ITarian Help

Find the desired product help

IT Endpoint Manager

IT Endpoint Manager

Comodo Client Security for Windows - User Guide 12.4

English

Print Help Download Help
CCS Advanced Settings > File Rating Configuration > File List
  • Introduction To Comodo Client Security
    • Special Features
    • System Requirements
    • Install Comodo Client Security
    • Start Comodo Client Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understand Security Alerts
    • Password Protection
  • General Tasks - Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
      • Automatically Scan Unrecognized And Quarantined Files
    • Instantly Scan Files And Folders
    • Process Infected Files
    • Manage Virus Database Updates
    • Manage Blocked Autoruns
    • Manage Quarantined Items
  • Firewall Tasks - Introduction
    • Configure Internet Access Rights For Applications
    • Stealth Your Computer Ports
    • Manage Network Connections
    • Stop All Network Activities
    • View Active Internet Connections
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
    • Identify And Kill Unsafe Running Processes
    • Open Shared Space
    • The Virtual Desktop
      • Start The Virtual Desktop
      • The Main Interface
      • Run Browsers Inside The Virtual Desktop
      • Open Files And Run Applications Inside The Virtual Desktop
      • Pause And Resume The Virtual Desktop
      • Close The Virtual Desktop
    • Containment Statistics Analyzer
  • DLP Tasks - Introduction
    • Run Data Loss Prevention Scans
    • Manage DLP Quarantined Files
  • Advanced Tasks - Introduction
    • Create A Rescue Disk
      • Download And Burn Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Manage CCS Tasks
    • View CCS Logs
      • Antivirus Logs
      • VirusScope Logs
      • Firewall Logs
      • HIPS Logs
      • Containment Logs
      • Website Filtering Logs
      • Device Control Logs
      • Autorun Event Logs
      • Alert Logs
      • CCS Tasks Logs
      • File List Changes Logs
      • Vendor List Changes Logs
      • Configuration Change Logs
      • Virtual Desktop Event Logs
      • Data Loss Prevention Event Logs
      • Search And Filter Logs
    • Submit Files For Analysis To Comodo
    • View Active Process List
  • CCS Advanced Settings
    • General Settings
      • Customize User Interface
      • Configure Virus Database Updates
      • Log Settings
      • Manage CCS Configurations
        • Comodo Preset Configurations
        • Personal Configurations
    • Antivirus Configurations
      • Real-time Scanner Settings
      • Scan Profiles
    • Firewall Configuration
      • General Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
    • HIPS Configuration
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • HIPS Groups
        • Registry Groups
        • COM Groups
    • Protected Objects
      • Protected Objects - HIPS
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
      • Protected Objects - Containment
        • Protected Files And Folders
        • Protected Keys
    • Data Loss Prevention
      • DLP Monitoring Rules
      • DLP Discovery Rules
      • DLP Keyword Groups
    • Containment Settings
      • Containment Settings
      • Auto-Containment Rules
      • Virtual Desktop Settings
      • Containment - An Overview
      • Unknown Files - The Scanning Processes
    • File Rating Configuration
      • File Rating Settings
      • File Groups
      • File List
      • Submitted Files
      • Vendor List
    • Advanced Protection
      • VirusScope Settings
      • Scan Exclusions
      • Device Control Settings
      • Script Analysis Settings
      • Miscellaneous Settings
    • Web Filter Settings
      • Website Filtering Rules
      • Website Categories
  • Appendix 1 - CCS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block / Allow Specific Websites To Specific Users
    • Set Up HIPS For Maximum Security And Usability
    • Create Rules To Auto-Contain Applications
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scan Schedule
    • Run Untrusted Programs Inside The Container
    • Run Browsers Inside The Container
    • Restore Incorrectly Quarantined Item(s)
    • Submit Quarantined Items To Comodo Valkyrie For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Disable Auto-Containment On A Per-application Basis
    • Switch Off Automatic Antivirus Updates
    • Suppress CCS Alerts Temporarily
    • Control External Device Accessibility
  • Appendix 2 - Comodo Secure DNS Server
    • Router - Manually Enable Or Disable Comodo Secure DNS Service
    • Windows - Enable Comodo Secure DNS
  • About ITarian

File List


  • Click 'Settings' > 'File Rating' > 'File List'

The file list is an inventory of executable files and applications discovered on your computer. The list also shows the file vendor, the date the file was discovered, and the file's trust rating.


