Comodo Cloud Antivirus 1.6.400585.347 is Released

[yigido]

Hello Friends,

Here we are very excited and happy to announce that Comodo Cloud Antivirus 1.6.400585.347 new version is now released !

Comodo Cloud Antivirus is getting stronger with each new release with its unique systems Valkyrie server and Default Deny Platform. We will keep the dynamic releases coming accordingly!

*Defaul Deny Platform: Protection before Infection does not requires Detection *

As we always discuss here,we believe in Protection before you face the infection so that you actually won’t need the detection! CCAV and Valkyrie teams are doing their best behind the scene to provide you best protection with advanced methods and new implementations !

***You , being the most important participant of this protection chain, help us to improve the product with your feedbacks . We are the warriors against the unknowns, you make us more powerful ! Internet will be a more secure place with the help of Comodo users !***

Please always keep in mind that this product is being shaped with your feedbacks, this is your product! Please keep providing your feedbacks for us to serve you the best!

Note: Users with previous versions installed will receive an update with this release.

Thank you very much to you all in advance !!

What's new in 1.6.400585.347?

• Generic support of Trusted Installers: Files created /launched by trusted installers are trusted automatically.

• Browser Protection increased usability: On default settings any attempt will be blocked, notification will be shown when an application is blocked for the 1st time. Plus, this will be added as a rule automatically after attempt is blocked under the settings >browser settings protection.You can change the rule afterwards or if you prefer you can simply disable the browser protection.

Spoiler: Screenshot

• Advanced Data Reporting: For suspicious unknown files reporting to FLS server, we now have advanced data collection to increase the efficiency and decrease the time spent on file analysis done .


Download Location

Comodo Cloud Antivirus Hotfix V1.6.400585.347
http://download.comodo.com/ccav/installers/ccav_installer.exe

 

[shmu26]

what to do if unknown files keep getting sandboxed?
Even if I click on "don't sandbox again", certain files get sandboxed again anyways, depending on their location.
what is workaround for this issue?

 

[yigido]

what to do if unknown files keep getting sandboxed?
Even if I click on "don't sandbox again", certain files get sandboxed again anyways, depending on their location.
what is workaround for this issue?

I have this problem too on some files whihc starts at system start. I do not why. I added the folder into exclusion but still sandboxed.
Set the the sandbox "Ask me when an unknown wants to run" so you can not let him run in sandbox.

Can you please send me the files, if those are not precious files

 

[shmu26]

I have this problem too on some files whihc starts at system start. I do not why. I added the folder into exclusion but still sandboxed.
Set the the sandbox "Ask me when an unknown wants to run" so you can not let him run in sandbox.

Can you please send me the files, if those are not precious files

this time around, I installed CIS in proactive mode, and believe it or not, I am not having the problem at all.

 

[yigido]

this time around, I installed CIS in proactive mode, and believe it or not, I am not having the problem at all.

CIS has better sandbox. I am also using CIS 10 now and beside the sandbox.. now Viruscope is also great

 

[shmu26]

CIS has better sandbox. I am also using CIS 10 now and beside the sandbox.. now Viruscope is also great

I just downloaded now from comodo site, but I got version 8

should I run virusscope on all files, or only sandboxed ones?

 

[yigido]

I just downloaded now from comodo site, but I got version 8

should I run virusscope on all files, or only sandboxed ones?

CIS 10's virsucope better than v8.. by the way.
I keep Virsucope enabled for all processes..against some trusted malwares If malware passed sandbox (trusted malware, they are very rare)
then virsucope and HIPS there

 

[woodrowbone]

Doing a full scan, getting the old problem back: Could not connect to the cloud server...
Is this product going forward or backwards?

/W

 

[shmu26]

would you recommend upgrading to version 10, and where is link?
is there a way to export my HIPS and autosandbox and firewall and other various settings from 8 to 10?

 

[yigido]

would you recommend upgrading to version 10, and where is link?
is there a way to export my HIPS and autosandbox and firewall and other various settings from 8 to 10?

It is BETA.. you should expect BSODs maybe..
You can get it from Comodo Beta forum section (account needed)

After upgrading software from previous version (for ex. From v7 to v8).. the transfering settings not recommended!
Clean install preferred.

 

[shmu26]

It is BETA.. you should expect BSODs maybe..
You can get it from Comodo Beta forum section (account needed)

After upgrading software from previous version (for ex. From v7 to v8).. the transfering settings not recommended!
Clean install preferred.

do you run your browser in comodo sandbox?
if I understand it right, comodo has one big sandbox for all, so if you run browser in sandbox, then it is vulnerable to all the junk that fell in from autosandboxing, unless you empty sandbox every time

 

[yigido]

do you run your browser in comodo sandbox?
if I understand it right, comodo has one big sandbox for all, so if you run browser in sandbox, then it is vulnerable to all the junk that fell in from autosandboxing, unless you empty sandbox every time

No, I am not using my browser in sandbox but as you can see there is a widget on desktop. You can use it.
https://help.comodo.com/topic-72-1-451-5141-.html

 

[shmu26]

No, I am not using my browser in sandbox but as you can see there is a widget on desktop. You can use it.
https://help.comodo.com/topic-72-1-451-5141-.html

thanks again
another question: when CIS is in proactive mode, how does handle the trusted vendors list? Does it automatically trust any and every file with a sig from a trusted vendor? Or only if the file is also on the known files list?

