Comodo Antivirus For Servers

• Introduction To Comodo Antivirus For Servers
  • Key Features
  • Supported Servers
  • Installation
  • Starting Comodo Antivirus For Servers
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
    • Instant Assistance
  • Understanding Security Alerts
• General Tasks - Introduction
  • Scan And Clean Your Server
    • Run A Quick Scan
    • Run A Full Server Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Instantly Scan Files And Folders
  • Processing Infected Files
  • Manage Virus Database And Program Updates
  • View CAVS Logs
    • Antivirus Logs
      • Filtering Antivirus Logs
    • Defense+ Logs
      • Filtering Defense+ Logs
    • Alerts Logs
      • Filtering Alerts Displayed Logs
    • Tasks
      • Filtering Tasks Launched Logs
    • Configuration Changes
      • Filtering Configuration Changes Logs
  • Manage Quarantined Items
• Sandbox Tasks – Introduction
  • Run An Application In The Sandbox
  • Reset The Sandbox
  • View Active Process List
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Downloading And Burning Comodo Rescue Disk
  • Submit Files
  • Identify And Kill Unsafe Running Processes
  • Remove Deeply Hidden Malware
  • Manage CAVS Tasks
• Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CAVS Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
  • Security Settings
    • Antivirus Settings
      • Real-time Scanner Settings
      • Scan Profiles
      • Exclusions
    • Defense+ Settings
      • HIPS Behavior Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • Protected Objects
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
        • Protected Data Folders
      • HIPS Groups
        • Registry Groups
        • COM Groups
      • Sandbox
        • The Sandbox - An Overview
        • Unknown Files: The Scanning Processes
      • Configure The Sandbox
      • Configuring Rules For Auto-Sandbox
    • Manage File Rating
      • File Rating Settings
      • File Groups
      • File List
      • Submitted Files
      • Trusted Vendors List
• Appendix 1 - CAVS How To... Tutorials
  • Enable / Disable AV And Auto-Sandbox Easily
  • Setting Up The HIPS For Maximum Security And Usability
  • Create Rules For Auto-Sandboxing Applications
  • Running An Instant Antivirus Scan On Selected Items
  • Creating An Antivirus Scanning Schedule
  • Run Untrusted Programs In The Sandbox
  • Run Browsers Inside Sandbox
  • Restoring Incorrectly Quarantined Item(s)
  • Submitting Quarantined Items To Comodo For Analysis
  • Blocking Any Downloads Of A Specific File Type
  • Disable Auto-Sandboxing On A Per-application Basis
  • Switch Off Automatic Antivirus And Software Updates
• Appendix 2 - Glossary Of Common Terms
• About Comodo Security Solutions

File List

The 'File List' pane displays a list of executable files, programs and applications and executable files discovered in your system with their file rating. CAVS rates the files as:

• Trusted

• Unrecognized

• Malicious

Trusted Files

Files with 'Trusted' rating are automatically given Defense+ trusted status. Files are identified as trusted in the following ways:

• Cloud-based file lookup service (FLS) - Whenever a file is first accessed, CAVS will check the file against our master whitelist and blacklists and will award it trusted status if:

• The application is from a vendor included in the Trusted Software Vendors list;

• The application is included in the extensive and constantly updated Comodo safelist.

• Administrator rating (Applicable only if your CAVS installation is remotely managed by your CESM administrator).

• User Rating – You can provide Trusted status to your files in two ways:

• If an executable is unknown to the Defense+ safe list then, ordinarily, it and all its active components generate HIPS alerts when they run. Of course, you could choose the 'Treat this as a Trusted Application' option at the alert but it is often more convenient to classify entire directories of files as 'Trusted'.

• You can assign 'Trusted' rating to any desired file from the Files List interface. Refer to the description of changing the file rating under the section File Details for more details.

For the files assigned with 'Trusted' status by the user, CAVS generates a hash or a digest of the file using a pre-defined algorithm and saves in its database. On access to any file, its digest is created instantly and compared against the list of stored hashes to decide on whether the file has 'Trusted' status. By this way, even if the file name is changed later, it will retain its Trusted status as the hash remains same.

By granting 'Trusted' status to executables (including sub folders containing many components) you can reduce the amount of alerts that HIPS generates whilst maintaining a higher level of Defense+ security. This is particularly useful for developers that are creating new applications that, by their nature, are as yet unknown to the Comodo safe list.

