Comodo Help
Find the desired product help
Comodo Cloud Antivirus

Comodo Cloud Antivirus

Version 1.20

English

Print Help Download Help
CCAV Settings > Advanced Protection Settings > Miscellaneous Protection Settings
  • Introduction To Comodo Cloud Antivirus
    • System Requirements
    • Installation
    • Start Comodo Cloud Antivirus
      • The Main Interface
      • The Widget
      • The System Tray Icon
    • Lucky You Statistics
    • Understand CCAV Alerts
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Certificate Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
    • Process Infected Files
    • Manage Detected Threats
    • View Valkyrie Analysis Results
  • The Sandbox
    • Run An Application Or Browser In The Sandbox
    • Manage Sandboxed Items
      • Review Files
  • View CCAV Logs
    • Antivirus Logs
    • Executed Application Logs (Sandbox Logs)
    • Setting Changes Logs
    • Scan Actions Logs
  • View And Manage Quarantined Items
  • CCAV Settings
    • General Settings
      • Customize User Interface
      • Configure Program Updates
    • Antivirus Settings
      • Antivirus Settings
      • Exclusions
    • Sandbox Settings
      • Sandbox Settings
      • Sandbox Rules
      • Protected Files/Folders
      • Track Files Created In The Sandbox
    • File Rating Settings
      • File Rating Settings
      • Trusted Applications
      • Submitted Applications
      • Trusted Vendors
    • Advanced Protection Settings
      • Browser Settings Protection
      • Miscellaneous Protection Settings
  • Get Live Support
  • Viruscope - Feature Spotlight
  • Comodo Internet Security Essentials
    • Understand Alerts And Configure Exceptions
  • Comodo Support And About Information
  • Appendix 1 - How To Tutorials
    • Enable / Disable AV, Sandbox And Game Mode
    • Run An Antivirus Scan On Selected Items
    • Block Incoming / Outgoing Internet Connection To Sandboxed Applications
    • Add Exclusions By Allowing Internet Connection To Sandboxed Applications
    • Enable/ Disable Realtime Scan
    • Run A Virus Scan On Your Computer
    • Run An Application Or Browser In The Sandbox
    • Run A Certificate Scan On Your Computer
    • Configure Antivirus Exclusions
    • View Lucky You Statistics
    • Switch Off Automatic Antivirus And Software Updates
    • Enable/ Disable Browser Settings Protection
    • Evaluate The Behavior Of Unknown Files In The Sandbox
    • Detect Potentially Unwanted Applications (PUA)
    • Delete Quarantined Items
    • Restore A Quarantined Item
    • Submit As False Positive
    • Configure Proxy And Host Settings
    • Enable/ Disable Sandbox Indicator
    • Enable / Disable Viruscope
    • Track File Created In The Sandbox
    • Respond To Alerts
    • View CCAV Logs
    • Get Instant Support
    • Uninstall CCAV
    • Add Exclusions To Contained Folders And Files
    • Give Contained Applications Write Access To Local Folders
    • Quickly Create An Execution Rule For A Program
  • About Comodo Security Solutions

Miscellaneous Protection Settings

 

The 'Miscellaneous' panel allows you to:

  • Configure heuristic command line analysis for certain applications

    • Configure protection against shellcode injections (buffer overflow attacks)


      To open the 'Miscellaneous' settings interface

      • Click 'Settings' at the top-left of the CCAV home screen
      • Click 'Advanced Protection' > 'Miscellaneous':




      The interface allows you to:

      • Run heuristic analysis on certain applications
      • Disable shellcode injection detection for certain applications


      Run heuristic analysis on certain applications

      • This setting instructs CCAV to perform heuristic analysis on programs that execute code, like Visual Basic scripts and Java applications.
      • Example file types that are checked are wscript.exe, cmd.exe, java.exe and javaw.exe.
      • For example, the program wscript.exe can be made to execute Visual Basic scripts (.vbs file extension) via a command similar to 'wscript.exe c:/tests/test.vbs'. If this option is selected, CCAV detects c:/tests/test.vbs from the command-line and applies all security checks based on this file.
      • If test.vbs attempts to connect to the internet, for example, the alert will state 'test.vbs' is attempting to connect to the internet.