CCS rates files as:
  • Trusted - The file is safe to run outside the container.
  • Unrecognized - no trust-rating was found for the file, so it will be run in the container.
  • Malicious -  the file is known malware and will be quarantined or deleted.

Trusted Files

 

Files can be awarded a 'Trusted' status in the following ways:

  • Cloud-based file lookup service (FLS) - When a file is first opened, CCS will check the file's reputation on our global whitelist and blacklists. It will award trusted status if the file is on the global whitelist of safe files.
  • Vendor rating - The application is from a software publisher who has a 'Trusted' status in the Vendor List.
  • Administrator rating – Admins can elect to trust files on a local endpoints and networks. Only applies if your CCS installation is remotely managed by an administrator.
  • User Rating - You can provide 'Trusted' status to your files in the following ways:
  • Click 'Settings' > 'File Rating' > 'File List'
  • Select the target file then click the 'File Details' button
  • Click the 'File Rating' tab
  • Click the 'Rate Now' link
  • Set the rating as 'Trusted'
  • Click 'OK'
  • See changing the file rating in File Details if you want more help with this
Unrecognized Files
  • Once installed, HIPS monitors and verifies all file activity on your computer.
  • Every new executable file is first scanned against the virus blacklist (known 'bad' files) and the file whitelist (known 'good' files).
  • If the file is on neither list it is given an 'Unrecognized' file rating.
    • Any executable that is modified is also given 'Unrecognized' status. This protects you against malware changing the behavior of a previously trusted application.

      You can review pending files to determine whether or not they are to be trusted. If they are trustworthy, they can be given a 'Trusted' rating. See 'Change the file rating' for more details. You can also submit files to Comodo for analysis. Experts at Comodo will test the files and add them to global white-list or black-list accordingly.


      Malicious Files

       

      Files identified as malware are given a 'Malicious' rating, and are blocked and quarantined.


      Open the 'File List' interface

      • Click 'Settings' on the CCS home screen
      • Click 'File Rating' > 'File List'




      The file list shows applications and executable files discovered on your computer.

      • File Path - The location of the file on your computer
      • Company - The software vendor that published/created the file
      • First Observed - Date and time at which the file was first discovered by CCS
      • File Rating - Current trust rating of the file. The possible values are:
      • Trusted
      • Unrecognized
      • Malicious

      CCS obeys ratings in the following order of priority:

      1. Administrator rating - Rating set by the Endpoint Manager admin who remotely manages your CCS installation.

      2. User rating - A rating that you, or another user, gave to the file in the local CCS installation.

      3. FLS rating - The rating of the file on Comodo's master database. CCS automatically fetches this rating from the file-lookup server (FLS) when it scans a file.

      There are three ways you can set user rating for a file:

      1. Right-click on a file in the file list

      • Click 'Settings' on the CCS home-screen
      • Click 'File Rating' > 'File List'
      • Right-click on a file > Select 'Change File Rating to' > Choose a new rating:




      1. In the file rating column

      • Click on the rating of a file in the 'Rating' column
      • Choose a new rating from the options:


      1. From the 'File Details' dialog.

      • Select a file in the file list

      • Click the 'File Details' button at the top
      • Click the 'File Rating' tab
      • Click the 'Rate Now' link
      • Set the rating as required
      • Click 'OK'

      Context Sensitive Menu

      • Right-click on a file to open a context sensitive menu that allows you to view the 'File Details' dialog, remove the file from the list, submit the file to Comodo for analysis and more.




