Comodo Client - Security for Linux Software Version 2.2

Transcription

1 Comodo Client - Security for Linux Software Version 2.2 User Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

2 Table of Contents 1. Introduction to Comodo Client - Security for Linux Special Features System Requirements Install Comodo Client - Security for Linux Start CCS for Linux Understand CCS Alerts The Summary Screen Antivirus Tasks - Introduction Run a Scan Update Virus Database Scheduled Scans Quarantined Items Scan Profiles Scanner Settings Real Time Scan Manual Scan Scheduled Scan Exclusions More Options - Introduction Preferences Language Settings Log Settings Connection Settings Update Settings Manage My Configurations Comodo Preset Configuration Import /Export and Manage Personal Configurations Diagnostics View Antivirus Events Log Viewer Module Antivirus Logs Filter Antivirus Logs 'Alerts Displayed' Logs Filter 'Alerts Displayed' Logs 'Tasks Launched' Logs Filter 'Tasks Launched' Logs Configuration Change Logs Filter 'Configuration Changes' Logs Browse Support Forums Help About Appendix 1 - CCS for Linux How To... Tutorials

3 5.1.Scan your Computer for Viruses View Antivirus Events Configure Database Updates Quickly Set up Security Levels Change CCS Language Settings Run an Instant Antivirus Scan on Selected Items Create a Scheduled Scan Restore Incorrectly Quarantined Item(s) Switch off Automatic Antivirus Updates...95 About Comodo Security Solutions

4 1. Introduction to Comodo Client - Security for Linux Comodo Client Security for Linux (CCS) offers complete protection against viruses, worms and Trojan horses for Linux based computers. The software is easy to setup and features real-time virus monitoring, full event logging, scheduled scans and more. To run a virus scan, click the 'Scan Now' link on the summary screen. To scan individual items, drag them into the scan box in the 'Summary' area Features Detects, blocks and eliminates viruses from desktops and networks Constantly protects with real-time and on-access scanning Scheduler allows you to run scans at a time that suits you Isolates suspicious files in quarantine preventing infection Daily, automatic updates of virus definitions Guide Structure Use the links below to jump to the section that you need help with. Introduction - An overview of Comodo Client - Security for Linux. Special Features System Requirements Install Comodo Client - Security for Linux 4

5 Start CCS for Linux Understand CCS Alerts The Summary Screen - At-a-glance details of important settings, activity and other information. Antivirus Tasks - Introduction - Run scans, configure settings, schedules, updates, scan profiles and more. Run A Scan Update Virus Database Scheduled Scans Quarantined Items Scan Profiles Scanner Settings Real Time Scan Manual Scan Scheduled Scan Exclusions More Options - Introduction - Overall configuration of Comodo Client - Security and view logs. Preferences Language Settings Log Settings Connection Settings Update Settings Manage My Configurations Diagnostics View Antivirus Events Log Viewer Module Antivirus Logs Filter Antivirus Logs Alerts Displayed Logs Filter Alerts Displayed Logs Tasks Launched Logs Filter Tasks Launched Logs Configuration Changes Logs Filter Configuration Changes Logs Browse Support Forums Help About Appendix 1 CCS for Linux How to... Tutorials - Step-by-step guidance on key tasks of Comodo Client Security Scan your Computer for Viruses View Antivirus Events Configure Database Updates Quickly Set up Security Levels Change CCS Language Settings Run an Instant Antivirus Scan on Selected Items Create a Scheduled Scans Restore Incorrectly Quarantined Item(s) 5

6 Switch off Automatic Antivirus Updates 1.1.Special Features Comprehensive Antivirus Protection Detects and eliminates viruses from desktops, laptops and network workstations Performs Cloud based Antivirus Scanning Employs heuristic techniques to identify previously unknown viruses and Trojans Scans configuration files and file system for possible spyware infection and cleans them Rootkit scanner detects and identifies hidden malicious files stored by rootkits Constantly protects with real-time, on-access scanning Highly configurable on-demand scanner allows you to run instant checks on any file, folder or drive Daily, automatic updates of virus definitions Isolates suspicious files in quarantine preventing further infection Built in scheduler allows you to run scans at a time that suits you Simple to use - install it and forget it - CCS protects you in the background 1.2.System Requirements Supported Operating Systems Ubuntu LTS x64 or higher Debian 8.8 x64 or higher Red Hat Enterprise Linux Server 7 x64 or higher Please note: The real-time or on-access antivirus scanning is not supported in Debain. 1.3.Install Comodo Client - Security for Linux Comodo Client Security for Linux (CCS) is part of Comodo IT and Security Manager (ITSM). It provides best-in-class security for Linux endpoints and can be deployed from the ITSM management interface. This section covers how to: Subscribe for ITSM Enroll users Add devices Deploy CCS on managed Linux endpoints Skip straight to Deploy CCS if you have already completed the first three steps. Subscribe for ITSM You can subscribe for ITSM as stand-alone application or as a part of the Comodo One (C1) application. If you do not already have an ITSM license, then please see the following links: To sign up for Comodo One, see To subscribe for ITSM as stand-alone, visit pid=98&license=try for the trial version and for the 6

7 full version. C1 customers can open ITSM by clicking 'Licensed Applications > 'IT and Security Manager'. Stand-alone customers can access the ITSM interface by opening a web browser and entering the URL they were provided with after sign up. Enroll Users You can deploy CCS onto endpoints only after adding users to ITSM. Comodo One users - If you created only one company in C1, then any users you enroll here will be automatically assigned to that company. If you created more than one company, the 'Enroll User' dialog will allow you to choose the company to which you want to assign the user. ITSM Users - You can add users and enroll their devices without selecting any company. However, If you need the users/devices to be grouped under different companies, you can create companies in ITSM and add device groups. To add a user Click 'Users' > 'User List' > click the 'Create User' button or Click the 'Add' button on the menu bar and choose 'Create User'. The 'Create new user' form will open. 7

8 Type a login username (mandatory), address (mandatory) and phone number for the user Choose the company (mandatory), from the 'Company' drop-down. Comodo One Users - The drop-down will display all companies you have added to C1. The user will be enrolled under the company you choose. ITSM users - Leave the selection as 'Default Company'. Choose a role for the user. A 'role' determines user permissions within the ITSM console itself. ITSM ships with two default roles: Administrators - Full administrative privileges in the ITSM console. The permissions for this role are not editable. Users - In most cases, a 'user' will simply be an owner of a managed device who should not require elevated privileges in the management system. Under default settings, 'Users' cannot login to ITSM. Click 'Submit' to add the user to ITSM. A confirmation message will be displayed. 8

9 Repeat the process to add more users. New users will be listed in the 'Users' interface (click 'Users' > 'User List') Tip: You can also bulk import a list of users from a comma separated values (CSV) file and bulk enroll users and Windows endpoints from Active Directory (AD) group policy. See the online help page for more details. Enroll Devices The next step is to enroll user devices. Afterwards, you will be able to manage the devices using ITSM. To enroll devices Click 'Users' > 'User List' from the left Select users for whom you want to enroll devices and click the 'Enroll Device' button above the table Or Click the 'Add' button at the menu bar and choose 'Enroll Device'. 9

10 The 'Enroll Devices' dialog will open: The device owners field is pre-populated with the users you selected in the previous step. To add more users, start typing first few letters of their username and choose from the results Show Enrollment Instructions - Displays enrollment advice in a pop-up. Useful for administrators attempting to enroll their own devices. Enrollment Instructions - Will send device enrollment instructions to all selected users. Users must enroll their own devices by following the instructions in the . The following confirmation message will be shown after clicking this button: An example mail is shown below: 10