      Background note: 'Heuristics' is a security technique that checks whether software contains code typical of a virus. Heuristics is about detecting ‘virus-like behavior’ rather than looking for a precise virus signature that matches a signature on the virus blacklist. This helps to identify previously unknown (new) viruses.


      Click the 'certain applications' link to view the list of programs that are included by default:




      Command-line analysis - Allows CCS to analyze and apply security checks to scripts that are executed by a command line. For example, consider the line ' wscript.exe c:/tests/test.vbs'. If test.vbs attempts to connect to the internet, the subsequent alert will state 'test.vbs' is attempting to connect to the internet. If this option is disabled, the alert will only state 'wscript.exe' is trying to connect to the internet.


      Embedded Code Detection - Embedded code detection protects you against fileless malware attacks. Fileless malware attacks allow malicious actors to directly execute Powershell commands on your system. These commands can be used to take control of your computer, install ransomware, steal confidential data and more. File-less scripts reside in memory so no trace of them remains after the computer is restarted.


      Click the ‘Add’ button to add new applications and processes to the list of analyzed items.


      Disable shellcode injection detection


      By default, shellcode injection protection is enabled for all applications on your computer. Use this setting to define applications which you do not want to be monitored for shellcode injections.


      Background: 

      • Shellcode injection is a malicious technique which allows an attacker to cause a buffer overflow on your system.
      • A buffer overflow occurs when a process attempts to store data beyond the boundaries of a fixed-length buffer. A buffer is an area of memory designed to hold a specific amount of data.
      • The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.
      • Overflows can be caused by inputs specifically designed to execute malicious code or make the program operate incorrectly. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits.

      To exclude certain applications from shellcode injection protection

      • Make sure 'Don't detect shellcode injections' checkbox is enabled and click the 'these applications' link. The 'Manage Exclusions' dialog will appear.
      • Click the 'Add' button at the top

      You can add items by selecting the required option from the drop-down:




      • File Groups - Select a category of pre-set files or folders. For example, 'Executables' lets you create a ruleset for all files with the extensions .exe .dll .sys .ocx .bat .pif .scr .cpl, *cmd.exe *.bat, *.cmd. Other categories available include 'Windows System Applications', 'Windows Updater Applications', 'Start Up Folders' etc.
      • Running Processes - As the name suggests, this option allows you to select an application or executable from the processes that are currently running on your PC.
      • Folders - Opens the 'Browse for Folders' window and enables you to navigate to the folder you wish to add.
      • Files - Opens the 'Open' window and enables you to navigate to the application or file you wish to add.
      Click 'OK' to implement your settings.
      Our Products
      • Free Antivirus
      • Free Internet Security
      • Website Malware Removal
      • Free Anti-Malware
      • Anti-Spam (Free Trial)
      • Windows Antivirus
      • Antivirus for Windows 7
      • Antivirus for Windows 8
      • Antivirus for Windows 10
      • Antivirus for MAC
      • Antivirus for Linux
      • Free Endpoint Security
      • Free ModSecurity
      • Free RMM
      • Free Website Malware Scanner
      • Free Device Manager for Android
      • Free Demo
      • Network Security
      • Endpoint Protection
      • Antivirus for Android
      • Comodo Antivirus
      • Wordpress Security
      Cheap CDN
      • Bootstrap CDN
      • Semantic UI CDN
      • Jquery CDN
      • CDN Plans
      • CDN
      • Free CDN
      Enterprise
      • Patch Management Software
      • Patch Manager
      • Service Desk
      • Website Down
      • Endpoint Protection Solutions
      • Website Security Check
      • Remote Monitoring and Management
      • Website Security
      • Device Manager
      • ITSM
      • CRM
      • MSP
      • Android Device Manager
      • MDR Services
      • Ransomware Prevention
      • Managed IT Support Services
      • Free EDR
      Free SSL Certificate
      Support Partners Terms and Conditions Privacy Policy

      © Comodo Group, Inc. 2024. All rights reserved.