[gjf]

Some new stuff from Comodo Team: Comodo Cleaning Essentials (sorry, I couldn't find English link, only Russian - maybe search will help for those who interested). This is an utility for diagnostics and cleaning infected systems. Nowtime is in beta stage.

I never heard about strong antirootkit engine from Comodo, but anyway - it is quite interesting project.

[gjf]

English link and English bug-track.

[gR1]

Did a short test of the latest beta. It downloads about 200MB worth of virus DBs upon start (ugh).
Doesn't have MBR scanning at all (or I just didn't see it) so it's useless against MBR infectors, at least in its current state.
Tried ZAccess against it: detected the infected driver (but not the loaded max++ module). Instead of disinfecting the legit driver it deleted it, which could potentially be disastrous.
Something on DACS privacy issue:
http://support.emsisoft.com/topic/3196- ... __p__17974

[gjf]

gR1, thanks for reply.
That is just what I've expected. And according to replies at official forum you are absolutely right.
I believe you will not decline I will cite your testing results there?

[gR1]

gR1, thanks for reply.
That is just what I've expected. And according to replies at official forum you are absolutely right.
I believe you will not decline I will cite your testing results there?

No problem. :)
Did a quick test with TDL3 from April `10 (with additional driver infection-pci.sys) and it wasn't able to detect it at all (did a Full scan with prior reboot as prompted).
I haven't checked whether Comodo has a signature for the actual infected driver (it does detect the dropper) but it should be able to notice something strange with the help of its ARK module.
I'll probably test again when CCE is released as final. So far, nothing impressive.

[gjf]

TDL will never be detected :)

CCEKrnl driver creates its own FILE_OBJECTs for partitions.

With such solution TDL will survive as well as bootkits.
And I belive file infectors and something like GPCode will be a problem for such a tool ;)

So looks like it is early beta crap. Hope it will change in something better. But taking into account very long beta-testing of Comodo Antivirus (and actually when it became a part of CIS it was still beta ;) ) - we have to wait quite a long time...

[gR1]

FWIW, they released a RC with some improvements (as per changelog)

Whats new in CCE 1.4.177889.49?

NEW! Option for unhooking possible kernel hooks before cleaning
NEW! Option for checking for suspicious MBR entries in full scan
NEW! Option for creating a windows restore point before performing the scan
FIXED! Memory leaks in registry scanner
FIXED! Replacing the task manager does not work
FIXED! CCE driver does not disappear when the the program is closed/system is
restarted
FIXED! Hidden registry key FP under certain circumstance
FIXED! Hidden directory FP for avast sandbox storage folder
FIXED! Memory leak during CCE scan

https://forums.comodo.com/comodo-cleani ... 674.0.html
Can anyone test CCE RC for improvements over the previous versions (lack of time and resources on my part)? TBH, I'm not that interested in CCE itself (there are better/more suited/more mature tools for the job) but rather the "drama" and marketing surrounding it is what caught my attention. :mrgreen:

[gjf]

Yup, the official forum topic is flooded now with licensing and code proprietor issues - and it looks like the main noise around CCE :)

[R9R]

Hello,

Comodo Cleaning Essentials 1.7

What's new in CCE 1.7.192479.98?

IMPROVED: More powerful disk access method which can detect tough hidden rootkits
IMPROVED: Latest anti-virus engine integrated
FIXED: Hidden services FP under certain circumstance
FIXED: CCE can now detect and remove all TDL3/4 rootkits
FIXED: CCE hangs before system restarts in x64 system

Note: The file names in the URLs contain a different version number from the binaries. Sorry for the confusion this might cause.

Download:
http://download.comodo.com/cce/download ... 73_x32.zip
http://download.comodo.com/cce/download ... 73_x64.zip

Seems interesting.
Anybody testing this?

Kind regards,
R9R

[gjf]

I have. So-so. Maybe in future they will implement some serious features, but now I didn't like it.
You can check out official forum (English part) and see all weak places.