Comodo Antivirus

| 01-05-2021
[RAND-1-100] Comments



Unparalleled research tools from industry-leading cybersecurity provider

May 10, 2020 Comodo Antivirus provides multi-layered virus protection to stay away from all kinds of threats. Get Centralized Endpoint Protection for all endpoints connected to your IT network from Cyber Attacks → Take a trial of Comodo Antivirus. Since 1998, Comodo has been known as a global leader in innovation and trust within the cybersecurity industry. In 2015, Comodo became the market leader in SSL certificates worldwide, surpassing Verisign, and a dominant player in consumer antivirus protection, developing innovative technologies like Comodo.

  • Comodo Antivirus provides multi-layered virus protection to stay away from all kinds of threats. Get Centralized Endpoint Protection for all endpoints connected to your IT network from Cyber Attacks → Take a trial of Comodo Antivirus.
  • Download Comodo free antivirus cleaner for PC to quick virus scan and instant removal. 100% secure & FREE virus cleaner app against ransomware.
  • Comodo Antivirus for Windows 10 is a serious antivirus tool that relies upon multiple security layers to provide safety to maintain the safety of your PC. This suite gives real-time protection for the identification and neutralization of known malware previous to it inflicting any damage.

Since 1998, Comodo has been known as a global leader in innovation and trust within the cybersecurity industry. In 2015, Comodo became the market leader in SSL certificates worldwide, surpassing Verisign, and a dominant player in consumer antivirus protection, developing innovative technologies like Comodo Containment.

Comodo Antivirus

Comodo, as a matter of company policy, supports scientific research and collaboration with academia. Comodemia is a new platform for students, researchers, and academicians, working to advance this commitment to collaboration further than ever before. In fostering collaboration between industry leading professionals and professional researchers, Comodemia catalyzes the development of new ideas and methodologies in cybersecurity. Comodemia is driven by an experienced team of business and cybersecurity leaders with offices in California, Turkey, Romania, India, Ukraine, China, and a headquarters in Clifton, New Jersey.

Today, Comodo has more than 85 million desktop security software installations, more than700,000 business customers, and 8,000 global partners and affiliates. It is the market leader in SSL Certificates, with more than 41% of SSL certificates issued by Comodo as of June 15, 2017, according to w3techs.com.

Comodo-Academia Collaboration

Thousands of companies and organizations rely on Comodo's technology to authenticate, validate, and secure their most precious asset—information—and to combat constant malware threats and cyberattacks.

Comodo develops innovative solutions that secure enterprises from both known and unknown threats—across the endpoint, boundary, and internal network. With its vast cyberdefense resources, Comodo seeks academic collaborations from universities all over the world.

Comodo has the expertise and experience to raise cybersecurity research to the next level. Collaboration with researchers is the starting point to inventing ever-more precise threat detection and prevention technologies. As a researcher working with Comodo, you’ll get full support from industry experts, and unparalleled access to valuable cybersecurity data.

Join Comodemia to start using the platform and data sets, free!

Research
Topics

Comodo offers you to research to the following topics. If you interested in these subjects or you have another offer please contact us.

Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc..)

  • Extracting call graphs from executable files using API Call sequences generated from Dynamic Analysis Sandboxing or using Static Analysis Disassembling techniques
  • Implementation of different graph similarity techniques such as graph isomorphism, maximum common sub-graphs, minimum graph edit distance, etc..
  • Clustering known malware samples using approximation algorithms like k-means clustering, DBSCAN clustering, etc..
  • Classifying unknown samples using this clusters and implemented similarity comparison techniques

Dynamic Analysis, API Call Sequence based techniques

  • Extracting call graphs from executable files using API Call sequences generated from Dynamic Analysis Sandboxing
  • Categorizing API calls in to high level operation groups
  • Implementation of API call sequence alignment technique (DNA sequence alignment, multiple sequence alignment, etc.)
  • Implementation of techniques to recognize common patterns on generated sequences (longest Common Subsequence, Edit Distance, etc.)
  • Revealing common call sequence patterns of different malware families
  • Removing Sequence patterns seen on benign samples to minimize false positive rate.

