Comodo Internet Security

• Introduction To Comodo Internet Security
  • Special Features
  • Download, Installation And Activation
  • Start Comodo Internet Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Secure Shopping Settings
  • Manage Virus Database And Program Updates
  • Get Live Support
  • Manage Blocked Items
  • Instantly Scan Files And Folders
  • Process Infected Files
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Manage Network Connections
  • Stop All Network Activities
  • Stealth Your Computer Ports
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • View Active Process List
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Configure The Virtual Desktop
    • Close The Virtual Desktop
• Advanced Tasks – Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CIS Tasks
  • Manage Quarantined Items
  • View CIS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alerts Logs
    • CIS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Trusted Certificate Authority Change Logs
    • Configuration Change Logs
    • Secure Shopping Activity Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
• CIS Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CIS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
  • Antivirus Configurations
    • Real-time Scan Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • Protected Objects
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
      • Protected Data Files And Folders
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Containment Configuration
    • Containment Settings
    • Auto-Containment Rules
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection Configuration
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
    • Comodo Secure Shopping
  • Website Filtering Configuration
    • Website Filtering Rules
    • Website Categories
• Comodo GeekBuddy
  • Download And Install GeekBuddy
  • Overview Of Services
  • Activation Of Service
  • Launch The Client And Use The Service
  • Accept Remote Desktop Requests
  • Uninstall Comodo GeekBuddy
• TrustConnect Overview
• Dragon Browser
• Comodo Backup
• Comodo Internet Security Essentials
  • What Is Comodo Internet Security Essentials
  • What Is A Man-in-the-middle Attack
  • How Does Comodo Internet Security Essentials Protect Me From A Man-in-the-middle Attack
  • What Is The Install Location Of Comodo Internet Security Essentials
  • How Do I Update CISE
  • Understand Alerts And Configure Exceptions
  • How Do I View CISE Help
  • How Do I View The Version Number And Release Notes
  • How Do I Remove Comodo Internet Security Essentials
• Appendix 1 CIS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment, VirusScope And Website Filter Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block/Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Password Protect Your CIS Settings
  • Reset Forgotten Password (Advanced)
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs In The Container
  • Run Browsers In The Container
  • Run Untrusted Programs In The Virtual Desktop
  • Run Browsers In The Virtual Desktop
  • Restore Incorrectly Blocked Items
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
  • Switch Off Automatic Antivirus And Software Updates
  • Suppress CIS Alerts Temporarily While Playing Games
  • Renew Or Upgrade Your License
  • Use CIS Protocol Handlers
  • Configure Secure Shopping
  • Comodo Cloud Backup
  • Give Contained Applications Write Access To Local Folders
  • Use The Comodo Uninstaller Tool
• Appendix 2 - Comodo Secure DNS Service
  • Router - Enable Comodo Secure DNS Service
  • Windows - Enable Comodo Secure DNS
• Appendix 3 - Glossary Of Terms
• Appendix 4 - CIS Versions
• About Comodo Security Solutions

Script Analysis Settings

Click 'Settings' > 'Advanced Protection' > 'Script Analysis'

• The script analysis settings panel lets you:

• Configure heuristic command line analysis for applications in real-time

• Configure heuristic command line analysis for auto-run entries. Auto-run entries include Windows services, auto-start items and scheduled tasks.

Background note: 'Heuristics' is a technology which analyzes a file to see if it contains code typical of a virus. Heuristics is about detecting 'virus-like' traits in a file. This helps to identify previously unknown (new) viruses.

Open the script analysis settings panel

• Click 'Settings' on the home screen to open the 'Advanced Settings' interface

• Click 'Advanced Protection' > 'Script Analysis' on the left:

 

• Perform Script Analysis (Recommended) - Enable / disable script analysis of managed applications (Default = Enabled) 

• Limit the total size of saved detected scripts to 'N' KB - CIS stores the list of executing scripts that are run by the managed applications for analysis. This options allows you to specify the total size of the stored scripts. When the set limit is reached, the older scripts are deleted automatically.

The interface has two tabs:

• Runtime Detection

• Autoruns Scans

Runtime Detection

 

CIS performs heuristic analysis on certain programs because they are capable of executing code. Example programs are wscript.exe, cmd.exe, java.exe and javaw.exe. Example code includes Visual Basic scripts and Java applications.

