COMODO Internet Security 8.2.0.4508 is released!

[Nirv5668]

The CCE version integrated into the CIS and the standalone should be identical.

CCE is OK... it does search for hidden services and rootkits, but all of the standalone scanners I have tried are nothing spectacular. I think MBAM does a better job of cleaning up remnants.

CCE is just another utility added to the CIS package. I haven't noticed any difference between CCE and the built-in CIS scan engine.

Did you notice the issue start after Microsoft Tuesday updates?

Hmmm, that is a good question re: Tues. updates. I'm not sure. As I don't even try to use CCE that often, its hard to say when this started. I'm sure there were updates in that time period. I will look through and see if there is anything that sticks out, but not sure I can completely track it down.

 

[hjlbx]

I don't know if CCE even creates a dump if it crashes ... nor do I know the directory.

Even if you do find the dump - without the symbol files to interpret it - it really is of no help.

You'd have to submit a technical support ticket... and they will have you go through the whole uninstall - reinstall, change this setting, etc - rigmarole for two weeks via e-mail and may never ask for the .dmp file. I know they'll ask you to clean install CIS as that is part of their routine.

Is all that worth it to use CCE?

I have it on my system but never use it... I use MBAM and EEK - since CCE duplicates the CIS scan engine for the most part.

CCE is superfluous - absolutely not necessary - I think it's just added as another "toy" to beef-up the CIS package. Others, I'm sure, will disagree but I stand by that opinion.

CCE is the one item that is of no significant value to CIS.

 

[Nirv5668]

You'd have to submit a technical support ticket... and they will have you go through the whole uninstall - reinstall, change this setting, etc - rigmarole for two weeks via e-mail and may never ask for the .dmp file. I know they'll ask you to clean install CIS as that is part of their routine.

Is all that worth it to use CCE?

I'm thinking not. I can't believe they didn't ask me to try this actually. I'm laughing at this description, I haven't had this with Comodo, but have with others. Very accurate!...I e-mailed Comodo on this with the logs that I had and they said they were forwarding to developers. That was it. I thought others might have run into it here. But, if it isn't so exciting as a scanner, its not worth it. I have lots of other on demand scanners

 

[Deleted member 2913]

CCE is just another utility added to the CIS package. I haven't noticed any difference between CCE and the built-in CIS scan engine.

The difference between CCE & CIS engine I had noticed when I use to do malware test for personal review of security software-

If I remember correctly-

CCE uses medium heuristics setting & CIS uses low.
CCE scans for suspicious mbr.
CCE scans for system settings modification.

Hold "shift" & start CCE will kill all active malware/suspicious/unknown processes to perform scan.

 

[Nirv5668]

The difference between CCE & CIS engine I had noticed when I use to do malware test for personal review of security software-

If I remember correctly-

CCE uses medium heuristics setting & CIS uses low.
CCE scans for suspicious mbr.
CCE scans for system settings modification.

Hold "shift" & start CCE will kill all active malware/suspicious/unknown processes to perform scan.

Tried it and it was really cool- basically the whole screen went black except the CCE scanner. It seems to stop almost everything. Unfortunately, it still crashed, but that is a useful feature if it eventually works or on other computers . I guess I can feel more confident it isn't being crashed by malware. Thanks!

 

[hjlbx]

Tried it and it was really cool- basically the whole screen went black except the CCE scanner. It seems to stop almost everything. Unfortunately, it still crashed, but that is a useful feature if it eventually works or on other computers . I guess I can feel more confident it isn't being crashed by malware. Thanks!

What's it saying in Windows Reliability Monitor?

 

[Nirv5668]

What's it saying in Windows Reliability Monitor?

I think it is the same information I got from event viewer, but Problem= Stopped Working, Status=Report Sent.
Here are the details:

Spoiler: Problem Details

Description
Faulting Application Path: C:\Program Files\COMODO\COMODO Internet Security\cce.exe

Problem signature
Problem Event Name: APPCRASH
Application Name: cce.exe
Application Version: 8.2.0.4508
Application Timestamp: 551c2a05
Fault Module Name: ntdll.dll
Fault Module Version: 6.3.9600.17736
Fault Module Timestamp: 550f4336
Exception Code: c0000005
Exception Offset: 000000000005473b
OS Version: 6.3.9600.2.0.0.256.48
Locale ID: 1033
Additional Information 1: abcc
Additional Information 2: abcc8f7853b48d9807d6d51eb1fa5df9
Additional Information 3: abcc
Additional Information 4: abcc8f7853b48d9807d6d51eb1fa5df9

Extra information about the problem
Bucket ID: 7df1016121fe88bf7e4efb7daebb1682 (86066951531)

 

[hjlbx]

I think it is the same information I got from event viewer, but Problem= Stopped Working, Status=Report Sent.
Here are the details:

Spoiler: Problem Details

Description
Faulting Application Path: C:\Program Files\COMODO\COMODO Internet Security\cce.exe

Problem signature
Problem Event Name: APPCRASH
Application Name: cce.exe
Application Version: 8.2.0.4508
Application Timestamp: 551c2a05
Fault Module Name: ntdll.dll
Fault Module Version: 6.3.9600.17736
Fault Module Timestamp: 550f4336
Exception Code: c0000005
Exception Offset: 000000000005473b
OS Version: 6.3.9600.2.0.0.256.48
Locale ID: 1033
Additional Information 1: abcc
Additional Information 2: abcc8f7853b48d9807d6d51eb1fa5df9
Additional Information 3: abcc
Additional Information 4: abcc8f7853b48d9807d6d51eb1fa5df9

Extra information about the problem
Bucket ID: 7df1016121fe88bf7e4efb7daebb1682 (86066951531)

If you want to go through the rigmarole you can launch CCE, get a mem dump using Procdump or Task Mgr, then submit to Comodo tech support. ... c what they say.

 

[Nirv5668]

Anecdotal, but it seems like Comodo's signatures are working well. I noticed a scheduled scan detected "TrojWare.JS.Agent.PD@300743807" in Chrome cache. I uploaded extracted .js from stream to VT and Comodo is the only one detecting it- https://www.virustotal.com/en/file/...e7ddafb104c3ba077ca6fbfe/analysis/1430055611/

Shortly before scheduled scan, I had some weird bitcoin pop-up window (I think the first pop-up I have seen in years) and I'm fairly certain it is related to that. I will upload the javascript from the cache stream file to malware section, maybe its unrelated FP, but the timing seems right. Its kind of concerning this couldn't be blocked in real-time, but I guess that is lack of web shield. I'm not sure what the .js did, but is it an example of something that auto-sandbox, HIPS, etc. can't block? I guess real-time AV is not considering cache files or has some issue with streams b/c archived?

Hopefully this did nothing beyond cache...

 

[Nirv5668]

If you want to go through the rigmarole you can launch CCE, get a mem dump using Procdump or Task Mgr, then submit to Comodo tech support. ... c what they say.

That's a good idea, I will try that if I can. Thanks!

 

[hjlbx]

Anecdotal, but it seems like Comodo's signatures are working well. I noticed a scheduled scan detected "TrojWare.JS.Agent.PD@300743807" in Chrome cache. I uploaded extracted .js from stream to VT and Comodo is the only one detecting it- https://www.virustotal.com/en/file/...e7ddafb104c3ba077ca6fbfe/analysis/1430055611/

Shortly before scheduled scan, I had some weird bitcoin pop-up window (I think the first pop-up I have seen in years) and I'm fairly certain it is related to that. I will upload the javascript from the cache stream file to malware section, maybe its unrelated FP, but the timing seems right. Its kind of concerning this couldn't be blocked in real-time, but I guess that is lack of web shield. I'm not sure what the .js did, but is it an example of something that auto-sandbox, HIPS, etc. can't block? I guess real-time AV is not considering cache files or has some issue with streams b/c archived?

Hopefully this did nothing beyond cache...

HIPS and AS will detect, alert and isolate any unknown script file when it executes...even from AppData/Temp folders.

Comodo didn't detect because signature is very new = only Comodo detecting at this time...just added very recently.

Make sense ?

 

[Nirv5668]

HIPS and AS will detect, alert and isolate any unknown script file when it executes...even from AppData/Temp folders.

Comodo didn't detect because signature is very new = only Comodo detecting at this time...just added very recently.

Make sense ?

Ok, so if I had re-created the scenario after Comodo had signature (after scheduled scan where detected)- gone to same websites, etc. When the file was created in cache, Comodo's real-time protection would have alerted. Interesting...okay, I think that is pretty good for Comodo's signatures then. This was 4 days ago and still Comodo is the only one detecting it.

 

[hjlbx]

It could b file was rated as safe or was in cache but inactive. If it was detected by scan it is more likely it was inactive. ... just lying dormant.

 

[CQWE]

Ok, so if I had re-created the scenario after Comodo had signature (after scheduled scan where detected)- gone to same websites, etc. When the file was created in cache, Comodo's real-time protection would have alerted. Interesting...okay, I think that is pretty good for Comodo's signatures then. This was 4 days ago and still Comodo is the only one detecting it.

Doubt it, I have never gotten real-time protection notification about trojware.js.agent.pd@300743807.. Though full system scan has detected and removed it 15 times from my system, since 2015-03-20.

Seems like Comodos real-time protection fails to detect it and it keeps either reinstalling itself or get added from some website I frequent. Comodo appears to be absolutely useless when it comes to trojware.js.agent.pd@300743807