Comodo Cleaning Essentials

• Introduction To Comodo Cleaning Essentials
  • System Requirements
  • Downloading Comodo Cleaning Essentials
  • Starting Comodo Cleaning Essentials
  • The Main Interface
• Scanning Your System
  • Smart Scan
  • Full Scan
  • Custom Scan
  • Comparison Of Scan Types
• Configuring Comodo Cleaning Essentials
• The Tools Menu
  • Managing Quarantined Items
  • Managing Trusted Vendors
  • Importing Antivirus Database
  • Checking For Software Updates
• Introduction To KillSwitch
  • Starting KillSwitch
    • From The Comodo Cleaning Essentials Interface
    • From The Folder Containing Comodo Cleaning Essentials Files
    • Replacing Windows Task Manager With KillSwitch
  • The Main Interface
    • The System Tray Icon
  • Viewing And Handling Processes, Applications And Services
    • Processes
      • Stopping, Starting And Handling The Processes
      • Viewing Properties Of A Process
    • Applications
      • Handling The Applications
    • Services
      • Stopping, Starting And Deleting The Services
      • Viewing The Properties Of A Service
  • Viewing And Handling Network Connections And Usage
    • Network Connections
      • Inspecting And Closing Network Connections
    • Network Utilization
  • Configuring KillSwitch
  • KillSwitch Tools
    • Viewing System Information
    • Repairing Windows Settings And Features
    • Analyzing Program Usage
    • Searching For Handles Or DLLs
    • Verifying Authenticity Of Applications
    • Boot Logging And Handling Loaded Modules
    • Running Programs From Command Line Interface
    • Viewing KillSwitch Logs
    • Finding Process Of The Active Window
  • Managing Currently Logged-in Users
  • Help And About Details
• Introduction To Autorun Analyzer
  • Starting Autorun Analyzer
    • From The Comodo Cleaning Essentials Interface
    • From The KillSwitch Interface
    • From The Folder Containing Comodo Cleaning Essentials Files
  • The Main Interface
  • Viewing And Handling Autorun Items
    • Handling Autorun Items
    • Filtering Entries Based On Categories
    • Viewing Autorun Items For Other User Accounts
  • Help And About Details
• Help And About Details
  • Help
  • About
• Using The Command Line Interface
  • Running A Smart Scan From The Command Line Interface
  • Running A Custom Scan From The Command Line Interface
  • Running A Virus Database Update Task From The Command Line Interface
  • Viewing Help
• About Comodo

Viewing Properties of a Process

 

To view the properties dialog, just double click on the process in the main display pane or right click on the process from the main display pane and select 'Properties' from the context sensitive menu. 'Properties' is used to cover the large amount of information that surrounds each process. Because the amount of data is so large, the 'Properties' interface is broken down into 11 separate tabs, each containing important information and functionality related to the particular process.

 

Further details are available on each tab by clicking the following links :

• Image;

• Rating;

• Performance;

• Performance Graph;

• Security;

• Environment;

• Handles;

• Strings;

• Threads;

• Modules;

• Usage.

Note: The 'Usage' tab will be displayed only for the processes at the first level of the process hierarchy. For the branch processes in the process tree, the 'Usage' tab will not be displayed and hence the 'Properties' dialog will contain only 10 tabs.

 

 Image

The 'Image' tab displays the basic information about the process and its image file. You can also view its command line, Data Execution Prevention (DEP) status, terminate the process and so on.  The dialog also allows you to make the Window of the parent application of the process active and to terminate the process.

 

• Terminate - Clicking 'Terminate' stops the process. You will be asked for confirmation before stopping the process.

Click here to go back to list of properties.

 Rating

 

The 'Rating' tab displays a list of scanning tests performed by KillSwitch on the process through its native scanner, CAMAS and the results pertaining to each scan.