• For example, the program wscript.exe can be made to execute Visual Basic scripts (.vbs file extension) via a command similar to 'wscript.exe c:/tests/test.vbs'.

• If this option is selected, CIS detects c:/tests/test.vbs from the command-line and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state 'test.vbs' is attempting to connect to the internet

• If this option is disabled, the alert would only state 'wscript.exe' is trying to connect to the Internet'.

• Relevant settings are applied to the scripts. For example, if a script is detected by the containment module, then auto-containment rules are applied. Each module (AV, FW, VirusScope and so on) that detects a script will apply its appropriate settings.

Runtime Detection - Column Descriptions
Column Header	Description
Application	Names of existing applications covered by this rule.
Heuristic Command-Line Analysis	Enable or disable command line tracking.
Embedded Code Detection	Enable or disable embedded code tracking.

Manually add a new application to the list for analysis

• Click 'Add' at the top

You can add an application by following methods:

• Add a new application

• Add a current application

• Add application from the currently running processes

Add a new application

• Click 'Add new application' from the 'Add' drop-down

• Provide the details in the 'Edit Property' dialog and click 'OK'

The application will be added and displayed in the list.

• Click "OK" to apply your settings
  

Add a current running application

• Click 'Add' then 'Applications' from the drop-down

• Navigate to the file you want to add in the 'Open' dialog and click 'Open'

• The file will be added to the list

• Click "OK" to apply your settings

Add application from running processes

• Choose 'Running Process' from the 'Add' drop-down

• A list of currently running processes in your computer will be displayed

• Select the process whose parent application you wish to add for analysis

• Click 'OK' from the 'Browse for Process' dialog

• The application will be added to the list

• Use the switches beside the applications to enable/disable heuristic command line analysis and / or embedded code detection analysis.
  

• Click the 'Edit' button to update the details of an application.

• To remove an application, select it from the list and choose 'Remove' at the top.

• To reset to default applications for analysis, click 'Reset to Default' at the top.

• Click 'OK' at the bottom to apply your changes.

Autoruns Scans

• Add and manage applications for which you want to perform heuristic command-line analysis and embedded code detection in order to protect Windows services, autostart items and scheduled tasks.

• CIS ships with a list of predefined applications for which it performs heuristic analysis on programs that are capable of executing code.

• The applications added here are applicable for the settings in:

• 'Scan Options' > 'Apply this action to suspicious autorun processes' (monitors only during on-demand scans)

• 'Advanced Settings' > 'Miscellaneous' > 'Apply the selected action to unrecognized autorun entries related to new/modified registry items' (monitors constantly)

Open the 'Autoruns Scans' interface

• Click 'Settings' on the home screen to open the 'Advanced Settings' interface

• Click 'Advanced Protection' > 'Script Analysis' on the left:

• Click the 'Autoruns Scan' tab

Autroruns Scans - Column Descriptions
Column Header	Description
Application	Names of existing applications covered by this rule.
Heuristic Command-Line Analysis	Enable or disable command line tracking.
Embedded Code Detection	Enable or disable embedded code tracking.

Manually add a new application to the list for analysis

• Click 'Add' at the top

You can add an application by following methods:

• Add a new application

• Add a current application

• Add application from the currently running processes

Add a new application

• Click 'Add new application' from the 'Add' drop-down

• Provide the details in the 'Edit Property' dialog and click 'OK'

The application will be added and displayed in the list.

• Click 'OK' to apply your settings

Add a current application

• Click 'Add' then 'Applications' from the drop-down

• Navigate to the file you want to add in the 'Open' dialog and click 'Open'

• The file will be added to the list

• Click "OK" to apply your settings

Add application from running processes

• Choose 'Running Process' from the 'Add' drop-down

• A list of currently running processes in your computer will be displayed

• Select the process whose parent application you wish to add for analysis

• Click 'OK' from the 'Browse for Process' dialog

• The application will be added to the list

• Use the switches beside the applications to enable/disable heuristic command line analysis and / or embedded code detection analysis.

• Click the 'Edit' button to update the details of an application

• To remove an application, select it from the list and choose 'Remove' at the top

• To reset to default applications for analysis, click 'Reset to Default' at the top

• Click 'OK' at the bottom to apply your changes.