• How To Use Comodo Unknown File Hunter (UFH)

How to Use Comodo Unknown File Hunter (UFH)

 

Comodo UFH lets you scan your entire network to discover the trust levels of all files on your endpoints. The tool classifies files as 'safe' (whitelisted / no threat), 'malicious' (blacklisted / malware) or 'unknown' (neither blacklisted nor whitelisted). Unknown files are automatically submitted to Comodo Valkyrie for static and dynamic analysis. The results of the Valkyrie tests are reported back to UFH for your review.

This tutorial briefly explains how to set up and run a scan.

Step 1 - Download, install and run the tool

Comodo Unknown File Hunter can be downloaded from:

• Comodo One (C1)

• Comodo Valkyrie website

Comodo One

Unknown File Hunter is available for download from your C1 account:

• Login to your C1 account at https://one.comodo.com/

• Click 'Tools' > Click 'Download' in the Unknown File Hunter tile

• You can sign up for a free C1 account at https://one.comodo.com/. Creating a C1 account also creates a Valkyrie account for you

• You can login to UFH and Valkyrie with your C1 username/password

Comodo Valkyrie Website

• Go to https://valkyrie.comodo.com/

• Click 'Download Unknown File Hunter'

• You can create a Valkyrie account at https://valkyrie.comodo.com

• Note - when you create a Valkyrie account, a new C1 account is not created

• Please visit https://valkyrie.comodo.com/apt_tool/download/UnknownFileHunter.exe
  

Run Unknown File Hunter

• Launch the tool by double-clicking on the application icon:

• C:/Program Files (x86)/Comodo/UnknownFileHunter. Click the folder icon to change the path and click 'OK'
  

• You will need to agree to the EULA when you first run UFH on a new computer.

• Click the 'License agreement' link, read the agreement and click 'I Accept'.

Step 2 – Specify targets and run a scan

The are four ways to scan endpoints:

• Active Directory - Import computers from an active directory domain.

• Workgroup - Add computers that belong to a particular workgroup.

• Network Address - Specify individual host names, IP addresses or IP ranges.

• This Computer – Scan the local device.

If you need more help to specify targets, refer to our online guide at https://help.comodo.com/topic-400-1-794-10428-Scanning-Computers.html. Click 'Start Scanning' to begin the scan.

Step 3 – Submit unknown files to Valkyrie (optional) and view results

 

Detailed results are shown at the end of every scan.

• Click '+' beside a hostname to view all files analyzed on the endpoint. Double-click any file to view scan details on the file

• The tiles above the table show the total number of unknown, malicious and clean files on all endpoints covered by the scan 

• 'Unknown' means no trust rating is available for the file 

• Unknown files are uploaded to Valkyrie, Comodo's file analysis service, where they will be tested to find out whether or not they are malicious 

• After analysis, they will be re-categorized as either 'Safe' or 'Malicious' 

• Click 'Detailed Scan Results' to login to Valkyrie and view a breakdown of the tests on your files 

• Login at https://valkyrie.comodo.com/ with your Comodo, Comodo One or Valkyrie username and password. 

See 'Scan Results' if you need more help with this.

• You also can view detailed scan results in the 'Reports' section:

• Executive / Executive Valkyrie Report - Top level summary of scan results 

• Per Device / Per Device Valkyrie Report – Results grouped by device
  

• Per Program / Per Program Valkyrie Report – Results grouped by filename

For more details about reports, see https://help.comodo.com/topic-400-1-794-10430-Reports.html.