Static Analysis, Opcode Sequence based techniques

  • Op-code extraction from clean and malware samples
  • To use Op-code Sequence information: Implementation of statistical classification techniques and training (using n-grams, Levenshtein / Euclidean distance, or other sequence similarity search techniques)
  • To use Op-code Occurence information: Implementation of occurence generation and comparison techniques

New methods to combine Dynamic and Static Analysis results

  • Combination of individual analysis results
  • Performing hybrid analysis (using combined features gathered from both Static and Dynamic analysis)

Malicious Documents detection techniques (malicious JavaScript blocks on PDF samples, etc.

  • Implementation of featur extraction techniques specific to each document type (PDF, MS document, etc.)
  • Signature extraction using known malicious samples and signature based detection
  • Heuristicaly classifying benign and malware samples

Active-learning Generic Signatures for specific malware families

  • Implementation of signature extraction techinques(Static / Dynamic)
  • On-the-fly learning form newly labeked / precisely detected malware samples(Learning could be improving existing classifiers, enhancing existing signatures, etc....)

Researching file reputation by statistic

Different statistic behaviours can be researched by criterions for file classification (malware, safe, system update etc.,). In study, differenet types of statistics: geo-distribution, frequency/time graphs, populating through subnets by time etc. can be used.

Fully automated signature generation based on machine learning models

  • Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc.)
  • Dynamic Analysis, API Call Sequence based techniques
  • Static Analysis, Opcode Sequence based techniques
  • New methods to combine Dynamic and Static Analysis results
  • Active-learning Generic Signatures for specific malware families

Unpacking Techniques

  • Dynamic Analysis, API Call Graph based techniques (Call Graph Clustering, Call Graph Similarities, etc.)
  • Dynamic Analysis, API Sequence based techniques
  • Static Analysis, Opcode Sequence based techniques
  • Malicious Documents detections techniques (malicious JavaScript blocks on PDF samples, etc.)
  • Active-learning Generic Signature for specific malware families

Creating an efficient and online clustering method based on fuzzy hash distance

There are fuzzy hash algorithms like nilsimsa and spamsum for detecting similarity between 2 text pieces. In order to detect similar bulk mails properly, we need to be able group (cluster) them based in a efficient way Since ASLab has continuous data flow, this module need to perform a stream clustering algorithm.

Anomaly detection in bulk mails

Spam/Phishing mail are usually sent in numbers. Howerver there are also legit mails, like newsletters, which are also sent in bulk. Creating patterns for legit bulk mails (by observing for a duration) and detecting out of the ordinary bulk mails will help creating alerts for suspecious behavior.

  • Introduction To Comodo Antivirus For Servers
    • The Main Interface
  • General Tasks - Introduction
    • Scan And Clean Your Server
      • Run A Custom Scan
    • View CAVS Logs
      • Antivirus Logs
      • Defense+ Logs
      • Alerts Logs
      • Tasks
      • Configuration Changes
  • Sandbox Tasks – Introduction
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
  • Advanced Settings
    • General Settings
      • Manage CAVS Configurations
    • Security Settings
      • Antivirus Settings
      • Defense+ Settings
        • Protected Objects
        • HIPS Groups
        • Sandbox
      • Manage File Rating
  • Appendix 1 - CAVS How To... Tutorials

Installation


Note - Before beginning installation, please ensure you have uninstalled any other antivirus products that are on your server. More specifically, remove any other products of the same type as those Comodo products you plan to install. For example, if you plan to install only the antivirus then you do not need to remove 3rd party firewall solutions and vice-versa. Failure to remove products of the same type could cause conflicts that mean CAVS will not function correctly.


TheComodo Antivirus For Server application can be installed on your server in two ways, through:

To install CAVS via the command line interface


After the installation is complete, the server will restart automatically. So please make sure that the installation does not interrupt other server activities. The command line for installing CAVS is given below:


AV_FOR_SERVERS=1 INSTALLFIREWALL=0 -quiet


For example:

C:CISCIS_Setup_R60AUG_6.3.291358.2908_x86.msi AV_FOR_SERVERS=1 INSTALLFIREWALL=0 -quiet


The virus database will be updated automatically for the first time after installation.


The screen will display details such as download speed, how much has been downloaded and the progress of the process. You can also send this task to the background by pressing the 'Send to Background' button and retrieve it in the 'Task Manager' interface. Refer to the section 'Manage CAVS Tasks' for more details. When the virus database has been downloaded, the 'Completed' dialog will be displayed.