11 The user should open the in the device to be enrolled and click the link under 'Enrollment Device' The user will be taken to an enrollment page containing instructions and agent download links 11

12 Click the enrollment link under 'For Linux Devices' and save the ITSM agent setup file. You can install the ITSM agent in your Linux device by first changing installer mode to executable and running the installer with root privileges in the command terminal: 12

13 1. Change installer mode to executable - enter the following command: $ chmod +x {$installation file$} 2. Run installer with root privileges - enter the following command: $ sudo./{$installation file$} For example: chmod +x itsm_ctjiw6gg_installer.run sudo./itsm_ctjiw6gg_installer.run That's it. The device will be enrolled to ITSM and listed in 'Devices' > 'Device List'. The next step is to install CCS onto the endpoint. Background Note on ITSM Agent: The agent is a small application installed on managed endpoints to facilitate communication between the endpoint and the ITSM server. The agent is responsible for receiving tasks and passing them to Comodo Client Security. Example tasks include changes in security policy, run a virus scan, update the antivirus database or generate a report. For security, endpoint agents can only communicate with the instance of ITSM which provisioned the agent. This means the agent cannot be reconfigured to connect to any other ITSM service. Step 3 - Deploy Comodo Client Security Note - Please uninstall any other antivirus products from target endpoints before proceeding. Failure to do so could cause conflicts that mean CCS will not function correctly. To install CCS Log into Comodo One Click 'Applications' > 'ITSM' 13

14 Click 'Devices' > 'Device List' Click the 'Device Management' tab Click the funnel icon on the right and select 'Linux', to see only Linux endpoints Click 'All Devices' to view every device in ITSM Select your target Linux device(s) using the check-boxes on the left Click 'Install or Update Packages': Select 'Install Linux Packages' from the drop-down. Choose 'Install Comodo Client - Security' Click 'Install': A command will be sent to target endpoints to install CCS. The ITSM agent on the endpoint will download and install CCS The application will become effective immediately after installation. You can configure CCS settings in the ITSM profile which is applied to the endpoint. See for more details on this. 1.4.Start CCS for Linux After installation, CCS will be automatically loaded whenever you start your computer. 14

15 Real-time protection and on-access scanning is automatically enabled so you are protected immediately after the restart. To configure the application and view settings, you need to access the management interface. You can access the management interface in three ways: Applications Menu Desktop Menu Dock Icon Applications Menu Click 'Applications' to start the application. The 'Applications' menu provides shortcuts to: Comodo Client - Security Run Diagnostics View Logs Desktop Menu Double-click the CCS icon in the desktop to start Comodo Client - Security. Dock icon Double-click the CCS icon in the dock area to start Comodo Client - Security. By right-clicking on the dock icon, you can access shortcuts to selected settings such as 'Antivirus Security Level', 15

16 'Configurations', open and close the application. See Real Time Scan and Manage My Configurations for more details. 1.5.Understand CCS Alerts Antivirus alerts immediately inform you if a virus has been detected and provide options and information to make an informed decision on how to proceed. Alerts can also be used to instruct CCS on how it should behave in future when it encounters activities of the same type. Note: Real-time scanning is not supported on Debian. Hence, antivirus alerts are not shown on Debian. Answering an Antivirus Alert Alerts are generated whenever a virus or malware tries to be copied to or run on your system. The alert contains the name of the virus detected and the location of the virus on your disk and, if available, more information about the virus. You can select either one of the following answer: 'Clean' and 'Ignore' Clean - Disinfect the file if there exists a disinfection routine for the detected file or move the file or application to Quarantined Items for later analysis. Ignore - Ignore the alert only if you trust the application or the source of application. To clean the file or application Click the drop-down arrow beside the 'Clean' button and select 'Clean' from the 'Clean' options. 16

17 Comodo Client Security will disinfect and clean the file or application. If the threat detected is new one and the disinfection routine does not exist, then CCS will move the file/application to Quarantined Items for later analysis. To ignore the alert if you trust the file/application Click 'Ignore'. This option has two options: Once -The file is ignored this time only. If the same file is detected at a later date then another alert will be displayed. Add to Exclusions - The virus is moved to Exclusions list. CCS will no longer report this file as malicious or raise an alert the next time the file is detected. 2.The Summary Screen The 'Summary' screen is shown by default when you open the application. It provides an at-a-glance summary of protection and update status as well as allowing you to quickly run a virus scan with a single click. You can also run a virus scan with a single click from here. Select the 'Summary' tab to access 'Summary' area. 17

18 To scan individual files for viruses, drag them into the scan area. Summary screen shows the following: 1. System Status The icon on the left shows your current security posture: 2. Yellow - Your security is at risk. For example, because you need to run a full scan, because the database is outdated, or because the real-time scanner is switched off. Green - All systems are active and running. Red - Serious security risks. For example, the CCSL agent service is not running or Comodo Client Security settings are corrupted. Antivirus The antivirus summary box shows: i. Scanner status - Shows whether the 'always-on' virus monitor is active or not. Possible options are: On Access: Real-time virus protection is enabled. All files you open or download are scanned before they are allowed to open. Disabled: Real-time protection is switched off. Click the status to configure real-time protection. See Scanner Settings for more help with this area. ii. When the Virus Database was Last Updated The day and time at which the virus database was most recently updated. Click the date/time to start the the database update. See Update Virus Database for more details iii. Number of Detected Threats 18

19 Click the <number of threats> to open the 'Antivirus Events' panel. For more details, see Antivirus Events. iv. Scan Now Click the 'Scan Now' link to start a scan. 3. Scan Area - Lets you run instant scan on any item on your computer. Drag items you want to scan into the box. You can drag virtually any type of item - files, folders, photos, applications or drives. CCS will instantly scan the item for malware. The results screen has controls that let you deal with any identified threats. 3. Antivirus Tasks - Introduction The 'Antivirus' task allows you to run custom, on-demand virus scans, and to configure how you want the antivirus scanner to behave. Alter scan settings for each scan type and to use the fully featured scheduler to run scans according to a time table of your choice. Ability to create custom scan profiles and to view any quarantined files. Click the 'Antivirus' tab to access the antivirus tasks interface. The following sections explain about each task in detail: Run a Scan Update Virus Database Scheduled Scans Quarantined Items Scan Profiles Scanner Settings Tip: The 'Antivirus Events' area contains logs of all virus events, tasks, scans and configuration changes. Click 'More' > 'View Antivirus Events' to open it. See View Antivirus Events if you need help. 19

20 3.1.Run a Scan The 'Run a Scan' area lets you launch an on-demand scan on an item of your choice. The item can be anything you choose - your entire computer, a specific drive or partition or even a single file. You can also choose to scan a wide range of removable storage devices, such as external hard-drives, USB sticks and more. To run an on-demand virus scan Open Comodo Client Security Click the 'Antivirus' tab Click 'Run a Scan' in the antivirus tasks area Next, choose the type of scan you want to run: Column Descriptions: Profile Name - The label of the scan profile. A scan profile defines the folders, drives or areas that should be scanned. CCS ships with two pre-defined scan profiles - 'My Computer' and 'Critical Areas'. These cannot be edited or removed: My Computer (Default) - Scans every local drive, folder and file on your system. Critical Areas - A targeted scan of important operating system files and folders. You can create any number of custom scan profiles to scan different areas. See Scan Profiles if you need more details. Profile Type - Shows whether the profile is predefined (created by Comodo) or user-defined. You have two main options available: Scan a preselected area ('My Computer', 'Critical Areas, or a custom scan profile created by you). Define a custom scan of specific areas. Click 'Create New Scan' to get started. Scan Pre-selected Areas Simply select the the scan you want to run then click the 'Scan' button. 20

