Machine learning is a vast and ever-changing field, and Comodo uses the latest machine learning techniques to determine to determine if a file is malicious or benign. Comodo has created a predictive model started with collecting a huge number and variety of malicious and benign files. Features are extracted from files along with the files’ label (e.g. good or bad). Finally, the model is trained by feeding all of these features to it and allowing it to crunch the numbers and find patterns and clusters in the data. When the features of a file with an unknown label are presented to the model, it can return a confidence score of how similar these features are to those of the malicious and benign sets. These concepts underpin VirusScope, Comodo’s file and behavioral analysis engine residing on the local client.
Comodo Advanced Endpoint Protection includes VirusScope™ on the local level applies machine learning and algorithmic based detection – in essence‚ math – using multiple techniques such as vector machines‚ naïve bayes‚ decision trees‚ random forest classifier‚ linear discriminant analysis‚ stochastic gradient descent‚ hidden markov models‚ neural networks and more. VirusScope uses these recognizers to analyze behavior and actions indicating malicious intent or behavior‚ and thus a pending attack. By default‚ VirusScope employs machine learning only inside of the container. However‚ VirusScope may also be enabled‚ by profile‚ to monitor the entire system both inside and outside of Automatic Containment™. Machine learning is able to identify both escape attempts from inside the container and in a hypothetical case of escape from outside of the container – again‚ providing IT with detection‚ protection and notification of the incident.