Comodo Cloud Antivirus

• Introduction To Comodo Cloud Antivirus
  • System Requirements
  • Installation
  • Start Comodo Cloud Antivirus
    • The Main Interface
    • The Widget
    • The System Tray Icon
  • Lucky You Statistics
  • Understand CCAV Alerts
• Scan And Clean Your Computer
  • Run A Quick Scan
  • Run A Full Computer Scan
  • Run A Certificate Scan
  • Run A Custom Scan
    • Scan A Folder
    • Scan A File
  • Process Infected Files
  • Manage Detected Threats
  • View Valkyrie Analysis Results
• The Sandbox
  • Run An Application Or Browser In The Sandbox
  • Manage Sandboxed Items
    • Review Files
• View CCAV Logs
  • Antivirus Logs
  • Executed Application Logs (Sandbox Logs)
  • Setting Changes Logs
  • Scan Actions Logs
• View And Manage Quarantined Items
• CCAV Settings
  • General Settings
    • Customize User Interface
    • Configure Program Updates
  • Antivirus Settings
    • Antivirus Settings
    • Exclusions
  • Sandbox Settings
    • Sandbox Settings
    • Sandbox Rules
    • Protected Files/Folders
    • Track Files Created In The Sandbox
  • File Rating Settings
    • File Rating Settings
    • Trusted Applications
    • Submitted Applications
    • Trusted Vendors
  • Advanced Protection Settings
    • Browser Settings Protection
    • Miscellaneous Protection Settings
• Get Live Support
• Viruscope - Feature Spotlight
• Comodo Internet Security Essentials
  • Understand Alerts And Configure Exceptions
• Comodo Support And About Information
• Appendix 1 - How To Tutorials
  • Enable / Disable AV, Sandbox And Game Mode
  • Run An Antivirus Scan On Selected Items
  • Block Incoming / Outgoing Internet Connection To Sandboxed Applications
  • Add Exclusions By Allowing Internet Connection To Sandboxed Applications
  • Enable/ Disable Realtime Scan
  • Run A Virus Scan On Your Computer
  • Run An Application Or Browser In The Sandbox
  • Run A Certificate Scan On Your Computer
  • Configure Antivirus Exclusions
  • View Lucky You Statistics
  • Switch Off Automatic Antivirus And Software Updates
  • Enable/ Disable Browser Settings Protection
  • Evaluate The Behavior Of Unknown Files In The Sandbox
  • Detect Potentially Unwanted Applications (PUA)
  • Delete Quarantined Items
  • Restore A Quarantined Item
  • Submit As False Positive
  • Configure Proxy And Host Settings
  • Enable/ Disable Sandbox Indicator
  • Enable / Disable Viruscope
  • Track File Created In The Sandbox
  • Respond To Alerts
  • View CCAV Logs
  • Get Instant Support
  • Uninstall CCAV
  • Add Exclusions To Contained Folders And Files
  • Give Contained Applications Write Access To Local Folders
  • Quickly Create An Execution Rule For A Program
• About Comodo Security Solutions

Understand CCAV Alerts

 

CCAV alerts warn you about security related activities at the moment they occur. Each alert contains information about a particular issue so you can make an informed decision about whether to allow or block it. Alerts also let you specify how CCAV should behave in future when it encounters activities of the same type. The alerts also enable you to reverse the changes made to your computer by the applications that raised the security related event.

Alert Types

Comodo Cloud Antivirus alerts come in three main varieties. Click the name of the alert (at the start of the following bullets) if you want more help with a particular alert type.

• Antivirus Alerts - Shown whenever virus or virus-like activity is detected. AV alerts will be displayed only when 'Enable Realtime Scan' is selected and the option 'Alert' for 'Action when threat is detected' is selected in Real-time Scanner Settings.

• Sandbox Alerts (including Elevated Privilege Alerts) - Shown whenever an application tries to modify operating system or related files and when the CCAV sandboxes an unrecognizable file. Sandbox Alerts will be displayed only if 'Enable Auto-Sandbox' is enabled.

• VirusScope Alerts - Shown whenever a sandboxed process attempts to take suspicious actions, and when a non-sandboxed installer or updater takes suspicious actions. Viruscope alerts allow you to quarantine the process or let the process continue. Be especially wary if a Viruscope alert pops up 'out-of-the-blue' when you have not made any recent changes to your computer. Viruscope Alerts will be displayed only when Viruscope is enabled under Sandbox.

• Valkyrie Alert and Notification – Alerts are shown whenever CCAV receives a verdict on an 'Unknown' file submitted to Valkyrie. A notification will also be displayed if an unknown file is discovered but 'Submit unknown files automatically' is disabled in 'Sandbox Settings' interface.
  

