Hi Comodo is coming very soon with a Cloud antivirus with sandbox... just seen this news on their facebook page. I wonder if this also will be a free version and/or a replacement to comodo internet security premium.
Should be interesting Been a while in development i understand. Hope the backend (Valkyrie) is now ready to support this.
"This is a new addition to our product range, both products (CIS, CFW) will continue to exist." Melih, quote from the Comodo forum.
Melih...Comodo had talked about Cloud AV way back...app 2-3 years back they had mentioned new Cloud AV is coming soon & then there was no info...its still same with Comodo. They mention things & then no further info. Its like they mention things without any real or ground work. But good to know Cloud AV is coming soon now...hope this time its true.
Sure he wasn't referring to the cloud scanner? https://www.comodo.com/home/download/download.php?prod=cloud-scanner
Well, isn't like using Comodo Firewall without AV already what they are advertising here? Feature wise it's the same thing.
Facebook page refers a total installation size about 5 mbs, my CFW installation is around 150 mbs. Something should be different.
Comodo FW with Cloud AV part is not a pure cloud AV i.e --- Cloud AVs like Panda Cloud & Bitdefender Free are pure cloud AVs. By pure cloud AVs I mean they block the execution/running of files till the verdict is returned from cloud. Like Panda Cloud vendor mention the default block time is set to 30 secs to get the verdict from cloud. Its just a default max time block...the verdict from cloud is 99.99% instant & the users will not notice delay in execution/running of files. The point here is to block the files execution/running for cloud verdict & thats instant as mentioned above. This I call pure cloud AV & the way cloud AVs should work. Comodo Cloud AV part in CFW is not pure cloud AV. It doesn't blocks the execution/running of files for the cloud verdict. Its simply a cloud/online connection for cloud/online virus databases. For ex - deletevolume.exe a harmless sample from testmypcsecurity. This sample deletes the partitions other than system drive i.e D, E, etc... partitions are deleted. Now if the sample is detected by Panda Cloud & Bd Free then you will notice that the sample will not be able to delete the partitions on execution coz the blocking of execution & instant verdict from cloud will everytime detect & quarantine the sample. The sample is detected by the Cloud AV part in CFW. But on executing the sample you will notice that sometimes the sample is able to delete the partitions & no detection from Cloud part & sometimes Cloud part detects the sample & no harm done. So either a cloud glitch or blocking of execution for cloud verdict is not there. In both cases I would say the cloud part is not pure cloud coz if cloud glitch then I have noticed this happens often & if execution block for cloud verdict is not there then well not a pure cloud AV IMO. As mentioned above I think Cloud part in CFW is simply a cloud/online connection for cloud/online virus databases. I think the upcoming Comodo Cloud AV would be pure cloud AV. And its small in size i.e app 5MB. Lets see what all it is & has got.
But if it's not safe/whitelisted file, it gets virtualized anyway. And from there, it can't do anything.
Yes it will get virtualized but the point is detection is missed even though the signature is there in the cloud. And in case of deletevolume.exe...even autosandboxed the partition were deleted. I dont know how is it with the latest stable version.
I believe this product will rely on the already existing cloud and Valkyrie as its backend which cis does not use (yet?). Idk if there is anything they need to add to cis for it to utilize Valkyrie or maybe they will feed Valkyries detections into the cloud signatures. Not much info has been given yet.
But this shouldn't be happening. If it's virtualized, it shouldn't be able to touch anything real outside of sandbox. Especially when you're using Enhanced virtualize mode that goes directly through harwdare VT function on CPU.
With CIS default settings partition were deleted. I had mentioned this on malwaretips to cruelsister. She knows CIS in & out well & confirmed this. I dont know if its the same with the current stable version. If anyone test it out..do the following -- Disable Cloud - Autosandbox test only Enable Cloud - if you want to check how effective cloud detection works (disable autosandbox for the test) And there is an option for cloud detection "Block & Quarantine automatically". If you check this option you will get quarantined alert & if you uncheck this option you will get detection alert with options quarantine & ignore. Test with both i.e check the option & uncheck the option both. I would not be surprised if you get different results i.e set to auto quarantine & block may work fine i.e the sample may not be able to delete partitions & set to ask may not work fine i.e even if the detection alert is there & you hit quarantine still partition would be deleted. I dont remember now but think I had tested with 8.1 or 8.2 earlier version. And I had tested default settings & config on Win 7 64. I haven't tested with the latest stable & dont have CIS installed now.
CIS will be there with all the modules. Now Comodo Cloud AV is coming... Do you think they should have made this a pure AV i.e no autosandbox, etc... but full online/cloud databases, smart offline databases/cache like Panda cloud & Bd free, local/cloud heur/ViruScope/BB, local/cloud whitelists (option to disable), web protection & Valkyrie? Valkyrie works amazing. Its little slow. They should make it work faster & include in the AV like Avast deepscreen i.e for unknown files Valyrie alert will appear & analyze the files & give verdict (option to auto/manual analyze i.e check/analyze with Valkyrie on the alert). What you say? UPDATE- I dont like the big secured checkmark box eating up GUI space. Why they have this fixation for the big secured checkmark box? The space can be used for better stuffs to enhance usability. The drag files here to scan box is unneeded too. I mean easily accessible context menu scan option is there. Why waste main GUI space that can be used for important stuffs?
Valkyrie detections are too aggressive as of now. I use autoit a lot and anything packed by it is deemed malicious even if it doesn't do much.
I & other Comodo member had tested previous Valkyrie a lot. Expert Comodo members had too tested previous Valkyrie a lot. The results were always amazing detection with very few FPs. New Valkyrie is still work-in-progress (not all the analyzers in place & tuned). Once Valkyrie goes stable they will inform on the forum. IMHO Valkyrie was the only detection technology from Comodo with excellent detection & very low FPs. Dont know why they stopped it? But good they have started it again now. Just give it time to go stable. I am sure you will be surprised & love it.
I have been following Comodo products for quite a long time and like their principle of application. I was already a comodo user long before the testing phase of the old valkyrie (I also tested it myself). However I am also aware of the unfortunate habit of Comodo to abandon products/services out of blue (dacs, time machine, old valkyrie,etc) and also their weird bug prioritization system where they leave important bugs hanging for quite long periods of time. I am just saying valkyrie isn't ready for prime time yet, static detection ruleset is quite basic and aggressive.
I totally agree with you. Their standard bug format requirement for everything is also a pain too. Yes yet Valkyrie is not ready for prime time as its not stable & may be beta or even alpha stage.
I think standalone autosandbox only available would be good & will be your standalone proactive security. In that case I would be happy running it with Win FW & Defender.
Just in case a removal/uninstall for the above. I am sure that you know why! Removing all registry keys ect..... Kind regards,