21 Custom Scan To run a scan on a particular item of your choosing, you first need to create a scan profile. To do this: Click the 'Create New Scan' button Type a name for your new profile in the 'Scan Profile' dialog (for example, 'My External Drives') Click the 'Add' button to choose the files, folders or drives you wish to include in the scan profile You can add items to be scanned in two ways: Manually enter the path in the 'Add new item' field and click the '+' button' Drag and drop the files, folders and/or drives you require from the left pane to the right pane. Repeat the process to select multiple items. Click 'Apply'. Your new profile will be listed in the 'Run a Scan' dialog. Select your new profile in the list and click 'Scan'. The scan will begin. Next, see: Scan progress and results Create a custom scan profile Instantly scan items Tip: If you just want to scan on a file or folder, you can just drag it into the scan box in the 'Summary' area. For more details on scan profiles, see Scan Profiles. Scan Progress and Results Before running the scan, Comodo Client Security will first check for AV database updates. If updates are available they will be downloaded and installed. The scan, based on the profile you selected, will begin immediately. The progress dialog displays the profile name, the location that is currently being scanned, the start time and duration of the scan, the total number of objects scanned so far and the number of threats found. 21

22 Click 'Pause' to suspend the scan Click 'Resume' to recommence scanning Click 'Stop Scan' to abort the scan process altogether. Scan results are shown at the end of the scan. Click the 'Results' button to see detailed file information. The results window lists all threats discovered by the scan and provides controls which let you deal with the them: 22

23 Click the 'Threat Name' column header to sort the results in alphabetically order Click the 'Risk' column heder to sort the scan results based on the risk level Select 'All?' check box to select all the entries for actions such as 'Clean' or 'Ignore'. Use the check-boxes on the left to select individual files, or click 'All?' to choose all files. Save Results - Save the results to file. Clean - If a disinfection routine exists, CCS will remove the infection and retain the original file. If no disinfection routine exists, CCS will move the file to Quarantine. Ignore - Two options: Once - The file is removed from the threat results. The file isn't, however, added to the list of exclusions. The file will be detected as a threat again by the next scan. Add to Exclusions - The file is moved to the Exclusions list. CCS will skip this file in future scans and not consider it to be a threat. Create a Scan Profile 'Scan Profiles' let you set up custom scans on specific areas on your system. Scan profiles can be run on-demand at any time. Open Comodo Client Security Click the 'Antivirus' tab > Click 'Run a Scan' Click 'Create New Scan' 23

24 Type a name for the scan profile in the 'Name' in the 'Scan Profile' configuration Click 'Add' to select the items you wish to include in the scan Next, choose which items you want to scan: 24

25 You can add items in two ways: Manually enter the path in the 'Add new item' field and click the '+' button Drag and drop the files, folders and/or drives you require from the left pane to the right pane. Repeat the process to select multiple items Click 'Apply' to add items for the new scan profile. 25

26 Repeat the process to create more scan profiles Click 'Add' to select the items you wish to include in the scan Click the 'Apply' 26

27 You can also create new scan profiles in the Scan Profiles in the 'Antivirus' task interface. Instantly Scan Objects Drag items into the scan box on the summary screen. You can drag virtually any type of item - files, folders, photos, applications or drives. 3.2.Update Virus Database To ensure continued protection, it is imperative that CCS has the latest virus database installed. There are two ways to download updates from Comodo's servers: Download update manually Download update automatically To manually check for the virus database and download updates Open Comodo Client Security Click the 'Antivirus' tab Click 'Update Virus Database' on the tasks screen Note: You must be connected to internet to download the updates. The following notifications are shown during the update process: 27

28 CCS will show a warning on the home-screen if the virus database has not been updated for a long time. Automatic updates CCS checks for latest virus database updates and downloads them automatically. You can configure CCS to download updates on a per-scanner basis in 'Scanner Settings'. See Real Time Scan, Manual Scan and Scheduled Scan for more details. 3.3.Scheduled Scans The highly customizable scheduler lets you timetable virus scans according to your preference. You can configure scheduled scans to scan your entire computer or specific areas. You can create an unlimited number of scheduled scans. You can choose to run scans at daily, weekly, monthly or custom intervals. The 'Scheduled Scans' panel lets you: Create a scheduled scan Edit a pre-scheduled scan Cancel a pre-scheduled scan Note - You can configure the general settings of all scheduled scans by clicking 'Antivirus' > 'Scanner Settings' > 'Scheduled Scanning'. Create a scheduled scan Open Comodo Client Security Click the 'Antivirus' tab Click 'Scheduled Scans' in antivirus tasks A default schedule 'Weekly Virus Scanning' dialog will open: 28

29 This schedule is set so that your computer is scanned on every day at 15:00pm. To change the schedule scan, select it and click the 'Edit' button. Click 'Add'. The 'Scan Schedule' panel will open: 29

30 Type a name for the newly scheduled scan in the 'Name' box. Click the 'Profile' drop-down to select a scan profile. 'My Computer' and 'Quick Scan' are the default options. See Scan Profiles for help to create a custom scan profile. Select the start time and days of the week you wish to run the scan. Click 'Apply'. Repeat the process to create more scan schedules. To edit a scheduled scan Select the schedule from the list Click 'Edit' in the 'Scheduled Scans' setting panel Edit the necessary fields in the 'Scan Schedule' panel Click 'Apply'. To cancel a pre-scheduled scan Select the scan schedule profile you wish to cancel Click 'Remove'. 3.4.Quarantined Items All threats detected by CCS are moved into quarantine - a secure, encrypted holding area for suspicious files. Quarantined files cannot run so present no danger to your system or your data. The quarantine interface allows you to: Manually add files that you do not trust to quarantine Delete quarantined items from your system 30

31 Restore a quarantined item to its original location Delete all quarantined items To view quarantined items Open Comodo Client Security Click the 'Antivirus' tab Click 'Quarantined Items' in antivirus tasks The Quarantined Items will be displayed. Column Description Item - The application or process that was quarantined Location - The location where the item was discovered Date/Time - Date and time when the item was moved to quarantine. Manually add files to quarantine If you have a file, folder or drive that you suspect may contain a virus and not been detected by the scanner, then you have the option to isolate that item in quarantine. Click 'Add' and select the file from 'Open' dialog box. Delete quarantined items from your system Select the item and click 'Delete'. This deletes the file from the system permanently. Restore a quarantined item to its original location Select an item in quarantine and click 'Restore'. If the restored item does not contain malware it will run as normal If it contains malware, an antivirus alert will be shown when you next access the file ('Real Time Scanning' must be enabled). It will also be picked up by the next antivirus scan. Permanently delete all quarantined items Click 'Clear'. 31

32 This deletes all the quarantined items from the system permanently. Note: Quarantined files are stored using a special format and do not constitute any danger to your computer. 3.5.Scan Profiles Scan profiles let you choose specific folders, drives or areas to scan. Once saved, you can apply a scan profile to scheduled and on-demand scans. You can create as many custom scan profiles as you wish. To access the Scan Profiles interface Open Comodo Client Security Click the 'Antivirus' tab Click 'Scan Profiles' in the antivirus tasks interface. Comodo Client - Security has two profiles: 'Critical Areas' and 'My Computer'. These two profiles are predefined and cannot be edited or removed. My Computer (Default) - CCS scans every local drive, folder and file on your system. ii. Critical Areas - CCS runs a targeted scan of important operating system files and folders. The following sections explain how to: i. Create a scan profile Edit a scan profile Remove a custom scan profile To create a new scan profile 32

