Comodo Cloud Antivirus

Discussion in 'other anti-virus software' started by Pat MacKnife, Sep 25, 2015.

  1. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    620
    Location:
    Belgium
    Hi

    Comodo is coming very soon with a Cloud antivirus with sandbox... just seen this news on their facebook page.

    I wonder if this also will be a free version and/or a replacement to comodo internet security premium.
     
    Last edited: Sep 25, 2015
  2. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Should be interesting :)
    Been a while in development i understand.
    Hope the backend (Valkyrie) is now ready to support this.
     
  3. Circe

    Circe Registered Member

    Joined:
    May 10, 2011
    Posts:
    144
    Location:
    Cheshire, England
    "This is a new addition to our product range, both products (CIS, CFW) will continue to exist." Melih, quote from the Comodo forum.
     
  4. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Interesting..... :)
     
  5. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Melih...Comodo had talked about Cloud AV way back...app 2-3 years back they had mentioned new Cloud AV is coming soon & then there was no info...its still same with Comodo. They mention things & then no further info. Its like they mention things without any real or ground work.

    But good to know Cloud AV is coming soon now...hope this time its true.
     
  6. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
  7. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
  8. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, isn't like using Comodo Firewall without AV already what they are advertising here? Feature wise it's the same thing.
     
  9. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    Facebook page refers a total installation size about 5 mbs, my CFW installation is around 150 mbs. Something should be different.
     
  10. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Comodo FW with Cloud AV part is not a pure cloud AV i.e ---
    Cloud AVs like Panda Cloud & Bitdefender Free are pure cloud AVs. By pure cloud AVs I mean they block the execution/running of files till the verdict is returned from cloud. Like Panda Cloud vendor mention the default block time is set to 30 secs to get the verdict from cloud. Its just a default max time block...the verdict from cloud is 99.99% instant & the users will not notice delay in execution/running of files.
    The point here is to block the files execution/running for cloud verdict & thats instant as mentioned above. This I call pure cloud AV & the way cloud AVs should work.

    Comodo Cloud AV part in CFW is not pure cloud AV. It doesn't blocks the execution/running of files for the cloud verdict. Its simply a cloud/online connection for cloud/online virus databases.

    For ex - deletevolume.exe a harmless sample from testmypcsecurity. This sample deletes the partitions other than system drive i.e D, E, etc... partitions are deleted.
    Now if the sample is detected by Panda Cloud & Bd Free then you will notice that the sample will not be able to delete the partitions on execution coz the blocking of execution & instant verdict from cloud will everytime detect & quarantine the sample.

    The sample is detected by the Cloud AV part in CFW. But on executing the sample you will notice that sometimes the sample is able to delete the partitions & no detection from Cloud part & sometimes Cloud part detects the sample & no harm done.
    So either a cloud glitch or blocking of execution for cloud verdict is not there. In both cases I would say the cloud part is not pure cloud coz if cloud glitch then I have noticed this happens often & if execution block for cloud verdict is not there then well not a pure cloud AV IMO.
    As mentioned above I think Cloud part in CFW is simply a cloud/online connection for cloud/online virus databases.

    I think the upcoming Comodo Cloud AV would be pure cloud AV. And its small in size i.e app 5MB. Lets see what all it is & has got.
     
  11. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    But if it's not safe/whitelisted file, it gets virtualized anyway. And from there, it can't do anything.
     
  12. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Yes it will get virtualized but the point is detection is missed even though the signature is there in the cloud.

    And in case of deletevolume.exe...even autosandboxed the partition were deleted. I dont know how is it with the latest stable version.
     
  13. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    321
    I believe this product will rely on the already existing cloud and Valkyrie as its backend which cis does not use (yet?). Idk if there is anything they need to add to cis for it to utilize Valkyrie or maybe they will feed Valkyries detections into the cloud signatures. Not much info has been given yet.
     
  14. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    But this shouldn't be happening. If it's virtualized, it shouldn't be able to touch anything real outside of sandbox. Especially when you're using Enhanced virtualize mode that goes directly through harwdare VT function on CPU.
     
  15. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    With CIS default settings partition were deleted. I had mentioned this on malwaretips to cruelsister. She knows CIS in & out well & confirmed this. I dont know if its the same with the current stable version.

    If anyone test it out..do the following --
    Disable Cloud - Autosandbox test only
    Enable Cloud - if you want to check how effective cloud detection works (disable autosandbox for the test)
    And there is an option for cloud detection "Block & Quarantine automatically". If you check this option you will get quarantined alert & if you uncheck this option you will get detection alert with options quarantine & ignore.
    Test with both i.e check the option & uncheck the option both. I would not be surprised if you get different results i.e set to auto quarantine & block may work fine i.e the sample may not be able to delete partitions & set to ask may not work fine i.e even if the detection alert is there & you hit quarantine still partition would be deleted.

    I dont remember now but think I had tested with 8.1 or 8.2 earlier version. And I had tested default settings & config on Win 7 64.
    I haven't tested with the latest stable & dont have CIS installed now.
     
  16. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    CIS will be there with all the modules.

    Now Comodo Cloud AV is coming...
    Do you think they should have made this a pure AV i.e no autosandbox, etc... but full online/cloud databases, smart offline databases/cache like Panda cloud & Bd free, local/cloud heur/ViruScope/BB, local/cloud whitelists (option to disable), web protection & Valkyrie?
    Valkyrie works amazing. Its little slow. They should make it work faster & include in the AV like Avast deepscreen i.e for unknown files Valyrie alert will appear & analyze the files & give verdict (option to auto/manual analyze i.e check/analyze with Valkyrie on the alert).

    What you say?

    UPDATE- I dont like the big secured checkmark box eating up GUI space. Why they have this fixation for the big secured checkmark box? The space can be used for better stuffs to enhance usability.

    The drag files here to scan box is unneeded too. I mean easily accessible context menu scan option is there. Why waste main GUI space that can be used for important stuffs?
     
    Last edited: Sep 27, 2015
  17. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    Valkyrie detections are too aggressive as of now. I use autoit a lot and anything packed by it is deemed malicious even if it doesn't do much.
     
  18. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    I & other Comodo member had tested previous Valkyrie a lot. Expert Comodo members had too tested previous Valkyrie a lot. The results were always amazing detection with very few FPs.

    New Valkyrie is still work-in-progress (not all the analyzers in place & tuned). Once Valkyrie goes stable they will inform on the forum.
    IMHO Valkyrie was the only detection technology from Comodo with excellent detection & very low FPs. Dont know why they stopped it?
    But good they have started it again now. Just give it time to go stable. I am sure you will be surprised & love it.
     
  19. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    509
    I have been following Comodo products for quite a long time and like their principle of application. I was already a comodo user long before the testing phase of the old valkyrie (I also tested it myself). However I am also aware of the unfortunate habit of Comodo to abandon products/services out of blue (dacs, time machine, old valkyrie,etc) and also their weird bug prioritization system where they leave important bugs hanging for quite long periods of time. I am just saying valkyrie isn't ready for prime time yet, static detection ruleset is quite basic and aggressive.
     
  20. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    I totally agree with you. Their standard bug format requirement for everything is also a pain too.

    Yes yet Valkyrie is not ready for prime time as its not stable & may be beta or even alpha stage.
     
  21. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    I think standalone autosandbox only available would be good & will be your standalone proactive security.
    In that case I would be happy running it with Win FW & Defender.
     
  22. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Just in case a removal/uninstall for the above. I am sure that you know why!
    Removing all registry keys ect.....

    Kind regards,
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.