      • Add - Manually add a file to the list and specify its trust rating
      • File Details - View information about the selected item. You can also set the file rating from here.
      • Remove - Delete files from file list.
      • Lookup - Check the file-lookup server for more details about the file, including the latest trust rating.
      • Submit to Valkyrie - Upload an item to Valkyrie, Comodo's file analysis system.
      • Exchange - Consists of two options (Import and Export).
      • Import - Add files to the list from an XML file
      • Export - Save the current list as an XML file
      • Jump to Folder - Opens the folder containing the file in Windows Explorer.
      • Jump to Quarantine - Opens the 'Quarantine' interface of CCS to view or restore the file. Available only for items moved to quarantine. See Manage Quarantined Items for more details.
      • Change File Rating to - Set user defined trust rating to the file.
      • Purge - Check that all files in the list are still installed at the path specified. If not, the file is removed from the list.

      Sort, search and filter options


      Sort option

      • Click any column header to sort the items in alphabetical / ascending / descending order of entries in that column


      Search options

       

      You can use the search option to find a specific file based on the file path, file name or the publisher, from the list. Also, you can filter the list of files based on the installation/storage date and 'File rating'.

      • Click the search icon at the far right in the 'File path' and/or 'Company' column header.




      • Enter the file path and/or the name of company in part or full as per the selected criteria in the search field

      The result for the entered criteria will be listed automatically. Click the 'X' icon to clear the search criteria and display all the items again in the list.


      Filter options


      The 'Show files' filter lets you view the following file types:

      • Executables - Files capable of running code. Example extensions include .exe, .msi, .com, .bin, .vbs, etc. These files are usually applications, scripts or installers.
      • Non-executables - Files that were created by executables, but which are not capable of running code themselves. Note – User-created files, like Word documents, saved emails and spreadsheets etc, are not shown with this option.
      • All types - Show both executable and non-executable files.



       

      • Select the file type from the drop-down on the left
      • Select whether you want to view quarantined items, non-quarantined items, or both:



      • Click the calendar icon at the right of the 'First Observed' column
      • Choose the time period you require
      • This will show only those files discovered in the time-frame you set:

       

      • Click the funnel icon at the right of the 'File Rating' column to filter files by rating:


       

      Control Buttons

       

      The buttons at the top provide the following options:




      • Add - Manually add files to the 'File List' with user defined rating
      • File Details - View the information about the selected item. You can also set user defined rating to the selected file
      • Remove - Delete files from 'File List'.
      • Lookup... - Check the details of the selected file from the master Comodo safelist
      • Submit to Valkyrie - Uploads selected files to Valkyrie for behavior analysis. Valkyrie is Comodo’s file testing and verdicting system.
      • Exchange – It consists of two operations (Import and Export)
          • Import - Fetch the files from a file list saved as an XML file
          • Export - Save the current file list with existing ratings as an XML file
          • Purge -  Runs a system check to verify that all the files for which the ratings are listed are actually installed on the host machine at the path specified. If not, the fie is removed from the list.

          Manually add files to 'File list'

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Click the 'Add' button at the top




          Tip: Alternatively, right click on the 'File List' page, then Select 'Add' from the context sensitive menu.


          You can add three types of items:

          • Files - Browse to the file you want to add and assign a rating.
          • Folders - Browse to the folder you want to add an assign a rating. All files in the folder will inherit the rating you gave to the folder.
          • Running Processes - Select a currently active process and assign a rating. The parent application of the process will be added to the file list with the rating you assign.

          View the 'File Details' and change the rating

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Select a file and click the 'File Details' button.




          Tip: Alternatively, right click on the selected file and choose 'File Details' from the context sensitive menu.


          The 'File Details' dialog will open. The dialog contains two tabs:
          • Overview
          • File Rating

          Overview

           

          The 'Overview' tab shows general details such as the file rating, discovery date, hash value and publisher (signer):




          • Click the file name to open the Windows 'File Properties' dialog.
          • Click 'Jump to folder' to open the folder containing the file in Windows Explorer, with the respective file selected.
          • Click 'Reset COMODO Info' to refresh the information from Comodo FLS database.

