Comodo Help
Find the desired product help
Endpoint Manager

Endpoint Manager

Comodo Client Security 8.3

English

Print Help Download Help
Advanced Settings > Security Settings > Advanced Protection Settings > Comodo Containment > Unknown Files - The Scanning Processes
  • Introduction To Comodo Client Security
    • Special Features
    • System Requirements
    • Install Comodo Client Security
    • Starting Comodo Client Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understanding Security Alerts
  • General Tasks – Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
    • Instantly Scan Files And Folders
    • Processing Infected Files
    • Manage Virus Database And Program Updates
    • Manage Quarantined Items
    • View CCS Logs
      • Antivirus Logs
        • Filtering Antivirus Logs
      • Viruscope Logs
        • Filtering Viruscope Logs
      • HIPS Logs
        • Filtering HIPS Logs
      • Containment Logs
        • Filtering Containment Logs
      • Firewall Logs
        • Filtering Firewall Logs
      • Website Filtering Logs
        • Filtering Website Filtering Logs
      • Alerts Logs
        • Filtering Alerts Displayed Logs
      • Tasks
        • Filtering Tasks Launched Logs
      • File List Changes Logs
        • Filtering File List Changes Logs
      • Trusted Vendors List Changes Logs
        • Filtering Trusted Vendors List Changes Logs
      • Configuration Changes
        • Filtering Configuration Changes Logs
      • Device Control Logs
        • Filtering Device Control Logs
    • View Active Process List
    • View Active Internet Connections
  • Firewall Tasks – Introduction
    • Allow Or Block Internet Access To Applications Selectively
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • Advanced Firewall Settings
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
      • Downloading And Burning Comodo Rescue Disk
    • Submit Files
    • Identify And Kill Unsafe Running Processes
    • Remove Deeply Hidden Malware
    • Manage CCS Tasks
  • Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Program And Virus Database Updates
      • Log Settings
      • Manage CCS Configurations
        • Comodo Preset Configurations
        • Importing/Exporting And Managing Personal Configurations
    • Security Settings
      • Antivirus Settings
        • Real-time Scanner Settings
        • Scan Profiles
        • Exclusions
      • Advanced Protection Settings
        • HIPS Behavior Settings
        • Active HIPS Rules
        • HIPS Rule Sets
        • Protected Objects
          • Protected Files
          • Blocked Files
          • Protected Registry Keys
          • Protected COM Interfaces
          • Protected Data Folders
        • HIPS Groups
          • Registry Groups
          • COM Groups
        • Comodo Containment
          • The Container - An Overview
          • Unknown Files - The Scanning Processes
        • Configuring Containment Settings
        • Configuring Rules For Auto-Containment
        • Viruscope
        • Device Control Settings
      • Firewall Settings
        • Firewall Behavior Settings
        • Application Rules
        • Global Rules
        • Firewall Rule Sets
        • Network Zones
          • Network Zones
          • Blocked Zones
        • Port Sets
        • Website Filtering
          • Creating And Modifying Website Filtering Rules
          • Defining And Modifying Website Categories
      • Manage File Rating
        • File Rating Settings
        • File Groups
        • File List
        • Trusted Files
        • Unrecognized Files
        • Submitted Files
        • Trusted Vendors List
  • Appendix 1 CCS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment And Viruscope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Setting Up HIPS For Maximum Security And Usability
    • Create Rules For Auto-Containing Applications
    • Running An Instant Antivirus Scan On Selected Items
    • Creating An Antivirus Scanning Schedule
    • Run Untrusted Programs Inside The Container
    • Run Browsers Inside The Container
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Containment On A Per-application Basis
    • Switch Off Automatic Antivirus And Software Updates
    • Suppressing CCS Alerts Temporarily While Playing Games
    • Control External Device Accessibility
  • Appendix 2 - Comodo Secure DNS Service
    • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
  • About Comodo Security Solutions

Unknown Files: The Scanning Processes


  • When an executable is first run it passes through the following CCS security inspections:
  • Antivirus scan
  • HIPS Heuristic check
  • Buffer Overflow check
  • If the processes above determine that the file is malware then the user is alerted and the file is quarantined or deleted
  • An application can become recognized as 'safe' by CCS (and therefore notscanned in the cloud) in the following ways:
  • Because it is on the local Comodo White List of known safe applications
  • Because the user has raited the file as 'Trusted' in the 'File list'
  • By the user granting the installer elevated privileges (CCS detects if an executable requires administrative privileges. If it does, it asks the user. If they choose to trust, CCS regards the installer and all files generated by the installer as safe)
  • Additionally, a file is not sent for analysis in the cloud if it is defined as an Installer or Updater in HIPS Ruleset (See Active HIPS Rules for more details)
  • Cloud Scanning
     
Files and processes that pass the security inspections above but are not yet recognized as 'safe' (white-listed) are 'Unrecognized' files and contained automatically. In order to try to establish whether a file is safe or not, CCS will first consult Comodo's File Look-Up Server (FLS) to check the very latest signature databases:
  • A digital hash of the unrecognized process or file is created.
  • These hashes are uploaded to the FLS to check whether the signature of the file is present on the latest databases. This database contains the latest, global black list of the signatures of all known malware and a white list of the signatures of the 'safe' files.
  • First, our servers check these hashes against the latest available black-list
  • If the hash is discovered on this blacklist then it is malware
  • The result is sent back to the local installation of CCS
  • If the hash is not on the latest black-list, it's signature is checked against the latest white-list
  • If the hash is discovered on this white-list then it is trusted
  •  The result is sent back to local installation of CCS
  • The local white-list is updated
  • The FLS checks detailed above are near instantaneous.
  • If the hash is not on the latest black-list or white-list then it remains as 'unrecognized'.
  • Unrecognized files are simultaneously uploaded to Comodo's Instant Malware Analysis servers [a.k.a Comodo Automated Malware Analysis System (CAMAS)] for further checks:
  • Firstly, the files undergo another antivirus scan on our servers.
  • If the scan discovers the file to be malicious (for example, heuristics discover it is a brand new variant) then it is designated as malware. This result is sent back to the local installation of CCS and the local and global black-list is updated.
  • If the scan does not detect that the file is malicious then it passes onto the the next stage of inspection - behavior monitoring.
  • The behavior analysis system is a cloud based service that is used to help determine whether a file exhibits malicious behavior. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all actions that it takes will be monitored. For example, processes spawned, files and registry key modifications, host state changes and network activity will be recorded.
  • If these behaviors are found to be malicious, the file is submitted to our technicians for further manual checks and confirmation. If the manual testing confirms it as a malware, then it will be added to the global blacklist which will benefit all users. The results will be sent back to local installation of CCS, file will be quarantined and the user alerted.
  • If the manual analysis confirms the file as safe, then it will be added to global whitelist and results sent back to local installation of CCS.

Important Note: In order for the software to submit unknown files to our file rating and malware analysis servers (CAMAS), please make sure the following IP addresses and ports are allowed on your network firewall:

  • To allow communication with camas.comodo.com
  • IP that needs to be allowed: 199.66.201.30
  • Port that needs to be allowed: port 80 for TCP
  • Direction: Outgoing (Endpoints to CAMAS)
  • To allow communication with our FLSs:
  • IPs that need to be allowed:
  • 91.209.196.27
  • 91.209.196.28
  • 199.66.201.20
  • 199.66.201.21
  • 199.66.201.22
  • 199.66.201.25
  • 199.66.201.26
  • Ports that need to be allowed: 4447 UDP and 4448 TCP
  • Direction: Outgoing (Endpoints to FLSs)


Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.