33 Click 'Scan Profiles' on the 'Antivirus' tasks interface. Click 'Add'. The 'Scan Profile' dialog appears: Type a name for the scan profile to be created in the 'Name' box and click 'Add'. Next, choose the items you want to scan: 33

34 There are two ways to add scan locations: Manually enter the path in the 'Add new item' field. Click '+' to add the item. The left-hand pane shows all drives, folders and files on your system. Drag and drop the items you want to include into the right hand pane. To revert a file, select the file from the left hand pane and click the left arrow. Click 'Apply'. Repeat the process to create more scan profiles. Click 'Apply' for the created profiles to take effect. The new profile will become available for selection in the 'Run a Scan' panel: 34

35 It is also available for selection during a scheduled scan. See Scheduled Scans for more details. Edit a custom scan profile Select the profile you want to edit from the list and click 'Edit'. Remove custom scan profiles Select the profile you want to remove from the list and click 'Remove' Note: You cannot delete predefined scan profiles (Critical Areas and My Computer). 35

36 3.6.Scanner Settings Click 'Antivirus' > 'Scanner Settings' The 'Settings' area lets you configure real-time scans, manual scans, scheduled scans and exclusions. The settings you implement will apply to all future scans of that type. Items added to 'Exclusions' are excluded from all types of scan To open Scanner Settings Open Comodo Client Security Click the 'Antivirus' tab Click 'Scanner Settings' in the 'Antivirus' tasks interface Antivirus settings are broken down into the following areas: Real Time Scan - Set parameters for the 'always-on' virus monitor Manual Scan - Set parameters for on-demand scans Scheduled Scan - Set parameters for scheduled scans Exclusions - View and manage items which will be skipped by virus scans. 36

37 Real Time Scan Click 'Antivirus' > 'Scanner Settings' > 'Real Time Scanning'. The 'Real time Scanning' (aka 'On-Access Scanning') is the 'always on' virus monitor which checks files in real time when they are created, opened or copied. We highly recommended that you keep the 'Real Time Scanner' enabled to ensure your system remains continually free of infection. The 'Real Time Scanning' area lets you enable or disable the scanner and configure scan options. Configure real time scanning Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' > 'Real Time Scanning': Real-Time Scanning Use the slider to enable or disable the real-time virus monitor: On Access - Realtime virus protection is enabled. All files that you open, copy or download are scanned before they are allowed to run. Disabled - Switches the real-time scanner off. Please note: Real-time scanning is not supported on Debian. This feature is not available on Debian. Detection Settings 37

38 Automatically update virus database - When enabled, CCS will check for and download the latest virus updates at system start-up and subsequently at regular intervals (Default = Disabled). However, some people like to have control over what gets downloaded and when it gets downloaded Automatic updates may be inconvenient if you have a slower connection, or have many downloads going at the same time. Network admins may not want automatic downloads because they take up to much bandwidth during the day. If you disable this option then you need to periodically select 'Update Virus Database'. Automatically quarantine threats found during scanning - CCS moves detected malware into an encrypted holding area known as 'quarantine'. Files in quarantine cannot run and pose no threat to your system. Click 'Antivirus' > 'Quarantined Items' to review quarantined files. You can restore items to their original location or permanently delete them. Show notification messages - Alerts appear in the lower right hand of the screen whenever the virus scanner discovers a threat on your system. Disabling alerts does not disable protection. CCS will continue to identify and deals with threats in the background. For more details on Antivirus alerts, see Understanding CCS Alerts (Default = Disabled). Heuristics Scanning Level - CCS employs various heuristic techniques to identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing the code of a file to ascertain whether it contains code typical of a virus. If it is found to do so then the application deletes the file or recommends it for quarantine. Heuristics is about detecting virus-like behavior or attributes rather than looking for a precise virus signature that matches a signature on the virus blacklist. This is a quantum leap in the battle against malicious scripts and programs as it allows the engine to 'predict' the existence of new viruses - even if it is not contained in the current virus database. The drop-down menu allows you to select the level of Heuristic scanning from the four levels: Off - Selecting this option disables heuristic scanning. This means that virus scans only uses the 'traditional' virus signature database to determine whether a file is malicious or not. Low (Default) - 'Lowest' sensitivity to detecting unknown threats but will also generate the fewest false positives. This setting combines an extremely high level of security and protection with a low rate of false positives. Comodo recommends this setting for most users. Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives. High - Highest sensitivity to detecting unknown threats but this also raises the possibility of more false positives too. Do not scan files larger than - Set a maximum size (in MB) for the individual files to be scanned during on-access scanning. Files larger than the size specified here, are not scanned (Default = 20 MB). Keep an alert on the screen for - Set the time period (in seconds) for which the alert message should stay on the screen (Default = 120 seconds). Click 'OK' to apply your changes Manual Scan Click 'Antivirus' > 'Scanner Settings' > 'Manual Scanning'. The options you set here will apply to all on-demand scans on your computer. For example, these settings will be used when: You click 'Scan Now' on the home screen then run a full or quick scan You scan an item by dragging it into the scan-box on the home screen You scan a file in the 'Run A Scan' from the 'Antivirus' menu 38

39 Configure manual scan settings Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' > 'Manual Scanning': Scan archive files - CCS scans archive files such as.zip and.rar files. You are alerted to the presence of viruses in compressed files before you even open them. These include RAR, ZIP and CAB archives (Default = Enabled). Automatically update virus database before scanning - Check for and download the latest virus database before starting an on-demand scan (Default = Enabled). Enable cloud scanning - Perform cloud based antivirus scanning. If enabled, CCS detects the very latest viruses more accurately because the local scan is augmented with a real-time look-up of Comodo's online signature database. This makes it possible to detect zeroday malware even if your local virus database is outdated. (Default = Disabled). Heuristics Scanning Level - 'Heuristics' is a method of analyzing a file to see if it contains code typical of a virus. It is about detecting 'virus-like' attributes rather than looking for a virus signature which exactly matches one on the blacklist. This allows CCS to detect new viruses even if they are not in the current database. There are four levels of heuristics you can choose from: Off - Disables heuristic inspection. Low (Default) - 'Lowest' sensitivity to detecting unknown threats but will also generate the fewest false positives. This setting combines an extremely high level of security and protection with least false positives. Comodo recommends this setting for most users. Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a 39

40 corresponding rise in the possibility of false positives. High - Highest sensitivity to detecting unknown threats. Recommended for the very security conscious, this setting provides the highest security but will also raise the number of false positives. Do not scan files larger than - Set a maximum size (in MB) for the individual files to be scanned during on-access scanning. Files larger than the size specified here, are not scanned. (Default = 20 MB). Click 'OK' to apply your changes Scheduled Scan Click 'Antivirus' > 'Scanner Settings' > 'Scheduled Scanning': The options you set in the 'Scheduled Scanning' tab will apply to all your scheduled scans. See Scheduled Scans for help to actually create a scan schedule. Configure Schedule Scan Settings Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' > 'Scheduled Scanning': 40

