Comodo Help
Find the desired product help
Endpoint Manager

Endpoint Manager

Comodo Client Security 12.10

English

Print Help Download Help
CCS Advanced Settings > Advanced Protection > Script Analysis Settings
  • Introduction To Comodo Client Security
    • Special Features
    • System Requirements
    • Install Comodo Client Security
    • Start Comodo Client Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understand Security Alerts
    • Password Protection
  • General Tasks - Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
      • Automatically Scan Unrecognized And Quarantined Files
    • Instantly Scan Files And Folders
    • Process Infected Files
    • Manage Virus Database Updates
    • Manage Blocked Autoruns
    • Manage Quarantined Items
  • Firewall Tasks - Introduction
    • Configure Internet Access Rights For Applications
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • View Active Internet Connections
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
    • Identify And Kill Unsafe Running Processes
    • Open Shared Space
    • The Virtual Desktop
      • Start The Virtual Desktop
      • The Main Interface
      • Run Browsers Inside The Virtual Desktop
      • Open Files And Run Applications Inside The Virtual Desktop
      • Pause And Resume The Virtual Desktop
      • Close The Virtual Desktop
    • Containment Statistics Analyzer
  • DLP Tasks - Introduction
    • Run Data Loss Prevention Scans
    • Manage DLP Quarantined Files
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
      • Download And Burn Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Manage CCS Tasks
    • View CCS Logs
      • Antivirus Logs
      • VirusScope Logs
      • Firewall Logs
      • HIPS Logs
      • Containment Logs
      • Website Filtering Logs
      • Device Control Logs
      • Autorun Event Logs
      • Alert Logs
      • CCS Tasks Logs
      • File List Changes Logs
      • Vendor List Changes Logs
      • Configuration Changes Logs
      • Virtual Desktop Event Logs
      • Data Loss Prevention Event Logs
      • Search And Filter Logs
    • Submit Files For Analysis To Comodo
    • View Active Process List
  • CCS Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Virus Database Updates
      • Log Settings
      • Manage CCS Configurations
        • Comodo Preset Configurations
        • Personal Configurations
      • Manage Performance
    • Antivirus Configurations
      • Real-time Scanner Settings
      • Scan Profiles
    • Firewall Configuration
      • General Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
    • HIPS Configuration
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • HIPS Groups
        • Registry Groups
        • COM Groups
    • Protected Objects
      • Protected Objects - HIPS
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
      • Protected Objects - Containment
        • Protected Files And Folders
        • Protected Keys
    • Data Loss Prevention
      • DLP Monitoring Rules
      • DLP Discovery Rules
      • DLP Keyword Groups
    • Containment Settings
      • Containment Settings
      • Auto-Containment Rules
      • Virtual Desktop Settings
      • Containment - An Overview
      • Unknown Files - The Scanning Processes
    • File Rating Configuration
      • File Rating Settings
      • File Groups
      • Submitted Files
    • Advanced Protection
      • VirusScope Settings
      • Scan Exclusions
      • Device Control Settings
      • Script Analysis Settings
      • Miscellaneous Settings
    • Web Filter Settings
      • Website Filtering Rules
      • Website Categories
  • Appendix 1 - CCS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Set Up HIPS For Maximum Security And Usability
    • Create Rules To Auto-Contain Applications
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scan Schedule
    • Run Untrusted Programs Inside The Container
    • Run Browsers Inside The Container
    • Restore Incorrectly Quarantined Items
    • Submit Quarantined Items To Comodo Valkyrie For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Containment On A Per-application Basis
    • Switch Off Automatic Antivirus Updates
    • Suppress CCS Alerts Temporarily
    • Control External Device Accessibility
  • Appendix 2 - Comodo Secure DNS Service
    • Router - Manually Enable Or Disable Comodo Secure DNS
    • Windows - Enable Comodo Secure DNS
  • About Comodo Security Solutions

Script Analysis Settings


  • Click 'Settings' > 'Advanced Protection' > 'Script Analysis'
  • The script analysis settings panel lets you:
  • Configure heuristic command line analysis for applications in real-time
  • Configure heuristic command line analysis for auto-run entries. Auto-run entries include Windows services, auto-start items and scheduled tasks.

Background note: 'Heuristics' is a technology which analyzes a file to see if it contains code typical of a virus. Heuristics is about detecting 'virus-like' traits in a file. This helps to identify previously unknown (new) viruses.


Open the 'Script Analysis' settings panel

  • Click 'Settings' on the CCS home screen
  • Click 'Advanced Protection' > 'Script Analysis'


     
  • Perform Script Analysis (Recommended) - Enable / disable script analysis of managed applications (Default = Enabled) 
      • Limit the total size of saved detected scripts to 'N' KB - CCS stores the list of executing scripts that are run by the managed applications for analysis. This options allows you to specify the total size of the stored scripts. When the set limit is reached, the older scripts are deleted automatically.

          The interface has two tabs:

            • Runtime Detection
                • Autoruns Scans

                  Runtime Detection

                   

                  CCS performs heuristic analysis on certain programs because they are capable of executing code. Example programs are wscript.exe, cmd.exe, java.exe and javaw.exe. Example code includes Visual Basic scripts and Java applications.

                  • For example, the program wscript.exe can be made to execute Visual Basic scripts (.vbs file extension) via a command similar to 'wscript.exe c:/tests/test.vbs'.
                  • If this option is selected, CCS detects c:/tests/test.vbs from the command-line and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state 'test.vbs' is attempting to connect to the internet
                  • If this option is disabled, the alert would only state 'wscript.exe' is trying to connect to the Internet'.
                    • Relevant settings are applied to the scripts. For example, if a script is detected by the containment module, then auto-containment rules are applied. Each module (AV, FW, VirusScope and so on) that detects a script will apply its appropriate settings.




                      Runtime Detection - Column Descriptions

                      Column Header

                      Description

                      Application

                      Names of existing applications covered by this rule.

                      Heuristic Command-Line Analysis

                      Enable or disable command line tracking.

                      Embedded Code Detection

                      Enable or disable embedded code tracking.

                      Exclusions Create exclude processes from blocked by embedded code/ command line using the regular expressions


                      Manually add a new application to the list for analysis

                      • Click 'Add' at the top



                      You can add an application by following methods:

                      • Add a new application
                      • Add a current application
                      • Add application from the currently running processes

                      Add a new application

                      • Click 'Add new application' from the 'Add' drop-down
                      • Enter the file path in the 'Edit Property' dialog and click 'OK'



                      The application will be added and displayed in the list.



                      • Click "OK" to apply your settings


                      Add a current application

                      • Click 'Add' then 'Applications' from the drop-down
                      • Navigate to the file you want to add in the 'Open' dialog and click 'Open'
                      • The file will be added to the list
                      • Click "OK" to apply your settings

                      Add a currently running processes

                      • Choose 'Running Process' from the 'Add' drop-down
                      • A list of currently running processes in your computer will be displayed
                      • Select the process whose parent application you wish to add for analysis
                      • Click 'OK' from the 'Browse for Process' dialog
                      • The application will be added to the list
                      • Use the slider beside the applications to enable/disable them for analysis.
                      • Click the 'Edit' button to update the details of an application.
                      • To remove an application, select it from the list and choose 'Remove' at the top.
                      • To reset to default applications for analysis, click 'Reset to Default' at the top.
                      • Click 'OK' at the bottom to apply your changes.

                      Add Exclusions

                      • You can  be able to exclude and log the command line detected by script analysis by defining a regular expression on CCS. The detected but excluded items shall be able to log as "ignored"

                      • Click ‘Add’ at the top


                       

                      • Enter an expression which you want to exclude for ex : "C:Users"

                      • Specify the type of regular expression of data need to add.

                        • Single Character– Regular expressions are patterns that match a single character. Most characters, including all letters ( a-z and A-Z ) and digits ( 0-9 ), match itself. For example, the regex s matches substring "s" , z matches "z" , and 9 matches "9"

                        • Multiple Characters- Regex that match the multiple characters like # and %, /=

                        • Fixed length – Fixed regular regex that you cannot exceed to match regix after the defined length 

                          • Symbol Types – We are using different types of letters, digits and customs symbols in regular expressions

                      For ex :

                      1)  [...]: Accept ANY ONE of the character within the square bracket,  e.g., [aeiou] matches "a", "e", "i", "o" or "u"

                      2)  All characters, except those having special meaning in regex, matches themselves. E.g., the regex x matches substring "x"; regex 9 matches "9"; regex = matches "="; and regex @ matches "@".

                      • Click ‘Custom symbols’ to make your own regex. Enter any symbols you need to add
                        • Data Patterns – You can select any of the patterns from the list. The path shows any of the file or folder path like “C:UsersPublicDocuments” or add an email address or URL data patterns

                      • Click ‘Generate Regular Expression’ to add a new one.

                      • Click ‘Ok’ to save your changes

                      Edit an Exclusions

                      • Select an expression to edit > Click ‘Edit’

                      • Edit the regex where you need to change

                      • Click ‘Ok’ to save your changes

                      Delete an Exclusions

                      • Select an expression to edit > Click ‘Remove’

                      • The selected regex will be removed


                      Autoruns Scans

                      • Add and manage applications for which you want to perform heuristic command-line analysis and embedded code detection in order to protect Windows services, autostart items and scheduled tasks.
                      • CCS ships with a list of predefined applications for which it performs heuristic analysis on programs that are capable of executing code.
                      • The applications added here are applicable for the settings in:
                      • 'Scan Options' > 'Apply this action to suspicious autorun processes' (monitors only during on-demand scans)
                      • 'Advanced Settings' > 'Miscellaneous' > 'Apply the selected action to unrecognized autorun entries related to new/modified registry items' (monitors constantly)

                      Open the 'Autoruns Scans' interface

                      • Click 'Settings' on the CCS home tasks screen
                      • Click 'Advanced Protection' > 'Script Analysis'




                      Autroruns Scans - Column Descriptions

                      Column Header

                      Description

                      Application

                      Names of existing applications covered by this rule.

                      Heuristic Command-Line Analysis

                      Enable or disable command line tracking.

                      Embedded Code Detection

                      Enable or disable embedded code tracking.

                      Exclusions Create exclude processes from blocked by embedded code/ command line using the regular expressions


                      Manually add a new application to the list for analysis

                      • Click 'Add' at the top




                      You can add an application by following methods:

                      • Add a new application
                      • Add a current application
                      • Add application from the currently running processes

                      Add a new application

                      • Click 'Add new application' from the 'Add' drop-down
                      • Enter the file path in the 'Edit Property' dialog and click 'OK'




                      The application will be added and displayed in the list.



                      • Click "OK" to apply your settings

                      Add an application

                      • Click 'Add' then 'Applications' from the drop-down
                      • Navigate to the executable file you want to add in the 'Open' dialog and click 'Open'
                      • The file will be added to the list
                      • Click "OK" to apply your settings

                      Add a currently running processes

                      • Choose 'Running Process' from the 'Add' drop-down
                      • A list of currently running processes in your computer will be displayed
                      • Select the process whose parent application you wish to add for analysis
                      • Click 'OK' from the 'Browse for Process' dialog
                      • The application will be added to the list
                      • Use the slider beside the applications to enable/disable them for analysis
                      • Click the 'Edit' button to update the details of an application
                      • To remove an application, select it from the list and choose 'Remove' at the top
                      • To reset to default applications for analysis, click 'Reset to Default' at the top
                      • Click 'OK' at the bottom to apply your changes.

                      Add Exclusions

                      • You can  be able to exclude and log the command line detected by script analysis by defining a regular expression on CCS. The detected but excluded items shall be able to log as "ignored"

                      • Click ‘Add’ at the top


                       

                      • Enter an expression which you want to exclude for ex : "C:Users"

                      • Specify the type of regular expression of data need to add.

                        • Single Character– Regular expressions are patterns that match a single character. Most characters, including all letters ( a-z and A-Z ) and digits ( 0-9 ), match itself. For example, the regex s matches substring "s" , z matches "z" , and 9 matches "9"

                        • Multiple Characters- Regex that match the multiple characters like # and %, /=

                        • Fixed length –

                          • Symbol Types – We are using different types of letters, digits and customs symbols in regular expressions

                      For ex :

                      1)  [...]: Accept ANY ONE of the character within the square bracket,  e.g., [aeiou] matches "a", "e", "i", "o" or "u"

                      • Click ‘Custom symbols’ to make your own regex. Enter any symbols you need to add
                        • Data Patterns – You can select any of the patterns from the list. The path shows any of the file or folder path like “C:UsersPublicDocuments” or add an email address or URL data patterns

                      • Click ‘Generate Regular Expression’ to add a new one.

                      • Click ‘Ok’ to save your changes

                      Edit an Exclusions

                      • Select an expression to edit > Click ‘Edit’

                      • Edit the regex where you need to change

                      • Click ‘Ok’ to save your changes

                      Delete an Exclusions

                      • Select an expression to edit > Click ‘Remove’

                      • The selected regex will be removed
                      Our Products
                      • Free Antivirus
                      • Free Internet Security
                      • Website Malware Removal
                      • Free Anti-Malware
                      • Anti-Spam (Free Trial)
                      • Windows Antivirus
                      • Antivirus for Windows 7
                      • Antivirus for Windows 8
                      • Antivirus for Windows 10
                      • Antivirus for MAC
                      • Antivirus for Linux
                      • Free Endpoint Security
                      • Free ModSecurity
                      • Free RMM
                      • Free Website Malware Scanner
                      • Free Device Manager for Android
                      • Free Demo
                      • Network Security
                      • Endpoint Protection
                      • Antivirus for Android
                      • Comodo Antivirus
                      • Wordpress Security
                      Cheap CDN
                      • Bootstrap CDN
                      • Semantic UI CDN
                      • Jquery CDN
                      • CDN Plans
                      • CDN
                      • Free CDN
                      Enterprise
                      • Patch Management Software
                      • Patch Manager
                      • Service Desk
                      • Website Down
                      • Endpoint Protection Solutions
                      • Website Security Check
                      • Remote Monitoring and Management
                      • Website Security
                      • Device Manager
                      • ITSM
                      • CRM
                      • MSP
                      • Android Device Manager
                      • MDR Services
                      • EDR Services
                      • Ransomware Prevention
                      • Managed IT Support Services
                      • EDR
                      Free SSL Certificate
                      Support Partners Terms and Conditions Privacy Policy

                      © Comodo Group, Inc. 2023. All rights reserved.