The Good Files:
Certificates and Creating A Good File List
Comodo is the largest brand of certification authorities in the world. Certification authorities issue digital certificates. These digital certificates are used for many reason and some of them are for encrypting sensitive information, we call this SSL, or digitally signing Applications so that the operating system will trust this digitally signed application when executing. As the largest single provider and exclusive provider to major technology leaders, Comodo has an unparalleled visibility to all the legitimate publishers out there in the world, who are building and releasing applications. We use this expertise and knowledge and feed this into our containment solution as list of good files.
The Bad Files:
Comodo Antivirus Lab and Creating a Bad File list
Comodo’s AV Lab knows the bad files hence can create a bad file list: Comodo has one of the largest Anti Virus labs in the world. It spans from the USA, to Romania, to Ukraine, Turkey, India, China. We draw from expertise from all around the world to help identify malware. Our Malware research labs are made of not only the best malware analysts in the world, but also equipped with the cutting edge technology to help identify latest malware using automated systems like Dynamic analysis, static analysis, behavioural analysis, reputation analysis and many more techniques. Comodo also makes its automated systems for the good of everyone out there available for free at camas.comodo.com so that we can all join together in the fight against malware. CAMAS is a cloud based malware analysis sandbox that can verdict if a file is malicious or not and is available for free for anyone.
Arriving at a Verdict
In order to reach a verdict of whether something unknown is good or bad, it takes time to analyze and classify characteristics and behavior to come to a final conclusion. The amount of time it takes to reach a verdict represents a ‘window of exposure’ where there is risk in executing or opening a file and potentially an infection or ‘patient zero’ condition occurs. This is what occurs with conventional solutions that must analyze a ‘zero day’ attack to understand its behavior or arrive at a signature for inclusion in a blacklist.
Assumption-based vs Definitive Verdicting
Existing solutions typically evaluate a file or application to arrive at a decision on whether or not is is bad, but otherwise assume that the file is good. For example, conventional AV technology uses signatures to identity known bad files, but assumes that the remaining files are good. Similarly, “next gen” endpoint protection technologies look at behaviors and use artificial intelligence and machine learning techniques to identify applications as potentially bad, but assumes the remaining files are not bad. Comodo uses a different approach to arrive at definitive verdicts of good and bad, and avoids the assumption-based approach found in conventional solutions.
Comodo AEP and Definitive Verdicts
Comodo Advanced Endpoint Protection leverages definitive verdicts to ensure that there are no unknown files able to inflict damage on unsuspecting users without impeding their productivity. The result is guaranteed protection without loss of time, money or user productivity