App Review Comodo Cloud AV - Autosandbox only - petya bypassed

[AtlBo]

@shmu26. I don't. Sort of unusual story behind the pic. I created this program using Excel to create an index to measure professional golfers success rates. This was purely for fun. So this is my thinker. He appears in the most important section where the most thinking is required:

He reads and studies previous golf scores and helps me determine who might win this week. Youre a thinker shmu26, so Im sure you can understand and no surprise you wear this type of thinking man's hat I suppose

 

[509322]

Instead of speculating - and kicking nonsense back-and-forth - why doesn't someone just report the issue to COMODO and wait for their no-reply... ?

 

[SHvFl]

Instead of speculating - and kicking nonsense back-and-forth - why doesn't someone just report the issue to COMODO and wait for their no-reply... ?

Because they want an essay in order to report it? You must agree there whole bug process is beyond stupid.

 

[509322]

Because they want an essay in order to report it? You must agree there whole bug process is beyond stupid.

Melih has openly stated on the forum that if anyone finds a malware that smashes a COMODO product to simply submit the file to him directly.

No bug report needed, but I would include any CCAV video links.

 

[SHvFl]

Melih has openly stated on the forum that if anyone finds a malware that smashes a COMODO product to simply submit the file to him directly.

No bug report needed, but I would include any CCAV video links.

Sure i can pm him the info i was not aware of this. Will let you know how it goes. Thanks.

EDIT: Pmed him. I believe he will say the product is meant to work with all modules together and if all enabled it's stopped(signature and crap like that)

 

[509322]

Sure i can pm him the info i was not aware of this. Will let you know how it goes. Thanks.

EDIT: Pmed him. I believe he will say the product is meant to work with all modules together and if all enabled it's stopped(signature and crap like that)

You made the submission. That's all one can do. It is what it is.

 

[SHvFl]

You made the submission. That's all one can do. It is what it is.

We will see. WIll post his reply here if he replies.

 

[509322]

We will see. WIll post his reply here if he replies.

I will give you the reply right now: "Thanks"

You won't get any explanation as to what happened, why it happened, or details of what was fixed. That's why I made the earlier reference to "speculation" and "no-reply."

To be honest, I probably wouldn't release any details to user-land either - or would make them general\vague enough so as not to give anyone any ideas.

 

[vivid]

The faq is wrong.
Comodo Cloud Antivirus version 1.8.405758.403 is Released!!! - News / Announcements / Feedback - CCAV

I'm not using CCAV but I followed topics from time to time. CCAV is a different.
In the past (initially), they used per-application sandbox. Nowadays, they switched to CIS-like sandbox structure.

 

[Rodney74]

Spawm- CCAV is totally inferior to the other Comodo products. With it, they are just pandering to the masses who are hung up on the antiquated "Anti-Virus" method of protection. CF is much more elegant and will provide superior protection.

Just my opinion, but I am always correct...

That's what I like, a woman with an opinion, and it's right....No denial here.

 

[509322]

I had correspondence with Melih about CCAV early on.

CCAV with auto-sandboxing was created as Melih's answer to Sandboxie.

Because of system-wide auto-sandboxing, file reputation lookup (cloud AV) was implemented - so as not to auto-sandbox your entire system.

He could have chosen to make a setting "Do no auto-sandbox critical system files [C:\Windows]," but he never did like this option. It's obvious that he chose to port what he could from existing COMODO file lookup infrastructure.

The whole AV \cloud part of CCAV\CIS is to prevent auto-sandboxing of known safe files, the auto-blocking of known bad files, and auto-sandboxing of only unknown\untrusted files. That's the theory anyway. In practice, there are too many safe files that are unknown to COMODO - like AMD graphics drivers. That sort of stuff gets auto-sandboxed and is a real annoyance - even though the workaround is easy for those that know how to use the product.

 

[Rodney74]

I had correspondence with Melih about CCAV early on.

CCAV with auto-sandboxing was created as Melih's answer to Sandboxie.

Because of system-wide auto-sandboxing, file reputation lookup (cloud AV) was implemented - so as not to auto-sandbox your entire system.

He could have chosen to make a setting "Do no auto-sandbox critical system files [C:\Windows]," but he never did like this option. It's obvious that he chose to port what he could from existing COMODO file lookup infrastructure.