• Browser Protection Alert – Shown when an application attempts to change your browser settings for the first time (e.g. default search engine, home page, privacy setting etc). Browser Protection Alerts will be displayed only if the alert type is enabled under Browser Settings Protection.

• Crash Encountered - Shown whenever the antivirus module encounters a crash. You can help Comodo rectify the issue by sending the error report to Comodo for analysis.

• Potentially Unwanted Applications (PUA) Detection – Shown if you attempt to download a piece of software from a domain that is known to serve potentially unwanted software (PUA). A PUA is a piece of software that a user may not be aware is installed on their computer, and/or may have functionality and objectives that are not clear to the user. Example PUA's include adware and browser toolbars.
  

• Emergency update – Shown when CCAV automatically installs updates which are required to address serious security issues or incompatibilities.

In each case, the alert may contain very important security warnings or may simply occur because you are running a certain application for the first time. Your reaction should depend on the information that is presented at the alert.

Answering an Antivirus Alert

Comodo Cloud Antivirus generates an 'Antivirus' alert whenever a virus or virus-like activity is detected on your computer. The alert contains the name of the virus detected and the location of the file or application infected by it. Within the alert, you are also presented with response-options such as 'Clean' or 'Ignore'.

Note: Antivirus alerts will be displayed only when 'Enable Realtime Scan' is selected and the option 'Alert' for 'Action when threat is detected' is selected in Real-time Scanner Settings.

The following response-options are available:

• Clean - Disinfects the file if a disinfection routine exists. If no routine exists for the file then it will be moved to Quarantine. If desired, you can submit the file/application to Comodo for analysis from the Quarantine interface. See View and Manage Quarantined Items for more details on quarantined files.

• Ignore - Allows the process to run and does not attempt to clean the file or move it to quarantine. Only click 'Ignore' if you are absolutely sure the file is safe. Clicking 'Ignore' will open three further options:
  

• Ignore Once - The file is allowed to run this time only. Another alert will be shown If the file attempts to execute on future occasions.
  

• Ignore and Add to Whitelist - The file is allowed to run and is added to Trusted Applications – effectively making this the 'Ignore Permanently' choice. No alert is generated if the same application runs again.

• Ignore and Report as False Alert - Allows the process to run and the file will be submitted as false positive added to the trusted applications list. Select this option only if you are absolutely sure the file is safe. No alert will be generated for this file in the future.

Antivirus Notification

If you have chosen either 'Block' or 'Quarantine' for the option 'Action when threat is detected' in Real-time Scanner Settings, it will be immediately blocked or quarantined and provide you with instant on-screen notification.

Please note that these antivirus notifications will be displayed only when you have chosen either 'Block' or 'Quarantine' for the option 'Action when threat is detected' in Real-time Scanner Settings, and 'Show notifications' check box is enabled in 'General Settings' > 'Customize User Interface' screen.

• If you do not want these notifications to be displayed in future, select the 'Hide notifications' checkbox.

Answering a Sandbox Alert

Comodo Cloud Antivirus generates an 'Sandbox' alert whenever an application rated as 'Untrusted' or 'Unknown' is executed. The alert contains the location from which the application is trying to execute. Within the alert, you are also presented with response-options such as 'Run in Sandbox', 'Run outside Sandbox' and 'Block'.

Note: Sandbox alerts will be displayed only when 'Enable Auto-sandbox' is selected and the option 'Alert for untrusted files' is chosen in Sandbox Settings.

• Run in Sandbox - The application will be launched inside the sandbox, preventing it from potentially causing damage to your computer. The sandbox is a secure, virtual environment which is sealed off from the rest of your system. Applications in the sandbox cannot modify other running processes, cannot access user-data, cannot access the registry and will write to a virtual hard drive instead of your real hard-drive.

• Run Outside Sandbox - The application will be run outside of the sandbox. This is useful, for example, if you wish to create an exception for an application that CCAV considers untrusted. This situation can occur for beta software, unsigned software or applications from relatively new vendors. CCAV will generate an alert if you execute the application in future unless you select 'Remember my choice' at the bottom of the alert.

• Block - The application will be prevented from running by CCAV.

• If you want CCAV to take the same action as you have chosen for the application in future, select 'Remember my choice' at the bottom of the alert.

Sandbox Notification

If you have chosen 'Sandbox all untrusted applications' in the 'Sandbox Settings' interface any untrusted application that is executed will be automatically sandboxed and a notification will be displayed.

• Clicking 'Don't sandbox it again' assigns 'Trusted' status to the file, so that the application will not be auto-sandboxed in future. Choose this option if you are absolutely sure that the executable is safe.

• If you do not want these notifications to be displayed in future, select 'Hide notifications' checkbox.

