File List
- Click 'Settings' > 'File Rating' > 'File List'
The file list is an inventory of executable files and applications discovered
on your computer. The list also shows the file vendor, the date the
file was discovered, and the file's trust rating.
- Trusted - The file is safe to run outside the container.
- Unrecognized - no trust-rating was found for the file, so it will be run in the container.
- Malicious - the file is known malware and will be quarantined or deleted.
Files can be awarded a 'Trusted' status in the following ways:
- Cloud-based file lookup service (FLS) - When a file is first opened, CCS will check the file's reputation on our global whitelist and blacklists. It will award trusted status if the file is on the global whitelist of safe files.
- Vendor rating - The application is from a software publisher who has a 'Trusted' status in the Vendor List.
- Administrator rating – Admins can elect to trust files on a local endpoints and networks. Only applies if your CCS installation is remotely managed by an administrator.
- User Rating - You can provide 'Trusted' status to your files in the following ways:
- Click 'Settings' > 'File Rating' > 'File List'
- Select the target file then click the 'File Details' button
- Click the 'File Rating' tab
- Click the 'Rate Now' link
- Set the rating as 'Trusted'
- Click 'OK'
Unrecognized Files
- See changing the file rating in File Details if you want more help with this
- Once installed, HIPS monitors and verifies all file activity on your computer.
- Every new executable file is first scanned against the virus blacklist (known 'bad' files) and the file whitelist (known 'good' files).
- If the file is on neither list it is given an 'Unrecognized' file rating.
- Any executable that is modified is also given 'Unrecognized' status. This protects you against malware changing the behavior of a previously trusted application.
You can review pending files to determine whether or not they are to be trusted. If they are trustworthy, they can be given a 'Trusted' rating. See 'Change the file rating' for more details. You can also submit files to Comodo for analysis. Experts at Comodo will test the files and add them to global white-list or black-list accordingly.
Files identified as malware are given a 'Malicious' rating, and are blocked and quarantined.
Open the 'File List' interface
- Click 'Settings' on the CCS home screen
- Click 'File Rating' > 'File List'
The file list shows applications and executable files discovered on your computer.
- File Path - The location of the file on your computer
- Company - The software vendor that published/created the file
- First Observed - Date and time at which the file was first discovered by CCS
- File Rating - Current trust rating of the file. The possible values are:
CCS obeys ratings in the following order of priority:
-
Administrator rating - Rating set by the Endpoint Manager admin who remotely manages your CCS installation.
-
User rating - A rating that you, or another user, gave to the file in the local CCS installation.
-
FLS rating - The rating of the file on Comodo's master database. CCS automatically fetches this rating from the file-lookup server (FLS) when it scans a file.
There are three ways you can set user rating for a file:
-
Right-click on a file in the file list
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Right-click on a file > Select 'Change File Rating to' > Choose a new rating:
-
In the file rating column
- Click on the rating of a file in the 'Rating' column
- Choose a new rating from the options:
From the 'File Details' dialog.
Select a file in the file list
- Click the 'File Details' button at the top
- Click the 'File Rating' tab
- Click the 'Rate Now' link
- Set the rating as required
- Click 'OK'
Context Sensitive Menu
- Right-click on a file to open a context sensitive menu that allows you to view the 'File Details' dialog, remove the file from the list, submit the file to Comodo for analysis and more.
- Add - Manually add a file to the list and specify its trust rating
- File Details - View information about the selected item. You can also set the file rating from here.
- Remove - Delete files from file list.
- Lookup - Check the file-lookup server for more details about the file, including the latest trust rating.
- Submit to Valkyrie - Upload an item to Valkyrie, Comodo's file analysis system.
- Import - Add files to the list from an XML file
- Export - Save the current list as an XML file
- Jump to Folder - Opens the folder containing the file in Windows Explorer.
- Jump to Quarantine - Opens the 'Quarantine' interface of CCS to view or restore the file. Available only for items moved to quarantine. See Manage Quarantined Items for more details.
- Change File Rating to - Set user defined trust rating to the file.
- Purge - Check that all files in the list are still installed at the path specified. If not, the file is removed from the list.
Sort, search and filter options
Sort option
- Click any column header to sort the items in alphabetical / ascending / descending order of entries in that column
Search options
You can use the search option to find a specific file based on the file path, file name or the publisher, from the list. Also, you can filter the list of files based on the installation/storage date and 'File rating'.
- Click the search icon at the far right in the 'File path' and/or 'Company' column header.
- Enter
the file path and/or the name of company in part or full as per the
selected criteria in the search field
The result for the entered criteria will be listed automatically. Click the 'X' icon to clear the search criteria and display all the items again in the list.
Filter options
The 'Show files' filter lets you view the following file types:
- Executables - Files capable of running code. Example extensions include .exe, .msi, .com, .bin, .vbs, etc. These files are usually applications, scripts or installers.
- Non-executables - Files that were created by executables, but which are not capable of running code themselves. Note – User-created files, like Word documents, saved emails and spreadsheets etc, are not shown with this option.
- All
types - Show both executable and non-executable files.
- Select the file type from the drop-down on the left
- Select whether you want to view quarantined items, non-quarantined items, or both:
- Click the calendar icon at the right of the 'First Observed' column
- Choose the time period you require
- This will show only those files discovered in the time-frame you set:
- Click the funnel icon at the right of the 'File Rating' column to filter files by rating:
Control Buttons
The buttons at the top provide the following options:
- Add - Manually add files to the 'File List' with user defined rating
- File
Details - View the information about the selected item. You can also set user defined rating to the selected file
- Remove - Delete files from 'File List'.
