Comodo Cloud AV -- only 3 MB--- with full containment and sandboxing included

Status
Not open for further replies.
M

Moose

Level 22
Jun 14, 2011
2,271
Salutations, Friends!

> Wondering if Comodo Cloud AV will work with AV's?
> Also, will it be as light as Webroot?
> Cleaning abilities? Detection? Protection?
 
Sven

Sven

Level 10
Verified
Well-known
Nov 5, 2013
478
Comodo is not a detection-depended antivirus solution, it's more of a prevention one. That makes me wonder, how Comodo will act now. Two different softwares at the moment ; CIS and Cloud. One depends on cloud (this one) and other one (CIS) on... hmmm.. what the heck?! Why they did not implement the Cloud feature to CIS already and put more trust and efforts into their already well-known product?
 
  • Like
Reactions: Solarlynx and Cats-4_Owners-2
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
There is already cloud componenet in CIS:

Perform cloud based behavior analysis of unrecognized files – When checked, any file that is marked as unrecognized and is sent to the Comodo Instant Malware Analysis (CIMA) server for behavior analysis. Each file is executed in a virtual environment on Comodo servers and tested to determine whether it contains any malicious code. The results will be sent back to your computer in around 15 minutes. Comodo recommends users leave this setting enabled (Default=Enabled).

More details. The behavior analysis system is a cloud based service that is used to help determine whether an unknown file is safe or malicious. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all activities, host state changes and network activity will be recorded. The list of behaviors recorded during this analysis can include information about processes spawned, files and registry keys modified, network activity, and other changes. If these behaviors are found to be malicious then the signature of the executable is automatically added to the antivirus black list. If no malicious behavior is recorded then the file is placed into 'Unrecognized Files' (for execution within the sandbox) and will be submitted to our technicians for further checks. The behavior analysis system takes around 15 minutes to report its results back to CIS. If the executable is deemed a threat then it will be automatically quarantined or deleted. This threat report is also used to update the global black list databases and therefore benefit all CIS users.

Automatically scan unrecognized files in the cloud – Selecting this option will automatically submit unrecognized files to our File Lookup Server to check whether or not they are on the master Comodo white list or black-list (White list = files that are known to be safe. Black list = files that are known to be malware) and the files are rated accordingly. The important features of the cloud based scanning are:

  • Cloud based Whitelisting: Safe files and trusted vendors and trusted publishers can be easily identified;
  • Cloud based Antivirus: Malicious files can be detected even if the users do not have an up-to-date local antivirus database or a local antivirus database at all;
  • Cloud Based Behavior Analysis: Zero-day malware can be instantly detected by Comodo’s cloud based behavior analysis system, CIMA.
The cloud scanning, complemented by automatic sandboxing and application isolation technologies, is very extremely fast and powerful in preventing PC infection even without a traditional antivirus signature database while keeping the user interaction at minimal levels.

Comodo recommends users leave this setting enabled (Default = Enabled).
 
  • Like
Reactions: AyeAyeCaptain, Davidov, Solarquest and 3 others
Andrew999

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
Janl92l said:
yes but not fully functional like the new one. valkyre and other components are implemented with this cloud av. so the detection rate will be much more higher than the normal cis at this time.
Click to expand...
that's great I hope the detection will be a bit better then. I like good detection even though people say it is not the most important thing in a antivirus program.
 
  • Like
Reactions: Cats-4_Owners-2
H

hjlbx

Cloud AV I think Melih is serious about it... I think Melih is in the process of building a malware database system that will compete with Virus Total. I have no official confirmation of this. My statement is just based on what I have seen over the years, especially the last two years...

Why even worry about detection when Comodo can be configured to either contain and\or block any Unrecognized files ?

With correct settings CIS will behave exactly the same as the AppGuard + Sandboxie combo. All the additional CIS block settings are simply more layers of protection (e.g. Block by HIPS, Block by Firewall) beyond the sandbox.

The only way a malware is going to get past CIS configured for anti-executable is if:

1. The file completely disables CIS; or
2. The user allows it to run.

Like everything Comodo, it behooves one to be patient. All one can do is wait and see what becomes of it all...
 
  • Like
Reactions: AyeAyeCaptain, Cats-4_Owners-2, Online_Sword and 1 other person
S

SD-ahmad

Level 1
Verified
Aug 24, 2013
34
973614580.png
 
  • Like
Reactions: Andrew999
Alex BK

Alex BK

Level 2
Verified
Apr 23, 2015
69
hjlbx said:
Cloud AV I think Melih is serious about it... I think Melih is in the process of building a malware database system that will compete with Virus Total. I have no official confirmation of this. My statement is just based on what I have seen over the years, especially the last two years...