          File Rating

          • Shows the file's current trust rating from Comodo and lets you set your own rating:



           

           Note: If your CCS installation is remotely managed by Endpoint Manager, your administrator's file rating for individual file will override your user file rating.


          Change the user rating of the file

          • Select the file from the 'File List' pane and click the 'File Details' button
          • Click the 'File Rating' tab
          • Click the 'Rate Now' link and choose the rating from the drop-down:




          The options available are:

          • Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts
          • Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.
          • Malicious – The file will be deleted or placed in quarantine and will not be allowed to run.
          • Click 'OK' in the 'Files Details' dialog

           

          Tip: Alternatively, right click on a file then choose 'Change File Rating to'.


          • Click 'OK' in the 'Advanced Settings' interface to save your settings.

          Remove files from the file list

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Select the file(s) to be removed
          • Click the 'Remove' button at the top. The file(s) is / are only removed from the list and not deleted from your system.

          Tip: Alternatively, right click on a file then choose 'Remove' from context sensitive menu.


          • Click 'OK' for your changes to take effect.

          Perform an online lookup for files

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Select the file(s) to be checked from the 'File list' pane.
          • Click the 'Lookup...' button at the top from the 'File list' pane.

          Tip: Alternatively, right click on a file then choose 'Lookup' from the context sensitive menu.


          Comodo servers will be contacted immediately to conduct a search of Comodo's master safe list database to check if any information is available about the files in question and the results will be displayed.




          If any malicious or unwanted file(s) is/are found, you will be given an option to delete the file from your computer on closing the dialog.




          • Click 'Yes' to permanently delete the malicious file(s) from your computer.
          • If a file is found to be safe, it will be indicated as 'Trusted' with a green icon. You can change its rating from the File Details dialog. See the description of changing the file rating under the section File Details for more details.
          • If no information is available, it will be indicated as 'Needs to be submitted' with a yellow icon. You can submit the file to Comodo for analysis from the dialog that appears on closing the 'Lookup' dialog. See explanation below for more details.

          Manually submit files to Valkyrie


          Valkyrie is Comodo’s file testing and verdicting system. After submitting your files, Valkyrie will analyze them with a range of static and dynamic tests to determine the file’s trust rating.

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Select the file(s) to be submitted from the 'File List' pane
          • Click 'Submit' > 'Submit to Valkyrie' in the top-menu. The files will be immediately sent to Valkyrie for analysis.

          Tip: Alternatively, right click on a file then choose 'Submit to Valkyrie' from the menu.


          You can view the list of files you submitted so far, in the Submitted Files panel.

          Export and Import the File List


          You can save the list of files with their currently assigned ratings to an XML file and store it in a safe place. This is useful to restore your list if you have to uninstall/reinstall CCS, or if you want to implement the same list on another machine that has CCS installed.



          Export the File List
          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List' 
          • Click the 'Exchange' button at the top of the 'File List' pane then select 'Export' from the menu

          Tip: Alternatively, right click inside the 'File List' page then select 'Exchange' then select 'Exchange' > 'Export'.


          • Navigate to where you want to store the exported list and click 'Save'.

          The file will be created and saved. You will be given an option to view the folder containing the XML file for confirmation.





          Import a saved file list

          • Click 'Settings' on the CCS home-screen
          • Click 'File Rating' > 'File List'
          • Click the 'Exchange' button then select 'Import' from the menu

          Tip: Alternatively, right click inside the 'File List' page then select 'Exchange' > 'Import'.


          • Navigate to the location of the XML file containing the file list and click 'Open'.

          The 'File List' will be populated as per the imported 'File List'.

          Comodo Help
          • IT Platform:
          • Help
          • Scripts
          • Wiki
          • Forum
          • Developer

          Copyright 2021 Itarian