CAVS will commence a Quick Scan of system memory, autorun entries, hidden services, boot sectors and other critical areas automatically after the virus database has been updated.



Comodo Antivirus

If you do not want the scan to continue at this time, click the ‘Stop’ button.


After the scanning is complete, the results screen will be displayed.


Comodo


The scan results window will display any threats discovered during the scan (Viruses, Rootkits, Malware and so on). Refer to the section 'Processing Infected Files' for more details.


To install CAVS using installation wizard

After downloading the required Comodo Endpoint Security setup file to your local hard drive, double click on it to start the installation wizard.


Step 1 - Choosing the Interface Language


The installation wizard starts automatically and the 'Select the language' dialog is displayed. Comodo Endpoint Security is available in several languages.


  • Select the language in which you want Comodo Endpoint Security to be installed from the drop-down menu and click 'OK'.


Step 2 – CAVS Activation


You have the option to activate CAVS using the license keys or via the ESM server that you want to connect the endpoint to.



Option 1 – Using the license key:

  • Choose Activate with a License Key and click 'Next'



  • Click the 'License Agreement' link, read the License Agreement fully and click 'Back'.
  • Click 'Agree and Install'

Step 3 – CAVS Installation

The installation progress will be displayed...



...and after completion, the application will start automatically.



The virus database will be updated automatically for the first time after installation.



The screen will display details such as download speed, how much has been downloaded and the progress of the process. You can also send this task to the background by pressing the 'Send to Background' button and retrieve it in the 'Task Manager' interface. Refer to the section 'Manage CAVS Tasks' for more details. When the virus database has been downloaded, the 'Completed' dialog will be displayed.



If you do not want the scan to continue at this time, click the ‘Stop’ button.


After the scanning is complete, the results screen will be displayed.



The scan results window will display any threats discovered during the scan (Viruses, Rootkits, Malware and so on). Refer to the section 'Processing Infected Files' for more details.


Step 4 - Restarting Your System

In order for the installation to take effect, your computer needs to be restarted.



Free Comodo Antivirus

Please save any unsaved data and click 'Restart Now' to restart the system. If you want to restart the system at a later time, click 'Postpone'. You will be reminded to restart the system as selected from the 'Remind me in:' option.

Option 2 – Activating via CESM

  • Choose 'Activate with an ESM Server' and click 'Next'



The ESM server details that you want to connect the endpoint and the components that you want to activate screen will be displayed.


  • Click the 'License Agreement' link, read the Subscriber Agreement fully and click 'Back'.
  • Enter the host name or IP Address of the CESM server in the ESM server text box and enter the port through which the server listens for endpoint connections in the ESM server Port text box. (Default = 57193)
  • Click 'Agree and Install'
The installation progress will be displayed...



and after successful completion, the CESM agent installation screen will be displayed.

Background Note on CESM Agent: The CESM agent is a small application installed on every managed endpoint to facilitate communication between the endpoint and the CESM central server. The agent is responsible for receiving tasks and passing them to the endpoint’s installation of Comodo Security Software (CES, CAS OR CAV for Mac). Example tasks include changes in security policy, an on-demand virus scan, updates to the local antivirus database or gathering reports that have been requested by the central service. As an additional security feature, endpoint agents can only communicate with the specific instance of the central service which provisioned the agent. This means the agent cannot be reconfigured to connect to any other CESM service. The agent also acts as a tool for endpoint users to interact with the administrators for resolving any issues in their systems.




  • Click 'Agree and Install'.

The downloading and installing progress will be displayed.



After the agent installation, it will initiate communication with the CESM server from which it was downloaded.



On completion, the agent icon will be displayed in the system tray....



… and the license will be activated from the CESM server. Your CAVS installation can be remotely managed by the CESM Server now.

  • Clicking the CESM Agent system tray icon will open a support chat window that enables you to interact with your administrators for resolving any issues in your system. Refer to the section Instance User Assistance for more details.

Note: CAVS 8.0+ features additional functionality that are not supported by Comodo Endpoint Security Manager version 3.1 and lower versions. Please make sure to activate the CAVS 8.0 license from CESM 3.2 and higher versions for full compatibility. The CAVS 8.0 features that are not supported by CESM 3.1 and lower versions are: