File List
The 'File List' pane displays a list of executable files and applications and executable files discovered on your system along with their file rating. CCS rates the files as:
Files with 'Trusted' rating are considered safe to run outside the sandbox. Files are identified as trusted in the following ways:
- Cloud-based file lookup service (FLS) - Whenever a file is first accessed, CCS will check the file against our master whitelist and blacklists and will award it trusted status if:
- The application is from a vendor included in the Trusted Software Vendors list;
- The application is included in the extensive and constantly updated Comodo safelist.
- Administrator rating (Applicable only if your CCS installation is remotely managed by your CESM/ITSM administrator).
- User Rating – You can assign 'Trusted' rating to any file from the Files List interface. Refer to the description of changing the file rating under the section File Details for more details. Users may also trust a file from an antivirus or containment alert.
Background note. For files that are trusted by the user, CCS generates a hash or a digest of the file using a pre-defined algorithm which it saves in its database. When accessing the file in future, a digest is created instantly and compared against the list of stored hashes. In this way, even if the file name is changed later, it will retain its Trusted status as the hash remains same.
Creating your own list of Trusted Files allows you to define a personal safe list of files to complement the default Comodo safe list.
CCS watches all file system activity on your computer. Every new executable file introduced to your computer is first scanned against the Comodo white and black lists. If they are not on either list they are neither known-safe nor known-bad) then they are awarded an 'Unrecognized' file rating. Any executables that are modified are also given the 'Unrecognized' status.
You can assess these unrecognized files to determine whether or not they are to be trusted. If they are trustworthy, they can be given the 'Trusted' rating. Refer to the description of changing the file rating for more details. You can also submit the files to Comodo for analysis. Experts at Comodo will analyze the files and add them to global white-list or black-list accordingly.
'Unrecognized Files' is specifically important while HIPS is in 'Clean PC Mode'. In Clean PC Mode, the files in 'Unrecognized Files' are NOT considered safe. For more information, please check 'Clean PC Mode' on the HIPS settings page.
Files that are identified as malicious from the FLS will be given 'Malicious' rating and will not be allowed to run by default.
The Trusted Files panel can be accessed by clicking 'Security Settings' > 'File Rating' > 'File List' from the Advanced Settings interface.
The pane displays the list of applications, programs and executable files discovered on your computer.
- Show non-executable files – If enabled, the list of files will also include non executable files. For example files with file extensions like .bat and so on.
Column Descriptions:
- File Path - Indicates installation or storage path of the file;
- Company – Shows the publisher of the file;
- First Observed - Indicates date and time at which the file was first discovered by CCS. For the files installed or stored before the installation of CCS, it shows the first execution time of CCS, when the file was discovered. For the files installed or stored after installation of CCS, it shows when the file was stored.
- File Rating - Indicates the current CCS rating of the file. The possible values are:
The files are rated based on the following, in order of priority:
-
Administrator rating (Applicable only if your CCS installation is remotely managed by your CESM/ITSM administrator).
-
User rating (Rating as set by the user, if modified from the default rating)
-
FLS rating
The File rating can be modified by the user in two ways:
- By clicking on the displayed rating in the row of the desired file and choosing the rating from the context sensitive menu.
- From the 'File Details' dialog of the desired file by selecting it, clicking the handle from the bottom and choosing 'File Details' from the options. Refer to the description of changing the file rating under the section File Details for more details.
Context Sensitive Menu
Right clicking on a file opens a context sensitive menu that allows you to view the 'File Details' dialog, remove the file from the list, submit the file to Comodo for analysis and more.
- Add - Allows you to manually add files to the 'File List' with user defined rating.
- File Details - Opens the 'File Details' dialog enabling you to view the details of the file and set user defined rating.
- Remove - Allows you to remove files from 'File List'.
- Lookup - Starts the online lookup of selected file with the master Comodo FLS safelist if any details are available.
- Valkyrie Lookup – Valkyrie is a cloud-based file analysis service that tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. The results of these file tests are stored on the Valkyrie servers to improve the effectiveness of the service for all CCS users. Clicking Valkyrie Lookup will search the file rating of the selected file from the Valkyrie analysis results.
- Submit - Begins the file submission process to CAMAS.
- Submit to Valkyrie – Begins the file submission process to Valkyrie analysis.
