Would COMODO Auto-Containment/VirusCope module (running program under restriction or virtualization and tracing its activity) interfere with antiviruses' behaviour blockers?
A question about Auto-Containment and VirusCope
- Thread starter Nagisa
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
I had Comodo with Auto-Containment/VirusCope/Hips at CS settings for nearly 2 years with Windows Defender then Kaspersky Cloud Free and , later, F-Secure Safe without issues. I began to have bugs with Windows 20H2. My computer froze steadily. At first, I disabled HiPS.Then tried Comodo with Windows Defender.Same issues. Eventually, I said bye to Comodo. I just kept F-Secure Safe...
Last edited:
RoboMan
Level 38
Verified
Honorary Member
Top Poster
Content Creator
Well-known
High Reputation
Forum Veteran
Maybe. The fact a file is ran in a cointainer still means it's run IN your computer, but on a "virtualized folder", a path still scanned by your antivirus. So, despite it's sandboxed, your antivirus will still detect the file if it were malicious. So maybe a couple of alerts and deletion errors.
I've had the Comodo Firewall and Emsisoft for a long time, and it hasn't given me any problems. If you have to exclude one from the other.
But usually the faster Auto-Containment/ than the Emsisoft blocker when it came to detecting malware.
I haven't tried it with other Avs, but it is important to exclude one from the other so that there is no interference.
But usually the faster Auto-Containment/ than the Emsisoft blocker when it came to detecting malware.
I haven't tried it with other Avs, but it is important to exclude one from the other so that there is no interference.
Last edited:
F
ForgottenSeer 89360
Do you mean other AV’s behavioural blocker or COMODO VirusCope?
If you mean others, than no. They usually hook processes, where hook works as a sensor, reporting to a backend, which then processes data and takes a decision. Running a program virtualised doesn’t prevent the hooking and won’t mislead the classifiers, as most behavioural blockers have now been around for a while and have been well polished. I’ve done tests with malware in sandbox and it has been classified just fine.
There is malware that classifies and removes itself upon detecting virtualisation.
As for the VirusCope, I haven’t tested COMODO after VirusCope release and can’t comment. A test from your side can answer this question. You probably know my philosophy now
Last edited by a moderator:
Yeah this is what I asked. So looks like if I run a malware under restriction (partially limited/limited/restricted/untrusted) or virtualisation, it won't prevent the hooking of others, nor cause performance issue arised from confliction of two vendors.
I have been using Comodo for a short time (about two months) with Auto-Containment and VirusScope, but not HIPS, at CS settings and with Windows Defender. I haven't had any problem with it before and after installing 20H2. Note that I haven't enabled HIPS because if I understand correctly CS does not favor enabling it.
There is no reason to turn on HIPS at CS settings because all unrecognized files will already be run virtualized. But in addition to that, I experience lag when HIPS is enabled on my computers.
You may also like...
-
Why Don’t Major AV Vendors Use Auto-Containment Like Comodo?
- Started by NoveyBoy
- Replies: 23
-
Did I download a malicious clone of WinMerge?
- Started by Studynxx
- Replies: 9
-
-
-
