Xcitium Enterprise

• Introduction To Comodo Client Security
  • Special Features
  • System Requirements
  • Install Comodo Client Security
  • Start Comodo Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
  • Password Protection
• General Tasks - Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
    • Automatically Scan Unrecognized And Quarantined Files
  • Instantly Scan Files And Folders
  • Process Infected Files
  • Manage Virus Database Updates
  • Manage Blocked Autoruns
  • Manage Quarantined Items
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • Open Shared Space
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Pause And Resume The Virtual Desktop
    • Close The Virtual Desktop
  • Containment Statistics Analyzer
• DLP Tasks - Introduction
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CCS Tasks
  • View CCS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alert Logs
    • CCS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Configuration Changes Logs
    • Virtual Desktop Event Logs
    • Data Loss Prevention Event Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
  • View Active Process List
• CCS Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Virus Database Updates
    • Log Settings
    • Manage CCS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
    • Manage Performance
  • Antivirus Configuration
    • Real-time Scanner Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Protected Objects
    • Protected Objects - HIPS
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
    • Protected Objects - Containment
      • Protected Files And Folders
      • Protected Keys
  • Data Loss Prevention
  • Containment Settings
    • Containment Settings
    • Auto-Containment Rules
    • Virtual Desktop Settings
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • File List
    • Submitted Files
    • Vendor List
  • Advanced Protection
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
  • Web Filter Settings
    • Website Filtering Rules
    • Website Categories
• Appendix 1 - CCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block / Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo Valkyrie For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus Updates
  • Suppress CCS Alerts Temporarily
  • Control External Device Accessibility
• Appendix 2 - Comodo Secure DNS Service
  • Router - Manually Enable Or Disable Comodo Secure DNS
  • Windows - Enable Comodo Secure DNS
• About Xcitium

Vendor List

• Click 'Settings' > 'File Rating' > 'Vendor List'
  

There are three ways that a file can be treated as safe in CCS:

• The file is on the Comodo safe list (a global white-list of trusted software)

• The user has assigned 'Trusted' rating to the file in the CCS file list (‘Settings’ > ‘File Rating’ > ‘File List’)

• The file is published and signed by a trusted vendor. The 'vendor' is the software company that created the file.

With regards to vendor settings, CCS handles unknown files as follows:

• The file is allowed to run normally if:

• The vendor rating is 'Trusted' AND you have enabled 'Rate applications according to their vendor rating' in File Rating Settings

• The file is run in the container if:

• The vendor rating is 'Unrecognized' AND you have enabled 'Rate applications according to their vendor rating' in File Rating Settings 

• The vendor is not in the vendor list (regardless of whether you have enabled 'Rate applications according to their vendor rating') 

• The file is blocked and quarantined if:

• The vendor rating is 'Malicious' AND you have enabled 'Rate applications according to their vendor rating' in File Rating Settings

Vendor List

• CCS ships with a list of trusted vendors who have a reputation of creating legitimate, safe software. CCS allows unknown files which are digitally signed by one of these vendors to run.

• Click 'Settings' > 'File Rating' > 'Vendor List' to view this list of trusted vendors.

• You can also add new vendors, and change the rating of existing vendors.

The vendor rating priority is as follows:

• Admin

• User

• Comodo

• Software publishers can get themselves added to trusted vendors by contacting Comodo with their software details. Click here to read more about this.

•  Click here if you want to read background information on digitally signing software.

Open the 'Vendor List' interface

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List':

• Add a new vendor to the list

• View details of vendors and assign user rating

• Perform an online lookup for vendors

• Remove vendors from the list

Column Descriptions:

• Vendor - The name of the software publisher

• Rated By - The entity that assigned the rating you see in the 'Rating' column. This can be 'Administrator', 'User' or 'Comodo' rating.

• Last Modified - Date and time the rating was most recently updated.

• Rating - Current trust rating of the vendor. The possible values are:

• Trusted

• Unrecognized

• Malicious
  

• Click on the rating to assign a new rating 

• CCS obeys vendor ratings with the following priority:

• Admin rating

• User rating

• Comodo rating.