41 You can choose to run scheduled scans at a certain time on a daily, weekly, monthly or custom interval basis. You can also choose which specific files, folders or drives are included in that scan by choosing the scan profiles. The detection settings are as follows: Scan archive files - When this check box is selected, the Antivirus scans archive files such as.zip and.rar files. You are alerted to the presence of viruses in compressed files before you even open them. These include RAR, ZIP and CAB archives (Default = Enabled). Automatically quarantine threats found during scanning - CCS moves detected malware into an encrypted holding area known as 'quarantine'. Files in quarantine cannot run and pose no threat to your system. Click 'Antivirus' > 'Quarantined Items' to review quarantined files. You can restore items to their original location or permanently delete them. (Default = Disabled) Automatically update virus database before scanning - Check for and download the latest virus database before starting a scheduled scan (Default = Enabled). Show scanning progress - When enabled, a progress bar is shown on start of a scheduled scan. Clear this box if you do not want to see the progress bar (Default = Enabled). Enable cloud scanning - Perform cloud based antivirus scanning. If enabled, CCS detects the very latest viruses more accurately because the local scan is augmented with a real-time look-up of Comodo's online signature database. With Cloud Scanning enabled your system is capable of detecting zero-day malware even if your local antivirus database is out-dated. (Default = Disabled). Heuristics Scanning Level - 'Heuristics' is a method of analyzing a file to see if it contains code typical of a virus. It is about detecting 'virus-like' attributes rather than looking for a virus signature which exactly matches one on the blacklist. This allows CCS to detect new viruses even if they are not in the current database. There are four levels of heuristics you can choose from: Off - Disables heuristic scanning. This means that virus scans only uses the 'traditional' virus signature database to determine whether a file is malicious or not. Low (Default) - Lowest sensitivity to detecting unknown threats but will also generate the fewest false positives. This setting combines an extremely high level of security and protection with least false positives. Comodo recommends this setting for most users. Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives. High - Highest sensitivity to detecting unknown threats. Recommended for the very security conscious, this setting provides the highest security but will also raise the number of false positives. Do not scan files larger than - Set a maximum size (in MB) for the individual files to be scanned during on-access scanning. Files larger than the size specified here, are not scanned. (Default = 20 MB). Click 'OK' to apply your changes Exclusions Click 'Antivirus' > 'Scanner Settings' > 'Exclusions'. The 'Exclusions' tab shows files which you have told CCS to ignore during virus scans. You can add exclusions at an antivirus alert or in the results at the end of a scan. You can use this interface to add more exceptions or remove existing exceptions. To add files to be excluded from scans Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' > 'Exclusions': 41

42 All items listed and all items added to the 'Exclusions' list is excluded from all future scans of all types. Also, you can manually define trusted files or applications to be excluded from a scan. To define a file/application as trusted and to be excluded from scanning Click 'Add'. There are two methods available to choose the application that you want to trust: 'Browse Files...' and 'Browse Running Processes': Browse Files... - This option is the easiest for most users and simply allows you to browse the files which you want to exclude from a virus scan. 42

43 Browse Running Processes - As the name suggests, this option allows you to choose the target application from a list of processes that are currently running on your PC. When you have chosen the application using one of the methods above, the application name appears along with its location. Click 'OK' for the settings to take effect. 4. More Options - Introduction The 'More' area lets you configure various program settings, view event logs and more. The following sections explain about each option in detail: Preferences - Configure general CCS settings (interface language, log storage, update options and so on.) Manage My Configurations - Manage, import and export CCS security settings as configuration profiles. Diagnostics - Identify any problems with your installation. Browse Support Forums - Links to Comodo User Forums. Help - The online help guide. About - Version and copy-right information about the product. View Antivirus Events - See logs of all antivirus events including files intercepted by real-time protection, manual scans, virus signature database updates and more. 4.1.Preferences Click 'More' > 'Preferences' The 'Preferences' area lets you specify top-level settings regarding the interface, updates, languages, event 43

44 logging and more. The 'Preferences' section contains the following tabs: Language Logging Connection Update Language Settings Click 'More' > 'Preferences' > 'Language'. The 'Language' tab lets you choose the language used in the CCS interface. To configure interface language for CCS Open Comodo Client Security Click 'More' > 'Preferences' > 'Language': 44

45 Click the 'Language' drop-down and select your preferred language (Default = English (United States)). Click 'OK' You must restart the application for the change to take effect Log Settings Click 'More' > 'Preferences' > 'Logging'. The 'Logging' area allows you; Enable or disable logging. Configure how CCS should behave once a log file reaches a certain size. 45

46 Configure how logs should be written (to file and/or to syslog server) CCS logs all events by default. You can view logs from the 'Antivirus Events' interface ('More' > 'View Antivirus Events'). See View Antivirus Events for more details. To access the 'Logging' settings interface Open Comodo Client Security Click 'More' > 'Preferences' > 'Logging': General Log File Options Write to local log database (COMODO format) - CCS logs events in Comodo format and the log storage depends on settings done in Log File Management section below. (Default = Enabled) Write to Syslog Server (CEF Format) - Log events are written to CEF format on a Syslog server. Specify the server in the 'Host' field. Write to Log File (CEF Format) - Log events are written to CEF format. Specify the location of the file in the 'Path' field. Log File Management When log file reaches (MB) - Enables you to configure for deleting or moving the log file if it reaches a specified size in MB. You can decide on whether to maintain log files of larger sizes or to discard them depending on your future reference needs and the storage capacity of your hard drive. Specify the maximum limit for the log file size (in MB) in the text box beside 'If the log file's size exceeds (MB)' (Default = 100 MB). 'Keep on updating it removing the oldest records' - Uses the current file once it reaches the max size. New records will replace the oldest records in the file. (Default = Enabled). 'Move it to...'. Starts a new file once it reaches the max size. The old log file is moved to the location that you specify. (Default = Disabled). Click the 'the specified folder' link and select the folder to save the log archives The selected folder path will appear beside 'Move it to': 46

47 Once the log file reaches the maximum size, it will be automatically moved to the selected folder and a new log file will be created with the log of events occurring from that instant. Click 'OK' to save your settings Connection Settings Click 'More' > 'Preferences' > 'Connection'. The 'Connection' area lets you configure how CCS should connect to Comodo servers in order to receive antivirus database updates. This useful if you want CCS to connect through a proxy server To configure connection settings to receive virus signature database updates Open Comodo Client Security Click 'More' > 'Preferences' > 'Connection': 47

48 'Use http proxy' - Enter the proxy server IP address or name in the 'Server' text box and enter the port number in the 'Port' text-box (Default = Disabled). 'Proxy server requires authorization' - If required, type your username and password in the fields provided (Default = Disabled). Click 'OK' to save your settings Update Settings Click 'More' > 'Preferences' > 'Update' The 'Update' area lets you: Enable or disable automatic virus signature database updates for CCS. Choose the host from which updates should be downloaded. Default = To configure update settings Open Comodo Client Security Click 'More' > 'Preferences' > 'Update': By default, updates are downloaded from 48

49 Leave this setting alone if you always want to download updates from Comodo servers (Default = Enabled). You can add the URL of an alternative download host if required. For example, you may want to store updates on a server on your local network prior to distribution to endpoints. To add a host Click 'Add' and enter the URL or IP address of the host in the next row that appears. Repeat the process to add multiple hosts. Use 'Move Up' and 'Move Down' buttons to re-order the priority of host. CCS for Linux will automatically check the host specified here and download updates from the host even when you are offline. Click 'OK' for your settings to take effect. 4.2.Manage My Configurations Click 'More' > 'Manage My Configurations' Comodo Client - Security allows you to maintain, save and export multiple configurations of your security settings. Exporting your settings can be a great time-saver if: You need to uninstall and re-install CCS for any reason. For example, if you are upgrading your computer. You are a network admin looking to roll out a standard security configuration to multiple computers. 49

50 See the following sections for more details about: Comodo Preset Configurations Import / Export and Manage Personal Configurations Comodo Preset Configuration Click 'More' > 'Manage My Configurations'. The profile that is currently in use is the 'Active' profile. The default security profile installed with Comodo Antivirus is called 'Comodo Client - Security'. This profile has the following settings: Setting Value Preferences Language English (US) Logging Settings: Write to Local Log Database Enabled Write to Syslog Server (CEF Format) Disabled Write to Log File (CEF Format) Disabled Maximum log file size 100 MB Log file size action Keep on updating it removing the oldest records Connection Settings: Use http proxy Disabled Update Settings: Update Server 50