 

[yigido]

thanks again
another question: when CIS is in proactive mode, how does handle the trusted vendors list? Does it automatically trust any and every file with a sig from a trusted vendor? Or only if the file is also on the known files list?

Proactive security configuration makes Comodo a beast! Ultimate security configuration.

There are 2 lists of trusted files.
1 - Cloud list of trusted files + trusted new vendors
2 - Trusted Vendor List (local)

with proactive security configuration, all unknowns will be sandboxed!
Lets say,

You have a file on your desktop (no matter where it came from internet, a USB etc.. It is myfile.exe

* You clicked on myfile.exe to run.. CIS checks it with its cloud list + TVL.. if the file has digital signature in TVL, then you are free to run it without any restriction.
* It can has digital signature but not all digital signatures on internet in Trusted Vendors Lists..Do you know that many adwares these days digitally signed! so it got sandboxed.
* It can be a file without a digital signature..so CIS checks it with cloud..because it can be a safe file without a digital signature. If the file marked as safe on cloud, then it will be allowed to run.

Else, your myfile.exe will get sandboxed! No escape! Because it is unknown and it is suspicious. We cannot let unknowns run on our system.

 

[shmu26]

* You clicked on myfile.exe to run.. CIS checks it with its cloud list + TVL.. if the file has digital signature in TVL, then you are free to run it without any restriction.

So if it has sig from TVL, but file is not on cloud list, then it is autosandboxed?
The reason I am asking is because I want to know whether I should cut down the TVL to a short list of vendors I need to trust, or just leave it at default.

 

[yigido]

So if it has sig from TVL, but file is not on cloud list, then it is autosandboxed?
The reason I am asking is because I want to know whether I should cut down the TVL to a short list of vendors I need to trust, or just leave it at default.

Both works, sometimes new vendors added to TVL but on cloud. Your file can have a digital signature that doesn't exist in TVL but in cloud TVL So you can run your file again freely.
My suggest is leave it default, it will give you great easy of use. You cannot know which vendor is lying on your system.
Let's say you disabled many of the vendors in TVL..then you should be ready for many sandboxed files and alerts.. You cannot handle it.

Do you want a suggestion?
You set Proactive config (thats very good move)
Disable HIPS (to prevent more alerts, if you love HIPS don't do that) Actually I am not using HIPS.

Left the other settings as default. Believe me, you will be secure! This is what I am using for years.
Run rating scan and find "unknown" files on your system. Please send them to Comodo for whitelisting for all of ours sake.

 

[shmu26]

Both works, sometimes new vendors added to TVL but on cloud. Your file can have a digital signature that doesn't exist in TVL but in cloud TVL So you can run your file again freely.
My suggest is leave it default, it will give you great easy of use. You cannot know which vendor is lying on your system.
Let's say you disabled many of the vendors in TVL..then you should be ready for many sandboxed files and alerts.. You cannot handle it.

Do you want a suggestion?
You set Proactive config (thats very good move)
Disable HIPS (to prevent more alerts, if you love HIPS don't do that) Actually I am not using HIPS.

Left the other settings as default. Believe me, you will be secure! This is what I am using for years.
Run rating scan and find "unknown" files on your system. Please send them to Comodo for whitelisting for all of ours sake.

this is the issue that I am concerned about: there are thousands of trusted vendors on the list. It is possible for malware authors to forge, steal or buy some of those sigs. In this scenario, system is in danger of infection, correct?

 

[yigido]

this is the issue that I am concerned about: there are thousands of trusted vendors on the list. It is possible for malware authors to forge, steal or buy some of those sigs. In this scenario, system is in danger of infection, correct?

TVL has very strict rules, it is so hard to enter this list. 2 years ago, there are some vendors in it those are adwares but Comodo deleted them from TVL. This is what I say "trusted malware"..but those are very fewand rare.. You cannot find them.. and this is why we have layers in CIS HIPS, Firewall, Viruscope (and Valkyrie soon)
How many malwares you can stop with this default deny system? I can assure you %99,9999999..
What about others? They even cannot protect you from ransomwares..
Comodo is great about preventing ransom actions.

 

[yigido]

@shmu26 Please read
When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo

 

[shmu26]

TVL has very strict rules, it is so hard to enter this list. 2 years ago, there are some vendors in it those are adwares but Comodo deleted them from TVL. This is what I say "trusted malware"..but those are very fewand rare.. You cannot find them.. and this is why we have layers in CIS HIPS, Firewall, Viruscope (and Valkyrie soon)
How many malwares you can stop with this default deny system? I can assure you %99,9999999..
What about others? They even cannot protect you from ransomwares..
Comodo is great about preventing ransom actions.

thanks for explanations.
it sounds like CIS autosandbox works a little differently from CCAV autosandbox. In the latter, if I understand right, a file will only be trusted if it fulfills two conditions: signature is in TVL, and file is in "known files" list.