Creating your own list of Trusted Files allows you to define a personal safe list of files to complement the default Comodo safe list.

Unrecognized Files

Once installed, the HIPS watches all file system activity on your computer. Every new executable file introduced to the computer, is first scanned against the Comodo certified safe files database. If they are not safe, they are given 'Unrecognized' file rating for users to review and set their own rating. Apart from new executables, any executables that are modified are also given the 'Unrecognized' status.

You can assess the pending files to determine whether or not they are to be trusted. If they are trustworthy, they can be given the 'Trusted' rating. Refer to the description under 'Setting File Rating' for more details. You can also submit the the files to Comodo for analysis. Experts at Comodo will analyze the files and add them to global white-list or black-list accordingly.

'Unrecognized Files' is specifically important while HIPS is in 'Clean PC Mode'. In Clean PC Mode, the files in 'Unrecognized Files' are NOT considered clean. For more information, please check 'Clean PC Mode' on the HIPS settings page.

Malicious Files

Files that are identified as malicious from the FLS will be given 'Malicious' rating and will not be allowed to run by default.

The Trusted Files panel can be accessed by clicking 'Security Settings' > 'File Rating' > 'File List' from the Advanced Settings interface.

The pane displays the list of applications, programs and executable file discovered from your computer.

Column Descriptions:

• File Path- Indicates installation or storage path of the file;

• Company – Shows the publisher of the file;

• First Observed - Indicates date and time at which the file was first discovered by CAVS. For the files installed or stored before the installation of CAVS, it shows the first execution time of CAVS, when the file was discovered. For the files installed or stored after installation of CAVS, it shows when the file was stored.

• File Rating - Indicates the current CAVS rating of the file. The possible values are:

• Trusted

• Unrecognized

• Malicious

The files are rated based on the following, in order of priority:

1. Administrator rating (Applicable only if your CAVS installation is remotely managed by your CESM administrator).

2. User rating (Rating as set by the user, if modified from the default rating)

3. FLS rating

The File rating can be modified by the user in two ways:

• By clicking on the displayed rating in the row of the desired file and choosing the rating from the context sensitive menu.

• From the 'File Details' dialog of the desired file by selecting it, clicking the handle from the bottom and choosing 'File Details' from the options. Refer to the description of changing the file rating under the section File Details for more details.

Context Sensitive Menu

Right clicking on a file opens a context sensitive menu that allows you to view the 'File Details' dialog, remove the file from the list, submit the file to Comodo for analysis and more.

• Add - Allows you to manually add files to the 'File List' with user defined rating

• File Details - Opens the 'File Details' dialog enabling you to view the details of the file and set user defined rating

• Remove - Allows you to remove files from 'Files List'.

• Lookup - Starts the online lookup of selected file with the master Comodo safelist if any details are available

• Submit - Begins the file submission process.

• Import - Enables you import a file list from an XML file

• Export - Enables you export the current file list with existing ratings to an XML file

• Jump to Folder – Opens the folder containing the file in Windows Explorer.

Searching and Filtering options

You can use the search option to find a specific file based on the file path, file name or the publisher, from the list. Also, you can filter the list of files based on the installation/storage date and File rating.

To use the search option, click the search icon at the far right in the 'File path' column header.

• Click the chevron on the left side of the column header and select the search criteria from the drop-down.

• Enter the file path or the name of company in part or full as per the selected criteria in the search field and press 'Enter' to begin the search.

• To filter the list based on the date of installation or storage of the files, click the calendar icon at the right of the 'First Observed' column header and choose the time/date/period.

• To filter the list based on the file rating, click the funnel icon at the right of the 'File Rating' column header and select the ratings to display only the files with the selected rating(s).

Clicking the handle at the bottom of the panel opens the following options:

• Add - Allows you to manually add files to the 'File List' with user defined rating

• File Details - Opens the 'File Details' dialog enabling you to view the details of the file and set user defined rating

• Remove - Allows you to remove files from 'Files List'.

• Lookup - Starts the online lookup of selected file with the master Comodo safelist if any details are available

• Submit - Begins the file submission process.

• Import - Enables you import a file list from an XML file

• Export - Enables you export the current file list with existing ratings to an XML file

To manually add files to 'Files list'

• Click the handle from the bottom and choose 'Add'

Tip: Alternatively, right click inside the File List page and choose 'Add' from the context sensitive menu.

