Endpoint Manager

• Introduction To Comodo Client Security
  • Special Features
  • System Requirements
  • Install Comodo Client Security
  • Start Comodo Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
  • Password Protection
• General Tasks - Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
    • Automatically Scan Unrecognized And Quarantined Files
  • Instantly Scan Files And Folders
  • Process Infected Files
  • Manage Virus Database Updates
  • Manage Blocked Autoruns
  • Manage Quarantined Items
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • Open Shared Space
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Pause And Resume The Virtual Desktop
    • Close The Virtual Desktop
  • Containment Statistics Analyzer
• DLP Tasks - Introduction
  • Run Data Loss Prevention Scans
  • Manage DLP Quarantined Files
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CCS Tasks
  • View CCS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alert Logs
    • CCS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Configuration Changes Logs
    • Virtual Desktop Event Logs
    • Data Loss Prevention Event Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
  • View Active Process List
• CCS Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Virus Database Updates
    • Log Settings
    • Manage CCS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
    • Manage Performance
  • Antivirus Configurations
    • Real-time Scanner Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Protected Objects
    • Protected Objects - HIPS
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
    • Protected Objects - Containment
      • Protected Files And Folders
      • Protected Keys
  • Data Loss Prevention
    • DLP Monitoring Rules
    • DLP Discovery Rules
    • DLP Keyword Groups
  • Containment Settings
    • Containment Settings
    • Auto-Containment Rules
    • Virtual Desktop Settings
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
  • Web Filter Settings
    • Website Filtering Rules
    • Website Categories
• Appendix 1 - CCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo Valkyrie For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus Updates
  • Suppress CCS Alerts Temporarily
  • Control External Device Accessibility
• Appendix 2 - Comodo Secure DNS Service
  • Router - Manually Enable Or Disable Comodo Secure DNS
  • Windows - Enable Comodo Secure DNS
• About Comodo Security Solutions

Unknown Files: The Scanning Processes

• When an executable is first run it passes through the following CCS security inspections:

• Antivirus scan

• HIPS Heuristic check

• Buffer Overflow check

• If the processes above determine that the file is malware then the user is alerted and the file is quarantined or deleted

• An application can become recognized as 'safe' by CCS (and therefore not scanned in the cloud) in the following ways:

• Because it is on the local Comodo White List of known safe applications

• Because the user has rated the file as 'Trusted' in the File List

• Because the software publisher is rated as 'Trusted' in the Vendor List.

• By the user granting the installer elevated privileges (CCS detects if an executable requires administrative privileges. If it does, it asks the user. If they choose to trust, CCS regards the installer and all files generated by the installer as safe)

• Additionally, a file is not sent for analysis in the cloud if it is defined as an Installer or Updater in HIPS Ruleset (See Active HIPS Rules for more details)

• Cloud Scanning 

Step 1 - Comodo File Look-up Server (FLS)

• In order to try to establish whether a file is safe or not, CCS will first consult Comodo's File Look-Up Server (FLS) to check the latest signature databases:

• A digital hash of the unrecognized process or file is created.

• These hashes are uploaded to the FLS to check whether the signature of the file is present on the latest databases. This database contains the latest, global black list of the signatures of all known malware and a white list of the signatures of the 'safe' files.

• First, our servers check these hashes against the latest available black-list

• If the hash is discovered on this blacklist then it is malware

• The result is sent back to the local installation of CCS

• If the hash is not on the latest black-list, it's signature is checked against the latest white-list

• If the hash is discovered on this white-list then it is trusted

• The result is sent back to local installation of CCS

• The local white-list is updated

• The FLS checks detailed above are near instantaneous.

• If the hash is not on the latest black-list or white-list then it remains as 'unrecognized'.
  

• Step 2 - Vendor Rating

• If a file is still 'unrecognized' after FLS check up, CCS checks the rating of the software publisher.

• 'Trusted' vendor rating – CCS will award trusted status to the file.

• 'Malicious' vendor rating - CCS will award malicious status to the software file and place it in quarantine.

• 'Unrecognized' vendor rating - The file will keep its unknown status and is run in the container. The file is also sent to Valkyrie for analysis.

• Step 3 - Valkyrie Analysis

• Applications that have neither file rating nor vendor rating are first contained then submitted to Valkyrie for analysis.

• Unrecognized files uploaded to Valkyrie undergo a battery of static and dynamic analysis. At the end of the automated tests, files are analyzed by human experts for confirmation.

• Valkyrie returns its verdicts to CCS which will quarantine, allow or contain the file as appropriate.

• Click here to view Valkyrie online help guide.