Auto-Containment/VirusCope module (running program under restriction or virtualization and tracing its activity) interfere with antiviruses' behaviour blockers?

 

[Back3]

I had Comodo with Auto-Containment/VirusCope/Hips at CS settings for nearly 2 years with Windows Defender then Kaspersky Cloud Free and , later, F-Secure Safe without issues. I began to have bugs with Windows 20H2. My computer froze steadily. At first, I disabled HiPS.Then tried Comodo with Windows Defender.Same issues. Eventually, I said bye to Comodo. I just kept F-Secure Safe...

 

[RoboMan]

Maybe. The fact a file is ran in a cointainer still means it's run IN your computer, but on a "virtualized folder", a path still scanned by your antivirus. So, despite it's sandboxed, your antivirus will still detect the file if it were malicious. So maybe a couple of alerts and deletion errors.

 

[bribon77]

I've had the Comodo Firewall and Emsisoft for a long time, and it hasn't given me any problems. If you have to exclude one from the other.
But usually the faster Auto-Containment/ than the Emsisoft blocker when it came to detecting malware.

I haven't tried it with other Avs, but it is important to exclude one from the other so that there is no interference.

 

[ForgottenSeer 89360]

Would COMODO Auto-Containment/VirusCope module (running program under restriction or virtualization and tracing its activity) interfere with antiviruses' behaviour blockers?

Do you mean other AV’s behavioural blocker or COMODO VirusCope?

If you mean others, than no. They usually hook processes, where hook works as a sensor, reporting to a backend, which then processes data and takes a decision. Running a program virtualised doesn’t prevent the hooking and won’t mislead the classifiers, as most behavioural blockers have now been around for a while and have been well polished. I’ve done tests with malware in sandbox and it has been classified just fine.

There is malware that classifies and removes itself upon detecting virtualisation.

As for the VirusCope, I haven’t tested COMODO after VirusCope release and can’t comment. A test from your side can answer this question. You probably know my philosophy now

 

[Nagisa]

Running a program virtualised doesn’t prevent the hooking and won’t mislead the classifiers

Yeah this is what I asked. So looks like if I run a malware under restriction (partially limited/limited/restricted/untrusted) or virtualisation, it won't prevent the hooking of others, nor cause performance issue arised from confliction of two vendors.

 

[ColonelMal]

I had Comodo with Auto-Containment/VirusCope/Hips at CS settings for nearly 2 years with Windows Defender then Kaspersky Cloud Free and , later, F-Secure Safe without issues. I began to have bugs with Windows 20H2. My computer froze steadily. At first, I disabled HiPS.Then tried Comodo with Windows Defender.Same issues. Eventually, I said bye to Comodo. I just kept F-Secure Safe...

I have been using Comodo for a short time (about two months) with Auto-Containment and VirusScope, but not HIPS, at CS settings and with Windows Defender. I haven't had any problem with it before and after installing 20H2. Note that I haven't enabled HIPS because if I understand correctly CS does not favor enabling it.

 

[Back3]

True, CS doesn't favor using HIPS.....

 

[Nagisa]

There is no reason to turn on HIPS at CS settings because all unrecognized files will already be run virtualized. But in addition to that, I experience lag when HIPS is enabled on my computers.