You will see the following alert when an application in the sandbox creates a file with an extension you have chosen to track:

 

• Click 'Review Files' to view the files that have been created. You can then move the files to a specific location on your computer.

• Click Here to find out how to track files in the sandbox.

Please note that these 'Sandbox' notifications will be displayed only when you have chosen 'Sandbox all untrusted applications' in the 'Sandbox Settings' interface and 'Show notifications' check box is enabled in 'General Settings' > 'Customize User Interface' screen.

Answering a Viruscope Alert

CCAV generates a Viruscope alert if a sandboxed process performs an action that might represent a threat to your privacy and/or security. Please note that Viruscope alerts are not always definitive proof that malicious activity has taken place. Rather, they are an indication that a process has taken actions that you ought to review and confirm because they have the potential to be malicious. You can review all actions taken by clicking the 'Show Activities' link.

Please read the following advice before answering a Viruscope alert:

1. Carefully read the information displayed in the alert.

• If you are not sure of the authenticity of the parent application indicated in the 'Location' field, you can move it to quarantine by clicking 'Clean'.

• If it is an application you trust, you can allow the process to run by clicking 'Ignore'.

• To view the activities of the process, click the 'Show Activities' link at the bottom right. The 'Process Activities List' dialog will open with a list of activities exhibited by the process.

Column Descriptions

• Application Activities - Displays the activities of each of the processes run by the parent application.

• Data - Displays the file affected by the action.

You can save the activities list for analysis at a later time by clicking the 'Export...' button at the bottom.

Answering a Valkyrie Alert

These alerts are shown when an unknown file is found to be malicious after analysis by Comodo Valkyrie. Users have the option to automatically upload unknown files which are running in the sandbox. Users can also manually upload files to Valkyrie for analysis.

The following response-options are available:

• Clean - Moves the file to 'Quarantine'. See View and Manage Quarantined Items for more details on quarantined files.

• Ignore - Allows the file and does not attempt to clean the file or move it to quarantine. Only click 'Ignore' if you are absolutely sure the file is safe. Clicking 'Ignore' will open three further options:

• Ignore Once - The file is allowed to run this time only. CCAV will produce another alert if the file attempts run in future.

• Ignore and Add to Whitelist - The file is allowed to run and is locally trusted - effectively making this the 'Ignore Permanently' choice. No alert is generated if the same application runs again.

• Ignore and Report as a False Alert – Allow the file to run and submit it to Comodo for re-evaluation. Select this option if you are sure the file is safe and wish Comodo to whitelist it. Comodo will analyze the file and, if the false-positive is verified, will add it to the whitelist.

Valkyrie Notifications 

Valkyrie notifications are only shown if an unknown file is detected but you have notenabled 'I want to enable 'Cloud Based Behavioral Analysis' …' in 'Sandbox Settings'.

 

• The 'Enable Cloud Analysis' check box is enabled by default.

• If you click 'OK' with this enabled then these alerts will no longer be shown. Unknown files will be automatically uploaded to Valkyrie in future. The corresponding box in Sandbox Settings will also be enabled.

If you choose not to enable cloud analysis, you have the option to be reminded daily, once a week or never.

 

To select an option, deselect 'Enable Cloud Analysis' check box, select the option and click 'OK'. If you select the last option, 'Don't ask again', the notification will not be displayed anymore. If this option is selected then in order to submit unknown files automatically to Valkyrie, you have to enable the option in the 'Sandbox Settings' interface. Please note you can also submit files manually by right-clicking on a file, then selecting 'Comodo Cloud Antivirus' > 'Submit to Valkyrie' from the context sensitive menu.

Browser Protection Alert

CCAV generates a Browser Protection Alert when an application tries to modify your browser settings for the first time. All such attempts by an application will be blocked but the alert message will be shown only for the first attempt for every application.

The alert shows the name of the application that attempted the modification.

Blocked applications will automatically be added to the 'Browser Settings Protection' area of CCAV. You can subsequently change access permissions for each application from this interface. You can also use this interface to manually add applications that you want to restrict.

Note: Browser Protection Alerts will be displayed only if the option 'Enable browser protection settings' is enabled under Browser Settings Protection.

 

Answering a Crash Reporting Alert

This alert is shown when one of the CCAV modules encounters a crash. CCAV generates a report that you may choose to send to Comodo to help improve the performance of the application.

Answering a Potentially Unwanted Application detection Alert

These are alerts that are shown when a potentially unwanted application is detected by CCAV. This option is enabled by default in 'File Rating' settings.

See File Rating Settings to find out more.

Emergency Alert

 

This alert is shown when CCAV automatically installs updates to fix very serious bugs and incompatibilities. For example, a new release of Windows may introduce a critical incompatibility with Comodo Cloud Antivirus which needs to be addressed immediately.