51 Setting Value Scanner Settings Realtime Scanning Settings: Enable Real-time Scan Enabled Automatically quarantine threats found during scanning Disabled Automatically update virus database Enabled Show notification messages Disabled Heuristics Scanning Level LOW Do not scan files larger than 20 MB Keep an alert on the screen for 120 Seconds Manual Scanning Settings: Scan archive files (e.g. *.zip, *.rar) Enabled Automatically update virus database before scanning Enabled Enable cloud scanning Disabled Heuristics Scanning Level LOW Do not scan files larger than 20 MB Scheduled Scanning Settings: Scan archive files (e.g. *.zip, *.rar) Enabled Automatically quarantine threats found during scanning Disabled Automatically update virus database before scanning Enabled Show scanning progress Enabled Enable cloud scanning Disabled Heuristics Scanning Level LOW Do not scan files larger than 20 MB Scan Profiles: Predefined Scan Profiles My Computer, Critical Areas Custom Scan Profiles None Scan Schedules: Weekly Virus Scanning Scan Profile 'My Computer' profile Schedule Weekly, on Sunday at 12:00 AM. 51

52 Import /Export and Manage Personal Configurations Click 'More' > 'Manage My Configurations' The 'Configurations' interface lets you export the current CCS configuration as a profile. You can also import and implement a saved profile. This is useful if you wish to roll out a standard configuration to multiple endpoints. All settings in the CCS application will be configured as per the imported configuration. To access the 'Configurations' interface Open Comodo Client Security Click 'More > 'Manage My Configurations' By default, the interface contains one preset configuration - 'Comodo Client - Security'. The current configuration is labeled as 'Active' in this interface. The 'Active' configuration is a record your current configuration. It contains all your settings changes and preferences. Click the area on which you would like more information: Export the current configuration Import a saved configuration Select a different active configuration setting Delete a inactive configuration profile Export your current configuration to a file Open Comodo Client Security Click 'More' > 'Manage My Configurations' Select the currently active configuration and click 'Export' 52

53 Type a file name for the profile (e.g. 'Custom CCS Profile') and save to the location of your choice. A confirmation dialog will appear if the export is successful: Import a saved configuration from a file CCS allows you to import profiles in.cfgx format. Any profile you import will not become active until you click the 'Activate' button To import a configuration file 53

54 Open Comodo Client Security Click 'More' > 'Manage My Configurations' Click 'Import' in the 'Configurations' interface Navigate to the location of the saved configuration file, select it and click 'Open'. The 'Import as dialog' will appear. Assign a name for the profile you wish to import and click 'OK'. A confirmation dialog will appear indicating the successful import of the profile. The configuration profile is available for deployment. 54

55 Select and Implement a different configuration profile The 'Configurations' interface lets you quickly switch between different configuration profiles. Open Comodo Client Security Click 'More' > 'Manage My Configurations' Select the configuration profile you want to activate Click the 'Activate' button. You will see the following confirmation dialog: The profile will be marked as 'Active' in the profile list: 55

56 Delete an inactive configuration profile You can remove unwanted configuration profiles from the list of stored configuration profiles. You cannot delete the 'Active' profile. You can only delete inactive profiles. To remove an unwanted profile Open Comodo Client Security Click 'More' > 'Manage My Configurations' Select the profile and click the 'Remove' button. Click 'Yes' at the confirmation dialog: The profile will be removed from your computer: 56

57 4.3.Diagnostics Click 'More' > 'Diagnostics' The diagnostics scanner checks your system to make sure that the application is installed correctly. It checks: File System - Checks all Comodo system files are present and correctly installed. Incompatible software - Checks whether your computer has software installed that has compatibility issues with CCS. To open the diagnostics tool Open Comodo Client Security Click 'More' > 'Diagnostics' OR Click 'Run Diagnostics' in the 'Applications' in the panel. Note: diagnostics can only be run by root users (admins). If you are not a root user, then a dialog will appear to enter root password. The progress of the integrity scan will start If your installation does not have any errors, you will see the following dialog: If the diagnostics utility has found some errors in the installation, the following dialog will appear: Click 'OK'. The diagnostics utility automatically fixes the problems and prompts you to restart the computer Restart your computer for the changes to take effect. If the utility could not fix the problems, it will prompt you to create a diagnostics report: 57

58 4.4.View Antivirus Events Click the number in front of 'threat(s) detected so far' on the summary screen Or Click 'More' > 'View Antivirus Events' The events area is a log of actions taken by CCS when it encountered a malicious file. The log viewer tells you: The name of the malware and the location where it was detected on your computer The date and time it was detected The action that was taken on the malware by CCS, and whether or not the action was successful. To view Antivirus Events Open Comodo Client Security Click 'More' > 'View Antivirus Events' 58

59 Antivirus Events - Column Descriptions Column Header Descriptions Location The path where the malware was detected. Malware Name The type of malware and its identifier Action How CCS attempted to deal with the malware Status Whether or not the action was successful Date The date and time the malware was detected. Click any column header to sort items in order of the entries in that column. Click the 'More' button to open the 'Log Viewer Module' Log Viewer Module CCS for Linux records all antivirus events in extensive but easy to understand logs. Logs are generated during real-time protection, after running an update, and for various other events. To view a log of Antivirus Events Open Comodo Client Security Click 'More' > 'View Antivirus Events' Click 'More' in the 'Antivirus Events' interface OR Click 'View Logs' in the 'Applications' panel The panel on the left lists the various types of logs available. Choose the type of log you want to see: 59

60 Antivirus Events - Shows all events generated by the antivirus module Other Logs: Alerts Displayed: Lists all alerts that were displayed to the user. Includes the response given by the user to those alerts and alert details. Tasks Launched: Various 'Antivirus' tasks such as virus signature database updates and scans that have taken place. This area contains a log of all on-demand and scheduled AV scans and the result of the scan. Configuration Changes: Log of all configuration changes made by the user in the CCS application. The events themselves are shown in the main panel on the right. The links along the top of the interface let you filter the logs by date. Today - Shows events logged since 12 AM on today's date. Current Week - All logged events during the current week. The current week is calculated from the Sunday to Saturday. Current Month - All logged events during the month. Entire Period - Every event logged since CCS was installed. If you have cleared the log history since installation, this option shows all logs created since that clearance. You can also use the 'Advanced Filter' bar to filter by various other criteria. For example, you can choose to show all events where an item was quarantined. Export Log Files There are two ways to export log files: 1. Right-click the log file you want to export > select 'Export'. 2. File menu: Select the event you want to export. Click 'Export' in the 'File' menu The following sections contain more details about each type of log: Antivirus Logs 'Alerts Displayed' Logs 'Tasks Launched' Logs Configuration Change Logs Antivirus Logs Antivirus logs are a record of of the actions taken on detected threats. 60

61 Antivirus Events - Column Descriptions Column Header Descriptions Date Date and time the malware was detected. Location Path where the file was detected Malware Name The type of the malware and its identifier Action How CCS attempted to deal with the file Status Whether the action was a successful Alert Click 'Related Alert' to view details of the alert shown at the time of the event. You'll also see the user's response. See 'Alerts Displayed' Logs for more details. Right-click inside the log viewer module and choose the 'Refresh', enable 'Advanced Filter' or 'Export' logs Filter Antivirus Logs You can customize which events are shown using the following filters: Action - Filter events according to the response (action taken) by the antivirus 61