The whole AV \cloud part of CCAV\CIS is to prevent auto-sandboxing of known safe files, the auto-blocking of known bad files, and auto-sandboxing of only unknown\untrusted files. That's the theory anyway. In practice, there are too many safe files that are unknown to COMODO - like AMD graphics drivers. That sort of stuff gets auto-sandboxed and is a real annoyance - even though the workaround is easy for those that know how to use the product.

SO It's similar to PC Matic ?

 

[Rodney74]

SO It's similar to PC Matic ?

I mean white listing and all.

 

[509322]

I mean white listing and all.

Whitelisting is at the core of CCAV\CFW\CIS. Without it, they would auto-sandbox the system to death.

 

[shmu26]

@shmu26. I don't. Sort of unusual story behind the pic. I created this program using Excel to create an index to measure professional golfers success rates. This was purely for fun. So this is my thinker. He appears in the most important section where the most thinking is required:

View attachment 133787

He reads and studies previous golf scores and helps me determine who might win this week. Youre a thinker shmu26, so Im sure you can understand and no surprise you wear this type of thinking man's hat I suppose

so that's my thinking hat, then. I didn't even know!

 

[shmu26]

I will give you the reply right now: "Thanks"

You won't get any explanation as to what happened, why it happened, or details of what was fixed. That's why I made the earlier reference to "speculation" and "no-reply."

To be honest, I probably wouldn't release any details to user-land either - or would make them general\vague enough so as not to give anyone any ideas.

I understand where this is coming from, but the problem is that the users don't understand how COMODO works, so they don't get intended behavior.

from COMODO devotees I usually get cryptic answers that leave me scratching my head. And there is a reason for this. No one actually knows how it works.

 

[cruelsister]

I don't know if anyone has brought this up before, but there is a great deal of difference in how CCAV and CF/CIS is coded with respect to efficiency.

As some may know about VM's , a person can dictate how much recourses are utilized by the virtual environment. Whenever I test a new product I will vary the amount of resources used by the VM, going from Real Fast PC down to Really Crappy POS PC. With CF (and CIS to a similar but slightly lesser extent), it is as Light as a Feather and Quick as a Bunny across the board; with CCAV the lower settings make the product onerous to use, and at the lowest setting simply intolerable.

I infer from this that (and I may be totally incorrect) there has to be two separate development teams, on for the CF/CIS products and another for CCAV. So just as the elegance of the coding varies, so can the efficiency of the Sandbox (plus, as everyone knows that Comodo's AV leaves a great deal to be desired, Why Oh Why would anyone use something that highlights it?).

 

[shmu26]

I don't know if anyone has brought this up before, but there is a great deal of difference in how CCAV and CF/CIS is coded with respect to efficiency.

As some may know about VM's , a person can dictate how much recourses are utilized by the virtual environment. Whenever I test a new product I will vary the amount of resources used by the VM, going from Real Fast PC down to Really Crappy POS PC. With CF (and CIS to a similar but slightly lesser extent), it is as Light as a Feather and Quick as a Bunny across the board; with CCAV the lower settings make the product onerous to use, and at the lowest setting simply intolerable.

I infer from this that (and I may be totally incorrect) there has to be two separate development teams, on for the CF/CIS products and another for CCAV. So just as the elegance of the coding varies, so can the efficiency of the Sandbox (plus, as everyone knows that Comodo's AV leaves a great deal to be desired, Why Oh Why would anyone use something that highlights it?).

thanks for sharing that. very interesting and very important, too.
I think it was @Evjl's Rain who mentioned high CPU when running CCAV. Maybe that's related?

 

[509322]

from COMODO devotees I usually get cryptic answers that leave me scratching my head.

That's because they are speaking to you in Latin.

You should reply in Aramaic.

Because of where you are from, and the fact that you are smart, you will have no trouble decrypting the multi-layered nuances contained in these two short sentences.

 

[shmu26]

That's because they are speaking to you in Latin.

You should reply in Aramaic.

Because of where you are from, and the fact that you are smart, you will have no trouble decrypting the multi-layered nuances contained in these two short sentences.

indeed, latin and aramaic have been at odds for a long time...