Comodo Firewall using cloud scanner??

[treehouse786]

hi folks, recently started using comodo firewall only with defence plus disabled (and loving it) but i have noticed that the firewall is detecting 'malicious' exe's using the comodo cloud scanner, is this normal? it cant be as the 'malicious' exe was able to run anyway.
i do not have the antivirus component installed. see screenshot for clarification

is there anyway to turn the cloud scanner off?

screenshot here

[J_L]

Are you sure Defense+ is completely disabled? That setting is under Defense+.

[luciddream]

Make sure that you have the tick-box checked for: "Deactivate the Defense + permanently (Requires a system restart)", on top of having the slider set to "Disabled".

If you do have it this way, then I don't understand how it's doing that without the AV or D+. It shouldn't be.

[treehouse786]

yes defence plus is completely disabled and has been since install (they give you that option during install)

edit- reinstall did not resolve issue

[bollity]

Go to execution control settings then disable it and uncheck all oprtions.
I still need an answer from comodo why this part of defence+ is active even if the defense+ is permanently deactivated.

[treehouse786]

Quote:

Originally Posted by bollity

Go to execution control settings then disable it and uncheck all oprtions.
I still need an answer from comodo why this part of defence+ is active even if the defense+ is permanently deactivated.

many thanks, that did the trick

must be a bug or oversight

[luciddream]

I can understand why some people would only want the Anti-executable part of D+ and not the rest of it. So I think it's a good thing that you can still use only it without the rest. But, it is misleading. One would think that disabling D+ would in turn disable all components in it. So that creates kind of an impasse.

Perhaps there's a way they can explain in the interface that disabling D+ will not disable the execution control, or separate the tasks somehow?

[treehouse786]

Quote:

Originally Posted by luciddream

I can understand why some people would only want the Anti-executable part of D+ and not the rest of it. So I think it's a good thing that you can still use only it without the rest. But, it is misleading. One would think that disabling D+ would in turn disable all components in it. So that creates kind of an impasse.

Perhaps there's a way they can explain in the interface that disabling D+ will not disable the execution control, or separate the tasks somehow?

i was thinking along the same lines so i fired up one of my VM's and installed comodo antivirus with defence plus/sandbox disabled but i left execution control on and 'treat unrecognised files' was put to 'block' but malware was still able to execute??

shouldn't turning 'treat unrecognised files' to 'block' stop malware from executing? if not then what is it's function?

[treehouse786]

Quote:

Originally Posted by treehouse786

i was thinking along the same lines so i fired up one of my VM's and installed comodo antivirus with defence plus/sandbox disabled but i left execution control on and 'treat unrecognised files' was put to 'block' but malware was still able to execute??

shouldn't turning 'treat unrecognised files' to 'block' stop malware from executing? if not then what is it's function?

realised that defence plus needs to be running for the 'treat unrecognised files' option to work which means that the cloud scanner working when defence plus is disabled is a bug and not a feature, otherwise all aspects of the execution would function and not just the cloud scanner, hope i made sense.

feel free anyone to let comodo know about this.

[lordraiden]

Quote:

Originally Posted by treehouse786

hi folks, recently started using comodo firewall only with defence plus disabled (and loving it) but i have noticed that the firewall is detecting 'malicious' exe's using the comodo cloud scanner, is this normal? it cant be as the 'malicious' exe was able to run anyway.
i do not have the antivirus component installed. see screenshot for clarification

is there anyway to turn the cloud scanner off?

screenshot here

The cloud scanner is not related with D+ status
If you don't want to use the cloud scanner uncheck this 2 settings in the Execution Control Settings window

Automatically scan unrecognized files in the cloud
Perform cloud based behavior analysis of unrecognized files

More details:
http://help.comodo.com/topic-72-1-20...-Settings.html