62 Location - Filter events by the directory where the malware was found Malware Name - Show events that concern a specific piece of malware Status - Whether the logged action was successful or not. Options are 'Success' or 'Fail' Each of these categories can be refined by selecting or deselecting filter parameters. You can also type a filter string in the field provided. To configure advanced filters for Antivirus events Click 'More' > 'View Antivirus Events' Click 'More' in the 'Antivirus Events' interface to open the Log Viewer Module (If you haven't done so) Select 'Antivirus Events' under 'Logs per Module' Right-click inside the log viewer module and select 'Advanced Filter' from the options The 'Advanced Filter' pane will appear at the top. You can add and configure any number of filters in the 'Advanced Filter' dialog. Click the drop-down in the Advanced Filter pane and choose the filter category Following are the options available in the 'Advanced Filter' drop-down: 1. Action: The 'Action' option allows you to filter logs based on the actions taken by CCS against the detected threat. Select 'Action' then click 'Add' to add specific filter parameters: a. Select 'Equal' or 'Not Equal' option from the drop down. 'Not Equal' will invert your selected choice. b. Now select the check-boxes of the specific filter parameters to refine your search. The parameter available are: Quarantine: Events where the user chose to move the infected file to quarantine 62

63 Remove: Events where the user chose to delete an item Ignore: Events where the user chose to skip an item Detect: Events where a malware was detected Ask: Events when user was shown an alert concerning some Antivirus event Restore: Events of the applications that were quarantined and restored For example, if you check the 'Quarantine' box then select 'Equal', you would see only those events where an item was quarantined. 2. Location: The 'Location' option enables you to filter the log entries related to events logged from a specific file path. Select the 'Location' then click 'Add' to add specific filter parameters: a. Select 'Contains' or 'Does Not Contain' option from the drop-down. b. Enter the path of the file(s) in full or part, as search criteria. For example, if you select 'Contains' from the drop-down and enter the criteria "/volumes/run-test/", then this will show all events that occurred in '/volumes/run-test/'. Similarly, 'Does Not Contain' - "volumes/run-test/", will show every event except those that occurred in "volumes/run-test/" 3. Malware Name: The 'Malware Name' option enables you to filter the log entries related to specific malware. Select the 'Malware Name' then click 'Add' to add specific filter parameters: a. Select 'Contains' or 'Does Not Contain' option from the drop-down field. b. Enter the search criteria in the text field. For example, if you choose 'Contains' option from the drop-down and enter "malware@#10" in the text field, then all events containing the entry malware@#10 in the 'Malware Name' field will be displayed. If you choose 'Does Not Contain' option from the drop-down and enter "malware@#10" in the text field, then all events that do not have the entry 'malware@#10 in the 'Malware Name' field will be displayed. 4. Status: The 'Status' option allows you to filter the log entries based on the success or failure of the action 63

64 taken against the threat by CCS. Select the 'Status' option and click 'Add' to specify the filter parameters. a. Select 'Equal' or 'Not Equal' option from the drop-down field. 'Not Equal' will invert your selected choice. b. Now select the checkboxes of the specific filter parameters to refine your search. The parameter available are: Success: Events that successfully executed (for example, the malware was successfully quarantined) Failure: Events that failed to execute (for example, the database malware was not disinfected) Remove' beside a filter to clear the respective filter type 'Alerts Displayed' Logs 'Alert Displayed' logs are a history of alerts shown to users when CCS detects a threat. The action taken depends on how the user responded to the alert. 'Alerts Displayed' Logs - Column Descriptions Column Header Descriptions Date Date and time the alert was generated. Type The CCS module that triggered the alert. For example, if the alert was generated by the antivirus module, the type is 'Antivirus Alert'. Description Brief description of the file or event that triggered the alert. Advice The location of the infected file shown in the alert. 64

65 Answered Date and time the user responded to the alert. Answer The response given by the user. Flags Any additional options chosen by the user at the alert. For example, if the user chose 'Remember My Answer' at the alert. Treat as The application category chosen for the file by the user. Event The 'Treat as...' option in an alert lets users tell CCS how to handle the file in future. Example options include 'Treat as a safe application' and 'Treat as an installer'. CCS will handle the file in accordance with the application category in future. Click 'Related Event' to view details of the event that triggered the alert. You'll also see the action taken by CCS on the event. See 'Antivirus Logs ' for more details. Right-click inside the log viewer module and choose 'Refresh', enable 'Advanced Filter' or 'Export' logs Filter 'Alerts Displayed' Logs You can customize which alert log entries are shown using the following filters: Advice: 'Advice' is the message text in the alert which contains the location of the infected file. Type the message text which you want to use as a filter. Answer: Filter alerts based on response given by the user. Answered: Filter alerts that were answered at a specific date. Description: Type your search terms in the field provided. CCS will find all alerts which feature your terms in the description. Flags: Filter alerts based on additional options chosen by the user. Additional options include 'Remember my answer'. Treat As: Alerts where a 'Treat As' option was chosen by the user. For example, 'treat as a safe application', 'treat as an installer' and so on. Alert Type: Show alerts triggered by selected CCS module(s) Each of these categories can be refined by selecting or deselecting filter parameters. You can also type a filter string in the field provided. To configure 'Advanced Filters' for 'Alert Displayed' logs Click 'More' > 'View Antivirus Events' Click 'More' in the 'Antivirus Events' interface to open the Log Viewer Module (If you haven't done so) Select 'Alerts Displayed' under 'Other Logs' Right-click inside the log viewer module and select 'Advanced Filter' from the options The 'Advanced Filter' pane will appear at the top. You can add and configure any number of filters in the 'Advanced Filter' dialog. Click the drop-down in the Advanced Filter pane and choose the filter category 65

66 Following are the options available in the 'Advanced Filter' drop-down: Advice: The Advice option allows you to filter alerts containing the search criteria in the message text and/or location shown in the alert. Select 'Advise' then click 'Add' to add specific filter parameters: a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu. b. Enter the text or word as your filter criteria. For example, if you select 'Contains' from the drop-down and enter the criteria "/volumes/run-test/", then this will show all alerts containing '/volumes/run-test/' in the alert message.. Similarly, 'Does Not Contain' - "volumes/run-test/", will show every alert except those containing "volumes/run-test/" in the alert message. Answer: The 'Answer' option allows you to filter alerts by user response to the alert. Select 'Answer' then click 'Add' to add specific filter parameters: 66

67 a. Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice. b. Now select the response parameter to refine your search. The parameter available are: Unknown Allow Deny Treat As Sandbox Time-out Disinfect Quarantine Skip Once Add to Exclusions Added To Trusted Files False Positive Skip Terminate Keep inside Sandbox Run outside Sandbox For example, if you choose 'Equal' from the drop-down and select 'Add to Exclusions' checkbox, only the log of Antivirus alerts for which you answered as 'Ignore' > 'Add to Exclusions' will be displayed. Answered: The 'Answered' option allows you to filter the log based on the date you answered the alerts. Select 'Answered' then click 'Add' to add specific filter parameters: a. Select the relation operator for your search criteria from the following options: Equal Greater than 67

68 greater then or Equal Less than Less than or Equal Not Equal b. Enter the required date in the date field in DD/MM/YY format. For example, if you select 'Greater than' from the drop-down and select '01/08/18', only the log of alerts answered on any day after August 1st, 2018 will be displayed. Description: The 'Description' option allows you to filter alerts containing the your search criteria/malware name in the description column. Select 'Description' then click 'Add' to add specific filter parameters: a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu. b. Enter the text or word as your filter criteria. For example, if you select 'Contains' from the drop-down and enter only entries that contain the phrase in the description column will be displayed. Flags: The 'Flags' option allows you filter the alerts based on the additional options selected by you when responding to them. Select 'Flags' then click 'Add' to select the filter parameters: a. Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice. b. Now select the check-boxes of the specific filter parameters to refine your search. The parameter available are: Remember Restore Point Submit Trusted Publisher For example, if you choose 'Equal' from the drop-down and select 'Remember' from the checkbox options, only the log entries of alerts for which 'Remember my answer' option was selected will be displayed. 68