There are three ways you can set a vendor rating:

1. Right-click on a vendor in the 'Vendor List'

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Right-click on a vendor > Select 'Change File Rating to' > Choose a new rating:

 

2. In the file rating column

• Click on the rating of a vendor in the 'Rating' column

• Choose a new rating from the options:

3. From the 'File Details' dialog

• Select a vendor in the file list

• Click the 'Vendor Details' button at the top

• Click the 'Vendor Rating' tab

• Click the 'Rate Now' link beside 'User'

• Set the rating as required

• Click 'OK'

Context Sensitive Menu

• Right-click on a vendor to open a context sensitive menu that allows you to view the 'Vendor Details' dialog, assign a rating to a vendor, add / remove vendors, and more.

 

• Add - Manually add a new vendor to the vendor list. You can select an executable file or a currently running process to add the publisher who signed that file to the list.

• Vendor Details - View the information about the vendor. You can also assign user defined trust rating to the vendor

• Remove - Delete the vendor from the list

• Lookup... - Check details of the vendor from the master Comodo trusted vendor list

• Change File Rating to - Set user defined trust rating to the vendor

• Reset User Rating - Clear user rating and reinstate Comodo rating

Controls

The buttons at the top provide the following options:

• Add - Manually add a new vendor to the list. You can add a vendor by simply selecting a file or a running process. CCS will extract the publisher who signed the file/process. 

• Vendor Details - View information about the selected vendor. You can also set your own trust rating for the vendor from here.

• Remove - Delete selected vendors from the list. You can only remove user-added vendors.

• Lookup... - Check details of a vendor on Comodo's online trusted vendor list

Sort, Search and Filter options

• Click any column header to sort the list in order of the entries in that column

• Click the search icon in the 'Vendor' column header to look for specific vendors

• Click the calendar icon in the 'Last Modified' column header to filter vendors by date modified:

 

• Click the funnel icon in the 'Rated By' / 'Rating' columns to filter vendors by trust rating, and by who assigned the rating:

Add a new vendor to the list

• You can add vendors simply by browsing to a file they have digitally signed

• CCS will read the vendor's signature from the file and add them to the list

• You can then assign your own rating to the vendor

There are two ways to add vendors:

• Specify an executable file on your local drive

• Select a currently running process

Add a vendor by reading the vendor's signature from an executable

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Click the 'Add' button at the top and select 'Read from a signed executable'

• Alternatively, right-click inside the vendor list and select 'Add' > 'Read from a signed executable'

 

• Navigate to the executable file whose publisher you want to add to the vendor list and click 'Open'.

CCS checks that the .exe file is signed by the vendor and counter-signed by a Trusted CA. If so, you can add the vendor to the list by assigning your trust rating'.

• Choose your rating and click 'OK'

• The vendor will be added to the list with your rating

If the vendor is already on the list you will be notified:

You can assign your own rating to the existing vendor:

• Choose your rating and click 'OK'

• The user rating for the vendor will be assigned as you set

• If CCS cannot verify that the software certificate is signed by a Trusted CA then it does not add the software vendor to the vendor list. In this case, you can see the following error message

 

Add a trusted vendor from a currently running process

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Click the 'Add' button at the top and select 'Read from a Running Process'

• Alternatively, right-click inside the vendor list and select 'Add' > 'Read from a Running Process'

• Select the signed executable that you want to trust and click the 'OK' button

• Comodo Client Security performs the same certificate check as described above. If the parent application of the selected process is signed, you will be able to assign a rating and add the vendor as described above

View details of vendors and assign user rating

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Select a vendor and click the 'Vendor Details' button

• Alternatively, right-click on a vendor and select 'Vendor Details'

• Overview

• Vendor Rating

Overview

The 'Overview' tab shows general details such as the vendor name, Comodo assigned rating, when the vendor was added and more:

Vendor Rating

The 'Vendor Rating' tab shows the vendor's current trust rating from Comodo and your admin and lets you set your own rating:

Change the user rating of the vendor:

• Select the vendor from the 'Vendor List' pane and click the 'Vendor Details' button

• Click the 'Vendor Rating' tab from the 'Vendor Details' pane

• Click the 'Rate Now' link beside 'User' and choose the rating from the drop-down

• Click 'OK'

• The trust rating of the vendor will be updated with the user rating in the 'Vendor List' interface.

• You can change the rating for the vendor at anytime by following the same process

Tip: Alternatively, right click on a selected vendor, then choose 'Change File Rating to' from context sensitive menu and select the rating.