- Import - Enables you import a file list from an XML file.
- Export - Enables you export the current file list with existing ratings to an XML file.
- Jump to Folder – Opens the folder containing the file in Windows Explorer.
- Change File Rating to – Enables you to change the file rating to: Trusted, Unrecognized, Malicious.
Searching and Filtering options
You can use the search option to find a specific file based on the file path, file name or the publisher, from the list. Also, you can filter the list of files based on the installation/storage date and File rating.
To use the search option, click the search icon at the far right in the 'File path' column header.
- Click the chevron on the left side of the column header and select the search criteria from the drop-down.
- Enter the file path or the name of company in part or full as per the selected criteria in the search field and press 'Enter' to begin the search.
- To filter the list based on the date of installation or storage of the files, click the calendar icon at the right of the 'First Observed' column header and choose the time/date/period.
- To filter the list based on the file rating, click the funnel icon at the right of the 'File Rating' column header and select the ratings to display only the files with the selected rating(s).
Clicking the handle at the bottom of the panel opens the following options:
- Add - Allows you to manually add files, folders and running processes to the 'File List' with user defined rating
- File Details - Opens the 'File Details' dialog enabling you to view the details of the file and set user defined rating
- Remove - Allows you to remove files from 'File List'.
- Lookup... - Allows to you lookup of selected file with Comodo FLS safelist and Valkyrie analysis results.
- Lookup... - Starts the online lookup of selected file with the master Comodo FLS safelist if any details are available
- Valkyrie Lookup – Starts the Valkyrie lookup of the selected file from the Valkyrie analysis results.
- Submit - Begins the file submission process.
- Submit - Begins the file submission process to Comodo file analysis engines.
- Submit to Valkyrie - Begins the file submission process to Valkyrie analysis.
- Import - Enables you import a file list from an XML file
- Export - Enables you export the current file list with existing ratings to an XML file
To manually add files to 'File list'
- Click the handle from the bottom and choose 'Add'
Tip: Alternatively, right click inside the File List page and choose 'Add' from the context sensitive menu. |
You can add files to the File list by three ways:
- Files - Allows you to navigate to the file or executable of the program you wish to add and assign a rating.
- Folders - Allows you to navigate to the folder you wish to add. All the files in the folder will be added to the 'File List' with the rating you assign.
- Running Processes - Allows you to select a currently running process. On selecting a process, the parent application, which invoked the process will be added to 'File List' with the rating you assign.
Once you have chosen the file(s) or the folder, you can assign the rating for the file(s) to be added.
- Choose the rating to be assigned to the file(s). The available options are:
- Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts
- Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.
- Malicious – The file will not be allowed to run.
- Click 'OK' in the 'Add Files' dialog
- Click 'OK' in the 'Advanced Settings' for your changes to take effect.
To view the 'File Details' and change the rating
- Choose the file to view its details
- Click the handle from the bottom and choose 'File Details'
Tip: Alternatively, right click on the selected file inside the File List page and choose 'File Details' from the context sensitive menu. |
The 'File Details' dialog will open. The dialog contains two tabs:
The Overview tab displays the general details of the file and the publisher details.
- Clicking the file name opens the Windows 'File Properties' dialog.
- Clicking 'Jump to folder' opens the folder containing the file in Windows Explorer, with the respective file selected.
The 'File Rating' tab enables you to change the current rating of the file and displays the current rating as per the analysis result from Comodo servers and Valkyrie (if submitted to Valkyrie).
Note: If the CCS installation is remotely managed by the CESM/ITSM server on your network your Administrator's file rating for individual file will override your user file rating. |
To change the user rating of the file
- Select the file from the File List pane, click the handle from the bottom and choose File Rating from the options
- Click the File Rating tab from the File Details tab
- Click 'Rate Now' and choose the rating from the drop-down
The options available are:
- Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts
- Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.
- Malicious – The file will not be allowed to run.
- Click 'OK' in the 'Files Details' dialog
- Click 'OK' in the 'Advanced Settings' interface to save your settings.
To remove files(s) from the File list
- Select the file(s) to be removed from the 'File List' pane. You can select several entries to be removed at once by marking the check-boxes beside the entries.
- Click the handle from the bottom center and choose 'Remove'. The file is only removed from the list and not deleted from your system.
Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Remove' from the context sensitive menu. |
-
Click 'OK' for your changes to take effect.
To perform Comodo FLS lookup for files
- Select the files to be checked from the 'File list' pane. You can select several entries at once by marking the check-boxes beside the entries.
- Click the handle from the bottom and click 'Lookup...' then 'Lookup...' from the options.
Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Lookup' from the context sensitive menu. |
Comodo servers will be contacted immediately to conduct a search of Comodo's master safe list database to check if any information is available about the files in question and the results will be displayed.'
If any malicious or unwanted file(s) is/are found, you will be given an option to delete the file from your computer on closing the dialog.
- Click 'Yes' to permanently delete the malicious file(s) from your computer.
- If a file is found to be safe, it will be indicated as 'Trusted' with a green icon. You can change its rating from the File Details dialog. Refer to the description of changing the file rating under the section File Details for more details.
- If no information is available, it will be indicated as 'Needs to be submitted' with a yellow icon. You can submit the file to Comodo for analysis from the dialog that appears on closing the 'Lookup' dialog. Refer to the explanation below for more details.
To perform
Valkyrie lookup of files
Valkyrie is a cloud-based file analysis service that tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. The Valkyrie results are stored in Comodo Valkyrie servers for references.
- Select the files to be checked from the 'File list' pane. You can select several entries at once by marking the check-boxes beside the entries.
- Click the handle from the bottom and click 'Lookup...' then 'Valkyrie Lookup' from the options.
Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Valkyrie Lookup' from the context sensitive menu. |
Comodo Valkyrie servers will be contacted immediately to conduct a search in the database to check if any information is available about the files in question and the results will be displayed.
If any malicious or unwanted file(s) is/are found, you will be given an option to delete the file from your computer on closing the dialog.
- Click 'Yes' to permanently delete the malicious file(s) from your computer.
- If a file is found to be safe, it will be indicated as 'Trusted' with a green icon. You can change its rating from the File Details dialog. Refer to the description of changing the file rating under the section File Details for more details.
- If no information is available, it will be indicated as 'Unknown' with a yellow icon. You can submit the file to Comodo Valkyrie for analysis from the dialog that appears on closing the 'Lookup' dialog. Refer to the explanation below for more details.
To manually submit files to Comodo CAMAS
- Select the file(s) to be submitted from the 'File List' pane. You can select several entries to be sent at once by marking the check-boxes beside the entries.
- Click the handle from the bottom and click 'Submit', then 'Submit' from the options. The file(s) will be immediately sent to Comodo Automated Malware Analysis System.
Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Submit' from the context sensitive menu or click 'Yes' in the submit unknown files dialog from the 'Lookup...' feature. |
You can view the list of files you submitted so far, from the Submitted Files panel.
To submit files for Valkyrie analysis
Valkyrie is a online file verdict system that tests submitted files with a range of static and behavioral checks in order to identify those that are malicious.
- Select the file(s) to be submitted from the 'File List' pane. You can select several entries to be sent at once by marking the check-boxes beside the entries.
- Click the handle from the bottom and click 'Submit', then 'Submit to Valkyrie' from the options. The file(s) will be immediately sent to Comodo Valkyrie.
Tip: Alternatively, right click on a selected file inside the 'File List' page and choose 'Submit' from the context sensitive menu or click 'Yes' in the submit unknown files dialog from the ' Valkyrie Lookup...' feature. |
You can view
the list of files you submitted so far, from the 'Submitted
Files' panel.
Exporting and Importing the File List
You can export the list of files with their currently assigned file ratings to an XML file and store the list on a safe place. This is useful to restore your File List, in case you are reinstalling the CCS application for some reasons.
To export the File List
-
Click the handle from the 'File List' pane and choose 'Export' from the options
Tip: Alternatively, right click inside the 'File List' page and choose 'Export' from the context sensitive menu. |
- Navigate to the location to store the XML file containing the file list and click 'Save'.
The file will be created and saved. You will be given an option to view the folder containing the XML file for confirmation.
To import a saved file list
- Click the handle from the 'File List' pane and choose 'Import' from the options
Tip: Alternatively, right click inside the 'File List' page and choose 'Import' from the context sensitive menu. |
-
Navigate to the location of the XML file containing the file list and click 'Open'.
The 'File List' will be populated as per the imported 'File List'.