Recognizer v1.6.1 Released for Comodo Internet Security v10

con16

Recognizer v1.6.1 Released for Comodo Internet Security v10
Hi All,
We are pleased to inform that we have released Recognizer v1.6.1 for Comodo Internet Security v10.
Thank you to all users who participated in RC testing.

Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:

Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet

Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks

Password Stealer Trojan (1)
Primarypass

Ransomware (59)
7ev3n
AdamLocker
BleedGreen
BTCLocker
Cancer
Censer
Cerber
CloudSword
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod  or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kangaroo
Kelnoc
Locky
Manifestus
Matrix
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
Spora
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xmas
Xorist
XRatLocker
YourRansom

Trojan (24)
Carberp
DarkKomet
Lethic
Necrus
Rematsu
Ropest
Sopinar
Spatet
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus
Nivdort

Virus (1)
Grenam

We have released recognizer in test mode where in case recognizer detects a file, it won't report to user but will inform to back-end and after we have analyzed detected files and ensured we do not have false-positive, we will update recognizer again and release in alert mode, where user will be notified of detected malware.

You can run program update manually or via auto update you will get recognizer.
You could verify if you have latest recognizer by looking at "Settings --> Advanced Protection --> VirusScope", where you will see latest recognizer as shown in enclosed snap.

You should also be able to verify following file:
C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizerCryptolocker.dll
File Size: 268 KB (274,624 bytes)
SHA-1: b8edeb5e6040156b38a89d7faa19ffdbca497846

In case you observe any abnormal CPU or RAM usage, please do report with list of active applications in sandbox.

Going forward you can expect more frequent releases of recognizers.

Thank you for all the support and feedback.

Thanks
-umesh




正式推送了

諾言敵不過時間

怎麼感覺比CCAV的高級許多了

HEMM

諾言敵不過時間 发表于 2017-5-25 18:09
怎麼感覺比CCAV的高級許多了

大胆！竟敢有如此错觉！
CCAV的亲儿子地位是不可撼动的~

con16

這功能大概還是只對已知勒索比較有效，能辨識出來

新變種那些不是認不出來，就是要分析回傳上雲端需要較多時間才能認....

不過有總比沒有好，可以防不懂或是小白將惡意程式放出沙盒

HEMM

con16 发表于 2017-5-25 18:13
這功能大概還是只對已知勒索比較有效，能辨識出來

新變種那些不是認不出來，就是要分析回傳上雲端需要較 ...

你懂的可真多儿~
我素小白，规则拿来~

con16

HEMM 发表于 2017-5-25 18:13
大胆！竟敢有如此错觉！
CCAV的亲儿子地位是不可撼动的~

其實CCAV比較像白老鼠，還在實驗階段
看起來更新很勤快，實際上不是很成熟的防護軟體

看玩毒的老外之前有講不建議使用

HEMM

con16 发表于 2017-5-25 18:18
其實CCAV比較像白老鼠，還在實驗階段
看起來更新很勤快，實際上不是很成熟的防護軟體

咦？我不是听说用HIPS的把这个CCAV亲儿子都喷成渣渣了吗？怎么只是不建议使用.....
它实验归实验，可别取消D+，别的我在乎..........

con16

之前看人在官網論壇問毛豆CEO

他回說以後會把CCAV功能移植到CIS

hkjoj

con16 发表于 2017-5-25 18:18
其實CCAV比較像白老鼠，還在實驗階段
看起來更新很勤快，實際上不是很成熟的防護軟體

CCAV最近的更新後好了很多﹐有裝在舊netbook上，之前差不多不可用，做一次掃描掃一天也掃不完，現在加強了雲及改善了掃描機制，上次好像一小時內能完成

con16

HEMM 发表于 2017-5-25 18:17
你懂的可真多儿~
我素小白，规则拿来~

不用什麼規則。開沙盒就對

這辨識器也是毛豆希望自動沙盒易用性更好
最理想狀況就是被自動放進去，然後又辨識出來幫你殺掉