Advice Request CIS Cloud Lookup, what files are being uploaded?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Rwes

New Member
Thread author
Jul 26, 2016
9
Hey guys, I googled this and also checked on MalwareTips and Comodo's forum and I couldn't find an answer to this question anywhere.
CIS Cloud Lookup say's it's analyzing unknown files and uploading them to the cloud, the question is what kind of files does it upload, does it upload only executables or all unknown files? I ask this because Comodo's faq and forum doesn't state the answer anywhere, I have nothing too personal on my PC but I don't like my personal files floating somewhere on Comodo's servers and I want to know if I should disable this or not.
also, will there be a major issue if I disable this?
 
Last edited:
  • Like
Reactions: Logethica

Logethica

Level 13
Verified
Top Poster
Well-known
Jun 24, 2016
636
I think that the files would be converted into MD5-Hashes ,(Correct me if I am wrong fellow MT members) and that those hashes would be sent to the cloud for analysis...
Your actual personal information and file names will not be sent..

FROM WIKIPEDIA...ABOUT MD5#:
MD5 - Wikipedia, the free encyclopedia
MD5 hashes[edit]
The 128-bit (16-byte) MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. The following demonstrates a 43-byte ASCII input and the corresponding MD5 hash:

MD5("The quick brown fox jumps over the lazy dog") =
9e107d9d372bb6826bd81d3542a419d6

Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to the avalanche effect. For example, adding a period to the end of the sentence:

MD5("The quick brown fox jumps over the lazy dog.") =
e4d909c290d0fb1ca068ffaddf22cbd0

The hash of the zero-length string is:

MD5("") =
d41d8cd98f00b204e9800998ecf8427e

The MD5 algorithm is specified for messages consisting of any number of bits; it is not limited to multiples of eight bit (octets, bytes) as shown in the examples above. Some MD5 implementations such as md5sum might be limited to octets, or they might not supportstreaming for messages of an initially undetermined length.
 
  • Like
Reactions: frogboy and Rwes

Rwes

New Member
Thread author
Jul 26, 2016
9
Thanks, I know I read somewhere that it verify the file's hash but it still not clear.
The description still say's the files are being sent to the cloud to be analyzed and I still see Comodo using large sums of data when it scan my PC, I'm no expert but why upload the file when CIS can just check the md5 and compare it against their database?
I wish Comodo's reps have given us a clear answer on this but all I can find is the faq and some answers in their forum that are the same as what's written in the faq.
 
Last edited:
  • Like
Reactions: Logethica

Logethica

Level 13
Verified
Top Poster
Well-known
Jun 24, 2016
636
I'm not sure to be honest @Rwes ..
I don't use Comodo...and I don't mean that to suggest that they are a bad company because they are not.
I know that many respected members here use Comodo software,and knowing how fussy many of us here can be regarding privacy issues I don't think that they would use Comodo if they were sharing/sending actual file data.:)
Stick around and I'm sure that another member will offer an opinion soon;)
I notice that you are a new member here so ..Welcome to MalwareTips:)
This is a great forum,full of friendly people.We would very much like you to stay ,so consider creating an introduction thread and another for your security configuration if you are happy to.
 
  • Like
Reactions: Rwes
H

hjlbx

@yigido needs to chime-in on this discussion.

CIS does not upload all file types, plus there is a size limit.

The file is actually uploaded to COMODO in its entirety - and not just a hash.

The files have to be executable or contain executable code.

*.exes and *.dlls for sure as long as they do not exceed the upload size limit.

Others, like *.log, *.dat, *.txt, etc - I believe are not uploaded.

Not sure on macro files.

What I can't remember is how various script and sub-program file types are handled as there were some changes. @yigido will remember.

Read the COMODO EULA...
 

Rwes

New Member
Thread author
Jul 26, 2016
9
[QUOTE="hjlbx, post: 526819[/QUOTE]
Thanks, you gave me alot of information there! assuming the only drawback is having to manually change the file rating, is it ok to disable analyze unknown files in the cloud and only enable cloud lookup? does cloud lookup upload anything or just compare the hash?
By the way, I searched the eula, can't find anything about this in there.
 
Last edited:
  • Like
Reactions: Logethica

NekoHr

Level 3
Verified
Well-known
Feb 5, 2016
139
I think you would be ok with just cloud lookup. Even if you send to analyze in cloud verdict is not instantaneous so what you do is contribute to cloud lookup base with your uploads and in meantime you are protected with hips or sandbox.
 
  • Like
Reactions: Logethica and Rwes
N

NullByte

Even if you read privacy policy you can't find what they send, if you wanna read about Comodo's Privacy read here, here and here. From my knowledge, Comodo sends: EXE, DLL any type of script they also send every URL or file you download or open (they check it with the cloud and if the file is unknown it's submitted to them).
 
  • Like
Reactions: Logethica
H

hjlbx

Even if you read privacy policy you can't find what they send, if you wanna read about Comodo's Privacy read here, here and here. From my knowledge, Comodo sends: EXE, DLL any type of script they also send every URL or file you download or open (they check it with the cloud and if the file is unknown it's submitted to them).

In a nutshell this is correct. A complete list of the file types submitted isn't published; you learn which ones by doing.
 
  • Like
Reactions: Logethica
N

NullByte

OP should not worry about privacy because it's a sweet dream. This is from Comodo's ToS "Comodo has adopted a privacy policy that governs the use of any personal information collected".

A lot of companies send data even if you uncheck everything so you should not be worried about that. I tested Avast Free a few days ago and even if I unchecked the data sharing (both of them), Avast sent every hour stats to the server (analytics.ff.avast.com). In the end, if you use hacking tools, cracks or other illegal stuff you shouldn't use a few security products.

CCAV is more intrusive then CIS.
 
  • Like
Reactions: Logethica
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top