• Click 'OK' in the 'Advanced Settings' interface to save your settings

Perform an online lookup for vendors

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Select vendor(s) and click the 'Look Up...' button

• Alternatively right-click on a vendor and select 'Look up...'

Comodo servers will be contacted immediately to conduct a search of Comodo's trusted vendor list database to check if any information is available about the vendor in question and the results will be displayed.

Remove vendors from the list

• Click 'Settings' on the CCS home-screen

• Click 'File Rating' > 'Vendor List'

• Select vendor(s) and click the 'Remove' button

• Alternatively right-click on a vendor and select 'Remove'
  

 

Background

Many software vendors digitally sign their software with a code signing certificate. This practice helps end-users to verify:

i. Content Source: The software they are downloading and are about to install really comes from the publisher that signed it.

ii. Content Integrity: That the software they are downloading and are about to install has not be modified or corrupted since it was signed.

In short, users benefit if software is digitally signed because they know who published the software and that the code hasn't been tampered with. They know they are downloading and installing the genuine software.

The 'Vendors' that digitally sign the software to attest to it's probity are the software publishers. These are the company names you see listed in the first column in the vendor list.

However, companies can't just 'sign' their own software and expect it to be trusted. This is why each code signing certificate is counter-signed by an organization called a 'Trusted Certificate Authority'. 'Sectigo', 'Identrust' and 'Digicert' are examples of trusted CA's authorized to counter-sign 3rd party software. The counter-signature is critical to the trust process, so a CA only counter-signs a certificate after conducting strict background checks on the vendor.

If a file is signed by a vendor with 'Trusted' rating in the vendor list  and the user has 'Rate applications according to their vendor rating' in the 'File rating Settings' then it will be automatically trusted by Comodo Internet Security.

One way of telling whether an executable file has been digitally signed is checking the properties of the .exe file in question. For example, the main executable for Comodo Internet Security is called 'cis.exe', which has been counter-signed by Sectigo certificate authority.

• In short, users benefit if software is digitally signed because they know who published the software and that the code hasn't been tampered with. They know they are downloading and installing the genuine software.

• The 'Vendors' that digitally sign their software are the software publishers. These are the company names you see listed in the vendor list.

• However, companies can't just 'sign' their own software and expect it to be trusted. This is why each code signing certificate is counter-signed by an organization called a 'Certificate Authority' (CA).

• 'Comodo CA Limited' and 'Verisign' are two example CAs who are authorized to counter-sign 3rd party software.

• The counter-signature is critical to the trust process. A CA only counter-signs a certificate after it has conducted detailed background checks on the publisher.

• One of the methods of identifying whether an executable file has been digitally signed is by checking the properties of the .exe file in question.

• For example, the main program executable for Comodo Client Security is called 'cis.exe' and has been digitally signed.

• Browse to the (default) installation directory of Comodo Client Security.

• Right click on the file cis.exe.

• Select 'Properties' from the menu.

• Click the tab 'Digital Signatures (if there is no such tab then the software has not been signed).

Click the 'Details' button to view certificate details. Click the 'View Certificate' button to inspect the actual code signing certificate. (see below).

It should be noted that the example above is a special case in that Comodo, as creator of 'cis.exe', is both the signer of the software and, as a trusted CA, it is also the counter-signer (see the 'Countersignatures' box). In the vast majority of cases, the signer or the certificate (the vendor) and the counter-signer (the Trusted CA) are different.

The Trusted Vendor Program for Software Developers

Software vendors can have their software added to the default 'Vendor List' with 'Trusted' status that is shipped with Comodo Client Security. This service is free of cost and is also open to vendors that have used code signing certificates from any Certificate Authority. Upon adding the software to the vendor list, CCS automatically trusts the software and does not generate any warnings or alerts on installation or use of the software.

The vendors have to apply for inclusion in the vendors list through the sign-up form at http://internetsecurity.comodo.com/trustedvendor/signup.php and make sure that the software can be downloaded by our technicians. Our technicians check whether:

• The software is signed with a valid code signing certificate from a trusted CA;

• The software does not contain any threats that harm a user's PC;

before adding it to the default vendor list of the next release of CCS.

More details are available at http://internetsecurity.comodo.com/trustedvendor/overview.php.