Why even worry about detection when Comodo can be configured to either contain and\or block any Unrecognized files ?

With correct settings CIS will behave exactly the same as the AppGuard + Sandboxie combo. All the additional CIS block settings are simply more layers of protection (e.g. Block by HIPS, Block by Firewall) beyond the sandbox.

The only way a malware is going to get past CIS configured for anti-executable is if:

1. The file completely disables CIS; or
2. The user allows it to run.

Like everything Comodo, it behooves one to be patient. All one can do is wait and see what becomes of it all...
Click to expand...

Sorry, but a product based only on "unrecognized file" detection system is incomplete and misleading... What if I download 2 executables: game.exe and virus.exe... Both are unrecognized but game.exe is a legit game and virus.exe is a malicious file??? Maybe I don't know who to trust and I remove game.exe and execute virus.exe? Virus detection is EXTREMELY important to have, even classic signatures are good, not to mention HIPS-like things, behavioral modules and so on...

So the statement: "Why even worry about detection when Comodo can be configured to either contain and\or block any Unrecognized files ?" is a great joke.
 
  • Like
Reactions: AyeAyeCaptain, Nightwalker and Anupam
Anupam

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
Alex BK said:
Sorry, but a product based only on "unrecognized file" detection system is incomplete and misleading... What if I download 2 executables: game.exe and virus.exe... Both are unrecognized but game.exe is a legit game and virus.exe is a malicious file??? Maybe I don't know who to trust and I remove game.exe and execute virus.exe? Virus detection is EXTREMELY important to have, even classic signatures are good, not to mention HIPS-like things, behavioral modules and so on...

So the statement: "Why even worry about detection when Comodo can be configured to either contain and\or block any Unrecognized files ?" is a great joke.
Click to expand...

I completely agree with you. Few people thinks default denial is the best protection. Well if I know every new file will be treated as malware then why I need AV. My UAC also tells me the same :p
 
  • Like
Reactions: Nightwalker and Alex BK
Alex BK

Alex BK

Level 2
Verified
Apr 23, 2015
69
Anupam said:
I completely agree with you. Few people thinks default denial is the best protection. Well if I know every new file will be treated as malware then why I need AV. My UAC also tells me the same :p
Click to expand...

Exactly. Why should I burden my system with that kind of program if UAC does the same? Also, I can't figure out why people are trying to hide the fact that COMODO is in a bad spot right now, slowly going downhill... OK, it's a product with nice features, cool history, free, but why should we hide the fact that its detection ratio is poor and disappointing and maybe they should fix that rather than working on a new product that requires a lot of effort and attention...I don't get it. I've been using COMODO since its 5th version but a couple a months ago a program update of the latest release of CIS nearly destroyed my OS because of an error that caused lots of BSODs... People forgive, but I can't forgive that, the BSODs were very frequent until I decided to uninstall and all problems ceased. Maybe they should polish CIS rather than releasing pointless stuff.
 
  • Like
Reactions: Nightwalker and Cats-4_Owners-2
D

Deleted member 2913

Janl92l said:
yes but not fully functional like the new one. valkyre and other components are implemented with this cloud av. so the detection rate will be much more higher than the normal cis at this time.
Click to expand...
Where did you get this info?
And if Valkyrie will be implemented with this then I think it will be implemented with CIS too.

So Its kind of a stripped down CIS & like CFW minus FW.
The good thing is the installer size & no added bloatware. Download/Install would be quick.

And I think this is a pure cloud AV. By pure cloud AV I mean execution/running of files will be blocked for the cloud verdict. Like Panda cloud vendor mention the default max time block is 30 secs for the cloud verdict but 99.99% cloud verdict will be instant & users will not notice delay in file execution, etc... Panda cloud use to have this option i.e you can increase/decrease the max time. Dont know if the new/latest Panda cloud still have the option. Bd free & I think all cloud AVs acts this way i.e block execution for cloud verdict.

I think Cloud part in CIS is not a pure cloud AV i.e doesn't blocks file execution/running of files for cloud verdict. I think its simply an online/cloud connection for online/cloud databases.
 
  • Like
Reactions: Av Gurus
Status
Not open for further replies.

Similar threads

Lymphocyte
    • Like
    • +Reputation
Security News ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Replies
0
Views
2,488
Security News
Lymphocyte
Lymphocyte
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
2,984
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
oldschool
    • +Reputation
    • Like
    • Thanks
Privacy News Protecting Your Privacy While Eroding Your Democracy: Apple's and Mozilla's PPAs (Privacy Preserving Ad Attribution) Considered Harmful
Replies
2
Views
448
Security News
bazang
bazang

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top