• You can add files to the Files list by three ways:

• Files - Allows you to navigate to the file or executable of the program you wish to add and assign a rating.

• Folders - Allows you to navigate to the folder you wish to add. All the files in the folder will be added to the 'Files List' with the rating you assign.

• Running Processes - Allows you to select a currently running process. On selecting a process, the parent application, which invoked the process will be added to 'Files List' with the rating you assign.

Once you have chosen the file(s) or the folder, you can assign the rating for the file(s) to be added.

• Choose the rating to be assigned to the file(s). The available options are:

• Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts

• Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.

• Malicious – The file will not be allowed to run.

• Click OK in the 'Add Files' dialog

• Click 'OK' in the 'Advanced Settings' for your changes to take effect.

To view the 'File Details' and change the rating

• Choose the file to view its details

• Click the handle from the bottom and choose 'File Details'

Tip: Alternatively, right click on the selected file inside the File List page and choose 'File Details' from the context sensitive menu.

The 'File Details' dialog will open. The dialog contains two tabs:

• Overview

• File Rating

Overview

The Overview tab displays the general details of the file and the publisher details.

• Clicking the file name opens the Windows 'File Properties' dialog.

• Clicking 'Jump to folder' opens the folder containing the file in Windows Explorer, with the respective file selected.

File Rating

The 'File Rating' tab enables you to change the current rating of the file and displays the current rating as per the analysis result from Comodo.

Note: If the CAVS installation is remotely managed by the CESM server on your network your Administrator's file rating for individual file will override your user file rating.

To change the user rating of the file

• Select the file from the Files List pane, click the handle from the bottom and choose File Rating from the options

• Click the File Rating tab from the File Details tab

• Click 'Rate Now' and choose the rating from the drop-down

The options available are:

• Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts

• Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.

• Malicious – The file will not be allowed to run.

• Click 'OK' in the 'Files Details' dialog

• Click 'OK' in the 'Advanced Settings' interface to save your settings.

To remove files(s) from the Files list

• Select the file(s) to be removed from the 'Files List' pane. You can select several entries to be removed at once by marking the check-boxes beside the entries.

• Click the handle from the bottom center and choose 'Remove'. The file is only removed from the list and not deleted from your system.

Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Remove' from the context sensitive menu.

• Click 'OK' for your changes to take effect.

To perform an online lookup for files

• Select the files to be checked from the 'Files list' pane. You can select several entries at once by marking the check-boxes beside the entries.

• Click the handle from the bottom and choose 'Lookup...'.

Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Lookup' from the context sensitive menu.

Comodo servers will be contacted immediately to conduct a search of Comodo's master safe list database to check if any information is available about the files in question and the results will be displayed.

If any malicious or unwanted file(s) is/are found, you will be given an option to delete the file from your computer on closing the dialog.

• Click 'Yes' to permanently delete the malicious file(s) from your computer.

• If a file is found to be safe, it will be indicated as 'Trusted' with a green icon. You can change its rating from the File Details dialog. Refer to the description of changing the file rating under the section File Details for more details. 

• If no information is available, it will be indicated as 'Unknown' with a yellow icon. You can submit the file to Comodo for analysis. Refer to the explanation below for more details.

 

To manually submit files to Comodo

• Select the file(s) to be submitted from the 'Files List' pane. You can select several entries to be sent at once by marking the check-boxes beside the entries.

• Click the handle from the bottom and choose 'Submit'. The file(s) will be immediately sent to Comodo.

 

Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Submit' from the context sensitive menu.

You can view the list of files you submitted so far, from the Submitted Files panel.

Exporting and Importing the Files List

You can export the list of files with their currently assigned file ratings to an XML file and store the list on a safe place. This is useful to restore your File List, in case you are reinstalling the CAVS application for some reasons.

To export the File List

• Click the handle from the 'File List' pane and choose 'Export' from the options

Tip: Alternatively, right click inside the 'File List' page and choose 'Export' from the context sensitive menu.

• Navigate to the location to store the XML file containing the file list and click 'Save'.

The file will be created and saved. You will be given an option to view the folder containing the XML file for confirmation.

To import a saved file list

• Click the handle from the 'File List' pane and choose 'Import' from the options

Tip: Alternatively, right click inside the 'File List' page and choose 'Import' from the context sensitive menu.

• Navigate to the location of the XML file containing the file list and click 'Open'.

The 'File List' will be populated as per the imported 'File List'.