 

You can see the following scan results:

Scan Result	From	Notes
Basic	File scanner of local AV engine	To ensure the most accurate scan results, please update the AV database prior to running an AV scan.
FLS	Cloud based file scanner	-
	Cloud based verification of a file's digital signature	-
	Local verifier of trusted vender Local check that the creator of the file is on the trusted vendor list	Checks that the file has a digital signature. If it does, then checks this signature is in the trusted vendor list.
CAMAS	File is uploaded to Comodo Automated Malware Analysis System (CAMAS) for inspection	Use private communication protocol to send the file to CAMAS for analysis. Public CAMAS URL: http://camas.comodo.com/

The Rating list shows the final rating only according to the priorities. The priority of scan results are the following (High to low):

1. Basic.Malware

2. FLS.Malware

3. FLS.Safe

4. CAMAS.Detected

5. CAMAS.Malware

6. CAMAS.Suspicious

7. CAMAS.SuspiciousP

8. CAMAS.SuspiciousPP

9. FLS.Unknown

10. FLS.Absent

Click here to go back to list of properties.

 

Performance

 

The 'Performance' tab displays the statistics and performance information like CPU usage, I/O activity, Memory usage etc. This data can help advanced users track the resource overhead of a process at a granular level.

Click here to go back to list of properties.

 

Performance Graph

The 'Performance Graph' tab displays three graphs relating to the process' performance - CPU Usage, Private Bytes, and I/O activity. This window helps the advanced users to track the resource overhead of a process pictorially. You can hover your mouse over the graphs to view details.

Click here to go back to list of properties.

 Security

 

The 'Security' tab displays the primary tokens of the process. The primary token of a process is an object which describes security attributes such as the user, groups and privileges.

 

Click here to go back to list of properties.

 

Environment

The 'Environment' tab displays the process' environment variables, which are the variables accessible to process describing the operating system environment. Environment variables are normally inherited by child processes.

Click here to go back to list of properties.

Handles

 

The 'Handles' tab displays the process' handles - resources it has opened. A handle refers to the value used to uniquely identify a resource,such as a file or a registry key, accessed by the process or the application.

 

• Hide unnamed handles - Selecting this option removes the handles that do not have a name from the list of handles displayed.

• Right-clicking on an handle opens a context sensitive menu that enables to you to close or view the properties of the handle.

• Close Handle - Closes the Handle. Closing a process handle does not terminate the associated process or remove the process object.

• Properties - Opens the 'Properties' dialog of the Handle. Also double clicking a handle opens its 'Properties' dialog.

Click here to go back to list of properties.

 Strings

 

The 'Strings' tab displays a list of ASCII and Unicode strings that are loaded to the process. You can choose to extract the threads loaded to Process Image or Process Memory.

 

• Select ‘Image’ or ‘Memory’ to extract and view the strings from Process Image or the Process Memory respectively.

• Click 'Save' to save the displayed list of strings as a text file.

Click here to go back to list of properties. 

 

Threads

The 'Threads' tab displays a list of threads of the process, including their symbolic start addresses. You can click on a thread to view more information, or double-click a thread to view its call stack.

 

Handling Threads

• Stack - Analyzes the thread and displays a list of stacks in the thread.

• Module - Opens the 'Properties' dialog of the module that has invoked the process.

• Kill – Terminates the thread. Terminating the thread does not terminate the associated process or remove the process object.

• Suspend – Suspends the thread.

Click here to go back to list of properties.

Modules

The 'Modules' tab displays the modules loaded by the process. Modules are the dynamic link library (DLL) files that are loaded to the system memory by the selected process. Double clicking on a Module opens the 'Properties' dialog of it.

 

• Hide Safe – Removes DLL modules identified as safe by KillSwitch and displays only unknown and unsafe modules.

Handling the Modules

 

Double clicking on a Module name opens the Properties dialog of the module.

 

The dialog provides complete details of the DLL module under the three tabs 'Image', 'Rating' and 'Strings' tabs.

 

Right-clicking on a module listed opens a context sensitive menu that enables you to perform various actions like unloading the module from the memory.

 

• Delete - Removes the selected module from your computer. You will be asked for confirmation before deleting the module.

Warning: Deleting some critical modules of an application may render the application unusable.

• Search Online - Opens the default web browser of your system with the search engine specified and searches for information on the module on the web.

• Send To Comodo - Submits the module for analysis to Comodo as Suspicious or False Positive. The files will be analyzed by experts and added to white list or black list accordingly.

• Open Containing Folder - Opens the folder in which the module is stored, in Windows Explorer window.

• Properties - Opens the 'Properties' dialog of the module.

Click here to go back to list of properties.

 

 Usage

 

The 'Usage' tab displays how often the parent application of the process has been used by the user and its previous run time.

Click here to go back to list of properties.