Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
What makes CF so special and should I use it + an issue with it and some other questions
Message
<blockquote data-quote="Arequire" data-source="post: 787420" data-attributes="member: 59283"><p>Comodo products include a list of software vendors that are considered trusted. Software created by these vendors will usually be digitally signed with a code signing certificate, which is used to verify its authenticity. Any piece of software sporting a certificate by one of these trusted vendors will be assumed safe and will be allowed to run without any kind of restriction. As you can imagine, sometimes blackhats get their hands on these certificates and slap them on their malware, which adds legitimacy and helps it evade detection. These certificates are issued by certificate authorities and can be revoked at any time if they're found to be being used by malware.</p><p></p><p>Comodo also has their own cloud database of files and each file is given a trust rating: Trusted, Unknown or Malicious. Anything with a trusted rating is allowed to run, anything with an unknown rating will run inside the sandbox, and anything with a malicious rating will be quarantined.</p><p></p><p>Then there's Viruscope, which analyses the behaviour of each application and any application that exhibits malicious behaviour will be quarantined. This applies to all files and doesn't distinguish between files that are considered trusted or not.</p><p></p><p></p><p>CF and SAP aren't compatible. [USER=51905]@Evjl's Rain[/USER] attempted to run this combo in 2017 and ended up with Windows freezing during the boot process.</p><p></p><p></p><p>Comodo has three protection layers against this:</p><ol> <li data-xf-list-type="ol">If the certificate is revoked by the certificate authority that issued it then CF will treat the application as unknown and it will be run inside the sandbox</li> <li data-xf-list-type="ol">If the application has a malicious rating on Comodo's cloud database then the file will be quarantined regardless of the certificate</li> <li data-xf-list-type="ol">Viruscope performs behavioural analysis on all applications and will quarantine any that exhibit malicious behaviour</li> </ol><p>If you're running CF alongside a companion AV then it also has the opportunity to detect the malware as well, either through signatures or its post-execution protections.</p><p></p><p></p><p>If an application were perceived as malicious it'd be quarantined.</p><p>If the application is unknown and is requesting administrator rights then there's an option to have CF block the application's execution instead of sandboxing it.</p><p></p><p></p><p></p><p></p><p></p><p>Comodo's cloud database and trusted vendor list is massive; unless you're running a lot of unsigned applications with small userbases then chances are it's not going to be a problem.</p><p>Treat everything that gets placed inside the sandbox as malicious, unless you're 110% sure that it isn't.</p><p></p><p>Hope my explanations helped.</p></blockquote><p></p>
[QUOTE="Arequire, post: 787420, member: 59283"] Comodo products include a list of software vendors that are considered trusted. Software created by these vendors will usually be digitally signed with a code signing certificate, which is used to verify its authenticity. Any piece of software sporting a certificate by one of these trusted vendors will be assumed safe and will be allowed to run without any kind of restriction. As you can imagine, sometimes blackhats get their hands on these certificates and slap them on their malware, which adds legitimacy and helps it evade detection. These certificates are issued by certificate authorities and can be revoked at any time if they're found to be being used by malware. Comodo also has their own cloud database of files and each file is given a trust rating: Trusted, Unknown or Malicious. Anything with a trusted rating is allowed to run, anything with an unknown rating will run inside the sandbox, and anything with a malicious rating will be quarantined. Then there's Viruscope, which analyses the behaviour of each application and any application that exhibits malicious behaviour will be quarantined. This applies to all files and doesn't distinguish between files that are considered trusted or not. CF and SAP aren't compatible. [USER=51905]@Evjl's Rain[/USER] attempted to run this combo in 2017 and ended up with Windows freezing during the boot process. Comodo has three protection layers against this: [LIST=1] [*]If the certificate is revoked by the certificate authority that issued it then CF will treat the application as unknown and it will be run inside the sandbox [*]If the application has a malicious rating on Comodo's cloud database then the file will be quarantined regardless of the certificate [*]Viruscope performs behavioural analysis on all applications and will quarantine any that exhibit malicious behaviour [/LIST] If you're running CF alongside a companion AV then it also has the opportunity to detect the malware as well, either through signatures or its post-execution protections. If an application were perceived as malicious it'd be quarantined. If the application is unknown and is requesting administrator rights then there's an option to have CF block the application's execution instead of sandboxing it. Comodo's cloud database and trusted vendor list is massive; unless you're running a lot of unsigned applications with small userbases then chances are it's not going to be a problem. Treat everything that gets placed inside the sandbox as malicious, unless you're 110% sure that it isn't. Hope my explanations helped. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