- Lookup... - Check the details of the selected file from the master Comodo safelist
- Submit
to Valkyrie - Uploads selected files to Valkyrie for behavior analysis. Valkyrie is Comodo’s file testing and verdicting system.
- Import - Fetch the files from a file list saved as an XML file
- Export - Save the current file list with existing ratings as an XML file
- Purge - Runs a system check to verify that all the files for which the ratings are listed are actually installed on the host machine at the path specified. If not, the fie is removed from the list.
Manually add files to 'File list'
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Click the 'Add' button at the top
|
Tip: Alternatively, right click on the 'File List' page, then Select 'Add' from the context sensitive menu. |
You can add three types of items:
- Files - Browse to the file you want to add and assign a rating.
- Folders - Browse to the folder you want to add an assign a rating. All files in the folder will inherit the rating you gave to the folder.
- Running Processes - Select a currently active process and assign a rating. The parent application of the process will be added to the file list with the rating you assign.
View the 'File Details' and change the rating
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Select a file and click the 'File Details' button.
|
Tip: Alternatively, right click on the selected file and choose 'File Details' from the context sensitive menu. |
The 'File Details' dialog will open. The dialog contains two tabs:
The 'Overview' tab shows general details such as the file rating, discovery date, hash value and publisher (signer):
- Click the file name to open the Windows 'File Properties' dialog.
- Click 'Jump to folder' to open the folder containing the file in Windows Explorer, with the respective file selected.
- Click 'Reset COMODO Info' to refresh the information from Comodo FLS database.
- Shows the file's current trust rating from Comodo and lets you set your own rating:
|
Note: If your CCS installation is remotely managed by Endpoint Manager, your administrator's file rating for individual file will override your user file rating. |
Change the user rating of the file
- Select the file from the 'File List' pane and click the 'File Details' button
- Click the 'File Rating' tab
- Click the 'Rate Now' link and choose the rating from the drop-down:
The options available are:
- Trusted – The file(s) will be assigned the 'Trusted' status and allowed to run without any alerts
- Unrecognized – The file(s) will be assigned the 'Unrecognized' status. Depending on your HIPS settings, the file(s) will be allowed to run with an alert generation.
- Malicious – The file will be deleted or placed in quarantine and will not be allowed to run.
- Click 'OK' in the 'Files Details' dialog
|
Tip:
Alternatively, right click on a file then choose 'Change
File Rating to'. |
- Click 'OK' in the 'Advanced Settings' interface to save your settings.
Remove files from the file list
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Select the file(s) to be removed
- Click the 'Remove' button at the top. The file(s) is / are only removed from the list and not deleted from your system.
|
Tip:
Alternatively, right click on a file then choose
'Remove' from context sensitive menu. |
- Click 'OK' for your changes to take effect.
Perform an online lookup for files
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Select the file(s) to be checked from the 'File list' pane.
- Click the 'Lookup...' button at the top from the 'File list' pane.
|
Tip: Alternatively, right click on a file then choose 'Lookup' from the context sensitive menu. |
Comodo servers will be contacted immediately to conduct a search of Comodo's master safe list database to check if any information is available about the files in question and the results will be displayed.
If any malicious or unwanted file(s) is/are found, you will be given an option to delete the file from your computer on closing the dialog.
- Click 'Yes' to permanently delete the malicious file(s) from your computer.
- If a file is found to be safe, it will be indicated as 'Trusted' with a green icon. You can change its rating from the File Details dialog. See the description of changing the file rating under the section File Details for more details.
- If no information is available, it will be indicated as 'Needs to be submitted' with a yellow icon. You can submit the file to Comodo for analysis from the dialog that appears on closing the 'Lookup' dialog. See explanation below for more details.
Manually submit files to Valkyrie
Valkyrie is Comodo’s file testing and verdicting system. After submitting your files, Valkyrie will analyze them with a range of static and dynamic tests to determine the file’s trust rating.
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Select the file(s) to be submitted from the 'File List' pane
- Click 'Submit' > 'Submit to Valkyrie' in the top-menu. The files will be immediately sent to Valkyrie for analysis.
|
Tip: Alternatively, right click on a file then choose 'Submit to Valkyrie' from the menu. |
You can view the list of files you
submitted so far, in the Submitted
Files panel.
Export and Import the File List
You can save the list of files with their currently assigned ratings to an XML file and store it in a safe place. This is useful to restore your list if you have to uninstall/reinstall CCS, or if you want to implement the same list on another machine that has CCS installed.
Export the File List
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Click the 'Exchange' button at the top of the 'File List' pane then select 'Export' from the menu
|
Tip:
Alternatively, right click inside the 'File
List' page then select 'Exchange' then select 'Exchange' > 'Export'. |
- Navigate to where you want to store the exported list and click 'Save'.
The file will be created and saved. You will be given an option to view the folder containing the XML file for confirmation.
Import a saved file list
- Click 'Settings' on the CCS home-screen
- Click 'File Rating' > 'File List'
- Click the 'Exchange' button then select 'Import' from the menu
|
Tip:
Alternatively, right click inside the 'File
List' page then select 'Exchange' > 'Import'. |
- Navigate to the location of the XML file containing the file list and click 'Open'.
The
'File List' will be populated as per the imported 'File List'.