File Rating Settings
- A file’s trust rating determines how Comodo Client Security (CCS) handles the file on the endpoint
- The ratings are obtained from Comodo’s online file database, from the local CCS vendor list, and from the local CCS file list
- Whenever a file is accessed, CCS does a lookup on the online database, and also consults the two local lists
- The app is from a vendor who has a 'Trusted' status in the local vendor list in CCS
- The app is trusted in the online file database (aka, it is whitelisted)
- The application/file is trusted in the local CCS ‘File List’
Note: CCS uses Ports 4446 and 4447 of the endpoint computers for TCP and UDP connections to the cloud. If this option is enabled, we advise you keep these ports free and do not assign them to other applications. |
The interface lets you configure the overall behavior of the file rating system on Windows devices to which the profile is applied. You can also choose whether or not local file ratings should be consulted.
Configure File rating settings
- Click 'Configuration Templates' > 'Profiles'
- Click on the name of a Windows profile to open it's details page
- Click the 'File Rating' tab, if it has already been added to the profile
OR
- Click 'Add Profile Section' > 'File Rating'' if it hasn't yet been added
The file rating screen has two tabs:
- File
Rating - Enable file rating and configure overall behavior.
- Local Verdict Server Settings - Choose whether CCS should obey or ignore admin trust ratings which have been assigned to a file. Admins can assign a trust rating to a file in Endpoint Manager at ‘Security Sub-Systems’ > ‘Application Control’. If disabled, file rating scans will only consider the local and Comodo rating.
File Rating Configuration - Table of Parameters |
|
---|---|
Form Element |
Description |
Enable Cloud Lookup |
CCS automatically checks the reputation of files on Comodo's file lookup service (FLS).
(Default = Enabled) |
Enable upload metadata of unknown files to the cloud |
CCS uploads anonymized information about unknown files to Comodo servers. This allows us to analyze and whitelist/blacklist files more effectively.
(Default = Enabled) |
Show Cloud Alert |
CCS can show an alert on the device when malware is found during a file rating scan. Users can block or allow the malware from the alert.
(Default = Disabled) |
Detect potentially unwanted applications |
A potentially unwanted application (PUA) is an app that:
PUAs include adware and browser toolbars. They are often installed as an extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are legitimate pieces of software with their own EULA agreements. However, the true functionality of the software may not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet. CCS
will show an alert on the endpoint if it detects a PUA and a log
entry is created. (Default = Disabled) |
Auto Purge is enabled |
CCS checks the file list and removes invalid and obsolete entries. You can specify the interval at which the check should take place. (Default = Enabled ) |
Auto Purge Period |
The time interval at which auto-purge operations are performed.
(Default = Four hours) |
Custom FLS access ports |
Define custom ports through which the file lookup service will connect.
(Default = Disabled) |
Use proxy when performing Cloud Lookup | If enabled, CCS submits files to FLS for analysis through a proxy. The proxy server is same one that is defined for program and database updates. (Default = Disabled) |
Enable report for non-executable files |
If enabled, CCS sends a report on files identified as non-executable to EM on each file rating scan. (Default = Enabled ) |
Show non-executable files |
If enabled, non-executable files will also be added to the 'File List' interface of CCS on the endpoint. To access the file list in CCS, click 'Tasks' > 'Advanced Tasks' > 'Advanced settings' > 'Security settings' > 'File Rating' > 'File list'. (Default = Enabled ) |
-
Click 'Save' to apply your file rating settings.
Local Verdict Server Settings
Local Verdict Server Settings - Table of Parameters |
|
---|---|
Form Element |
Description |
Enable Local Verdict Server |
Choose whether CCS should consider the admin trust rating assigned to a file. (Default = Enabled)
|
Timeout for Unknown Files |
How often CCS should check Endpoint Manager for new ratings on files that are currently have no rating at all. (Default = 2 Minutes) |
Timeout for known files (Trusted, malware and Unrecognized) |
How often CCS should check Endpoint Manager for new ratings on files that are currently rated as ‘Trusted’, ‘Malware’ or ‘Unrecognized’. (Default = 1 Hours) |
Enable Synchronous Lookup | Able to suspend all online lookups in case of poor or lack of internet connection. (Default = Disabled) |
- Click
'Save' to apply your changes.