Comodo Online Malware Analysis

L

LabZero

Thread author
After having analyzed online a file with many antivirus to see if is infected or not (example Virustotal), we may need to understand, at least in part, what damage it did to our operating system.

An alternative site that analyzes the behavior of the file is Comodo Automated Analysis System, even here just select the file you want to analyze, accept the terms of use and start to upload.

With this service just a few minutes, and it generates a page where you can find all the features of the parsed file.

Here we have all the registry changes, changes to files and folders in your hard disk, new processes are created and put into execution, files/folders/services/hidden drivers, in the end the verdict about the type of file sent.


Service limits

No service is perfect, the results should be analyzed before deleting files that may be important, there may be false positives with files that have suspicious behavior, similar to a malware, but are actually clean.

http://camas.comodo.com/
 
Y

yigido

Thread author
CAMAS service has 3 verdicts: Suspicious ++ / Suspicious + / Suspicious
In the past all these three findings on samples automatically added to CAV database. This Suspicious verdict gave Comodo users many false positives (Heur.Suspicious detections especially) Comodo users will remember this detections.
But nowadays, only Suspicious ++ / Suspicious + verdicts are added to database. It decreases the false positives.
Upload a sample to CAMAS and wait if the verdicts are suspicious ++ or suspicious +, there is no need to submit the sample to Comodo, the file will be automatically added to databse.
By the way, you can use CAMAS Uploader to send multiple samples to CAMAS.
These are what I want to add. Thanks for the information @Klipsh

Regards,
yigido :)
 
L

LabZero

Thread author
CAMAS service has 3 verdicts: Suspicious ++ / Suspicious + / Suspicious
In the past all these three findings on samples automatically added to CAV database. This Suspicious verdict gave Comodo users many false positives (Heur.Suspicious detections especially) Comodo users will remember this detections.
But nowadays, only Suspicious ++ / Suspicious + verdicts are added to database. It decreases the false positives.
Upload a sample to CAMAS and wait if the verdicts are suspicious ++ or suspicious +, there is no need to submit the sample to Comodo, the file will be automatically added to databse.
By the way, you can use CAMAS Uploader to send multiple samples to CAMAS.
These are what I want to add. Thanks for the information @Klipsh

Regards,
yigido :)
Thank you for this addition @yigido :)
 
Last edited by a moderator:
  • Like
Reactions: yigido

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
I think they changed their name to Comodo Instant Malware Analysis, unless I'm on the wrong site? HAHAH
 

Attachments

  • Screenshot (385).png
    Screenshot (385).png
    128.6 KB · Views: 382
  • Like
Reactions: LabZero
H

hjlbx

Thread author
It is good service, but can be slow... must be patient. One way to help out other Comodo users like @yigido points out: + and ++ files automatically added to database.
 
  • Like
Reactions: LabZero and yigido
Y

yigido

Thread author
"File Submit" feature in Comodo Internet Security also use this CIMA service. CIS uploads your samples to camas.comodo.com.
Also "File Submit" feature can cross-check the files with Comodo File Intelligence, Is it malicious, safe or unknown?
Please check this too : https://file-intelligence.comodo.com/
 
  • Like
Reactions: LabZero

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Would be great if you could upload multiple files at a go, something like the Virustotal tool from Phrozen.
 
Y

yigido

Thread author
  • Like
Reactions: LabZero
H

hjlbx

Thread author
I don't have time right now, but someone should also create thread describing how to solve the problem of CIS mis-treating legitimate file. I have found that until file is officially white-listed by Comodo - despite being rated Trusted by user on local machine - there might be problems with CIS auto-sandbox and other blocks. I think conflicts in file ratings by user, CAMAS\CIMA and file intelligence might be part of problem.

Just something to be aware of...
 
  • Like
Reactions: yigido
D

Deleted member 2913

Thread author
Comodo Valkyrie was an excellent online malware analysis.
Awesome detection with very very few FPs. I never got FPs.

But sadly, dont know what they did or its discontinued or not, now it never works here.

I dont remember the user name who tested Valkyrie quite heavily. If you can find his tests on Comodo forum, you will know Valkyrie was awesome in detection with very very few FPs.

Valkyrie analysis use to take little time but the results were excellent.

At that time I use to think, Valkyrie will improve Comodo AV detection hugely if incorporated fully. But then use to think how they will incorporate it into CIS in realtime given that the analysis use to take little time.

But later no info, nothing.
Dont know if discontinued or not.
 
  • Like
Reactions: LabZero
Y

yigido

Thread author
Comodo Valkyrie was an excellent online malware analysis.
Awesome detection with very very few FPs. I never got FPs.

But sadly, dont know what they did or its discontinued or not, now it never works here.

I dont remember the user name who tested Valkyrie quite heavily. If you can find his tests on Comodo forum, you will know Valkyrie was awesome in detection with very very few FPs.

Valkyrie analysis use to take little time but the results were excellent.

At that time I use to think, Valkyrie will improve Comodo AV detection hugely if incorporated fully. But then use to think how they will incorporate it into CIS in realtime given that the analysis use to take little time.

But later no info, nothing.
Dont know if discontinued or not.
Yes, Valkyrie is better than CIMA. and there is no news from Valkyrie even from @BuketB :(
I think they integrated the Valkyrie recognizers to Viruscope but it is just a prediction.
 
  • Like
Reactions: LabZero

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top