spywar's config

Zurchiboy

New Member
Verified
Apr 10, 2013
98
Does Comodo antivirus has real time scan optimizations like Avast (Transient & Persistent cache) ot it scans everything everytime?

CIS 6.1 Does have scanning opitimations. Here is screen shot to show.
 

Attachments

  • Scan opt..jpg
    Scan opt..jpg
    96 KB · Views: 428

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
Zurchiboy said:
Does Comodo antivirus has real time scan optimizations like Avast (Transient & Persistent cache) ot it scans everything everytime?

CIS 6.1 Does have scanning opitimations. Here is screen shot to show.

Thanks for your time!! Comodo says these but I cannot clearly get what they exactly do:
•Enable scanning optimizations – On selecting this option, the antivirus will employ various optimization techniques like running the scan in the background *(what are the others?)* in order to reduce consumption of system resources and speed-up the scanning process (Default = Enabled)

•Run cache builder when computer is idle - CIS runs the Antivirus Cache Builder *(what type of cache is this? permanent or only with current database, until the next reboot etc)* when the computer is idle, to boost the real-time scanning. If you do not want the Cache Builder to run, deselect this option (Default = Enabled).
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
I just tested Avast in Windows 8 and CIS in Windows 7 using the leak/hips test app from Comodo (http://personalfirewall.comodo.com/cltinfo.html). Windows firewall is off in both installations. Maybe there is some difference because of the different Windows versions.
I left Avast firewall settings as default and behaviour blocker to ask instead of autodecide. You can check CIS related configuration settings in the screenshots attached. When running the application at first, CIS asks to run it isolated. The test described was done with unlimited access for CIS so as to be fair as Avast did not autosandbox anything.
[attachment=4234]
[attachment=4235]
During the test avast behaviour shield showed one warning concerning access to system/drivers (deny option). CIS prompted about clt.exe trying to connect to the internet (clt.exe) (blocked only).
The first screenshot is about Avast and the second about CIS. As you can see the Windows 8 setup shows better results.
[attachment=4236]
[attachment=4237]
I know I must have done the test in the same WIndows setup but I didn't want to do changes at the moment.
 

Attachments

  • cis1.PNG
    cis1.PNG
    48.3 KB · Views: 465
  • cisfirewall.PNG
    cisfirewall.PNG
    54.6 KB · Views: 484
  • Avast.PNG
    Avast.PNG
    44.1 KB · Views: 487
  • cisunlimited.PNG
    cisunlimited.PNG
    45 KB · Views: 512

HeffeD

Level 1
Feb 28, 2011
1,690
Please be aware that the CLT is not designed for applications that utilize a sandbox. Sandboxing will give erroneous results during the tests.

And yes, the caching system of the AV is persistent. Once a file has been scanned, it will only be scanned again if the file has changed in some way.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
HeffeD said:
Please be aware that the CLT is not designed for applications that utilize a sandbox. Sandboxing will give erroneous results during the tests.

And yes, the caching system of the AV is persistent. Once a file has been scanned, it will only be scanned again if the file has changed in some way.

Ok thx for that. I 'm removing the last sentence about isolating.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
Update: I did the tests in another PC with Win8, avast 8 free and Windows firewall enabled. The score was 190 so it's not Windows 8 that gave the boost, it was the Avast firewall.
I also did the test in my Win7 installation using KIS 2013 (removed CIS). At default the score was 200. clt.exe was in low restricted group so I after the first test I moved it to high restricted to see the score. In this case the score was 300!
I stop it here so not to post irrelevant things in spywar's thread xD
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
971
Nikos751 said:
HeffeD said:
Please be aware that the CLT is not designed for applications that utilize a sandbox. Sandboxing will give erroneous results during the tests.

And yes, the caching system of the AV is persistent. Once a file has been scanned, it will only be scanned again if the file has changed in some way.

Ok thx for that. I 'm removing the last sentence about isolating.

But anyway Comodo default options are not about sandboxing despite calling it like that. It's a matter of alloed actions, privileges etc.
 

spywar

Level 11
Thread author
Oct 26, 2012
1,011
To HeffeD : When can we expect the real BB just like Mamutu ? Has egemen talked about that since July 2012 ?
Currently CAMAS is a cloud based Behavior Blocker, I'd prefer something local and if local is not able to detect suspicious behavior then it submits to valkyrie which will make a detailed analysis of the PE.
 

spywar

Level 11
Thread author
Oct 26, 2012
1,011
CIS 6.1 with all default settings (just have changed full scan, I checked cloud scanning and heuristic).
 

House_maniac

Level 1
Sep 21, 2011
426
spywar said:
CIS 6.1 with all default settings (just have changed full scan, I checked cloud scanning and heuristic).
ok great i'm using default setting too with virtualized sandbox and enhanced protection ticked on! you changed heuristic to high or low?
 

spywar

Level 11
Thread author
Oct 26, 2012
1,011
House_maniac said:
spywar said:
CIS 6.1 with all default settings (just have changed full scan, I checked cloud scanning and heuristic).
ok great i'm using default setting too with virtualized sandbox and enhanced protection ticked on! you changed heuristic to high or low?
Just enabled heuristic under the settings of full scan so it's still on "low".
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Low heuristics is fine to avoid aggression as tts been advised through the years for Comodo internet Security.
 
Z

ZeroDay

I thought you switched to comodo after doing a big test on avast and seeing the test machine get heavily infected.

Just a BIG test Avast vs CIS 6.1 on a friend's pc (real pc). Avast! did a good job but still, pc was dramatically infected
 

spywar

Level 11
Thread author
Oct 26, 2012
1,011
Hi, yes In fact I did a mistake, I have a dedicated test machine where I installed Avast 8 to test it ;) On the same machine I had EAM 7 for testing. Of course on MAIN machine it's CIS installed.
 
Z

ZeroDay

spywar said:
Hi, yes In fact I did a mistake, I have a dedicated test machine where I installed Avast 8 to test it ;) On the same machine I had EAM 7 for testing. Of course on MAIN machine it's CIS installed.

Thanks for the clarification :) For a second I though Avast had implemented some of their new technology.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
What features of avast do you have installed, and what are non-critical in your opinion? Especially when it comes to your malware testing.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top