69 Treat As: Filter logs by the application category chosen in the 'Treat As' drop-down in the alert. Select 'Treat as' then click 'Add' to specify the filter criteria: a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu. b. Enter the application category as your filter criteria For example, if you have chosen 'Contains' from the drop-down and entered 'Installer' in the text field, only the log entries containing the phrase 'Installer' in the 'Treat As' column will be displayed. Type: The Type option allows you to filter the alerts based on the CCS module(s) that triggered them. Select 'Type' then click 'Add' to select the CCS module(s): a. Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice. b. Now select CCS module(s) to refine your search. The available parameters are: Antivirus Alert Firewall Alert Defense+ Alert BO Alert Execution Alert Sandbox Alert For example, if you select 'Equal' from the drop-down and select 'Antivirus Alert' checkbox, only the alerts triggered by the Antivirus module will be displayed. Click Remove' beside a filter to clear the respective filter type 'Tasks Launched' Logs 'Tasks launched' logs are a history of various tasks launched by CCS. Example tasks are virus signature database updates and on-demand virus scans. Each row shows the type of task and various other details. 69

70 'Tasks Launched' Logs - Column Descriptions Column Header Descriptions Date Date and time the task was started. Type The category of the task. For example, 'Antivirus Scan', 'Antivirus Update'. Parameter The settings which were applied to the task. This will change according to the type of task that was run. For example, if the task type is 'Antivirus Scan', then the scan profile is shown here. Completed Date and time the task was completed. Code Internal CCS code for the task type. Info and Additional Info Details of the task. For example if the task in an 'Antivirus Scan', the 'Info' column shows the number of files scanned and the Additional Info column shows the number of identified malware. Right-click inside the log viewer module and choose the 'Refresh', enable 'Advanced Filter' or 'Export' logs. 70

71 Filter 'Tasks Launched' Logs You can customize which task log entries are shown using the following filters: Code - Filter tasks by the CCS internal code for them. Completed - Filter tasks that were completed on a specific date. Parameter - Show tasks that include a specific parameter. A 'parameter' is setting which modifies the main task type. For example, a scan profile is a 'parameter' of an antivirus scan. Type - Filter by tasks type. Example tasks include antivirus updates, antivirus scans, log clearing and more. Each of these categories can be refined by selecting or deselecting filter parameters. You can also type a filter string in the field provided. To configure Advanced Filters for Tasks Launched Click 'More' > 'View Antivirus Events' Click 'More' in the 'Antivirus Events' interface to open the Log Viewer Module (If you haven't done so) Select 'Tasks Launched' under 'Other Logs' Right-click inside the log viewer module and select 'Advanced Filter' from the options The 'Advanced Filter' pane will appear at the top. You can add and configure any number of filters in the 'Advanced Filter' dialog. Click the drop-down in the 'Advanced Filter' pane and choose the filter category Following are the options available in the 'Advanced Filter' drop-down: 71

72 Code: The 'Code' option allows you to filter the tasks based on their CCS internal code value. Select 'Code' then click 'Add' to add specific filter parameters: a. Select the options from the drop-down box. 'Not Equal' will invert your selected choice. The available are: Equal Greater then Greater than or Equal Less then Less than or Equal Not Equal b. Enter the code in full or part as your filter criteria in the text field. For example if you choose 'Equal' from the drop-down and enter '0x ' in the text field, then only log entries with 0x in the code column will be shown. Completed: The 'Completed' option allows you to filter the tasks based on the date of completion of them. Select 'Completed' then click 'Add' to add filter parameters: a. Select any of the following options from the drop-down box. Equal Greater then Greater than or Equal Less then Less than or Equal Not Equal b. Enter the required date in the date field in DD/MM/YY format. For example, if you select 'Greater than' from the drop-down and select '01/08/18', only the log of tasks completed on any day after August 1st, 2018 will be displayed. Parameter: The 'Parameter' option allows you filter tasks for which a specific parameter is used to run. For example, a scan profile is a 'parameter' of an antivirus scan. 72

73 a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu. b. Enter the text or word as your filter criteria. For example, if you choose 'Contains' option from the drop-down and enter the phrase 'my custom scan' in the text field, then only the entries of antivirus scan tasks with the scan profile 'my custom scan' will be displayed. Type: The 'Type' option allows you to filter the tasks by their type. Example task types include antivirus updates, antivirus scans, log clearing and more. a. Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice. b. Now select the check-boxes of the specific filter parameters to refine your search. The parameter available are: AV Update AV Scan Log Clearing Guarantee Activation Upgrade For example, if you select 'Equal' from the drop-down and select 'AV Scan' checkbox, only the log of antivirus scan tasks will be displayed. Click Remove' beside a filter to clear the respective filter type Configuration Change Logs 'Configuration Change Logs' are a record of all changes made to CCS settings since installation. 73

74 'Configuration Changes' Logs - Column Descriptions Column Header Descriptions Date Date and time of the configuration change. Action The nature of the configuration change. Modifier The user or the object that initiated the configuration change. Example. If you add an item to exclusions at an antivirus alert, then the modifier is 'Antivirus Alert'. Object The CCS setting or parameter affected by the change Name The profile or file that was changed. Old Value The value of the setting before the change New Value The value of the setting after the change Right-click inside the log viewer module and choose 'Refresh', enable 'Advanced Filter' or 'Export' logs Filter 'Configuration Changes' Logs You can customize which events are shown using the following filters: Action: Show events based on the nature of the configuration change. Example actions are option changes, add/remove of objects etc. 74

75 Status: Filter events based on success/failure of the actions. Modifier: Filter logs based on the source of the change. Example sources include the user making a change at an alert, auto-learning, the antivirus alert or execution alert. Name: Filter the logs based on the profile or the file that was changed Object : Filter the logs based on the CCS setting or parameter affected by the change. Each of these categories can be refined by selecting or deselecting filter parameters. You can also type a filter string in the field provided. To configure 'Advanced Filters' for 'Configuration Changes' Logs Click 'More' > 'View Antivirus Events' Click 'More' in the 'Antivirus Events' interface to open the 'Log Viewer' Module (if you haven't done so already) Select 'Configuration Changes' under 'Other Logs' Right-click inside the log viewer module and select 'Advanced Filter' from the options The 'Advanced Filter' pane will appear at the top. You can add and configure any number of filters in the 'Advanced Filter' dialog. Click the drop-down in the Advanced Filter pane and choose the filter category Following are the options available in the 'Advanced Filter' drop-down: Action: The 'Action' option allows you to filter the events based on the nature of the configuration change. Example actions are option change, addition/removal of objects and more. Select 'Action' then click 'Add' to add specific filter parameters: 75

76 a. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice. b. Now select the action(s) to refine your search. The parameters available are: Object Added Object Changed Object Removed Option Changed String Added String Removed For example, if you choose 'Equal' in the drop-down and select 'Object Changed', only the log entries with the value 'Object Changed' in the 'Action' column will be displayed. Status: The 'Status' option allows you to filter events based on success/failure of the actions. Select 'Status' then click 'Add' to select the filter parameter: a. Select 'Equal' or 'Not Equal' option from the drop-down field. 'Not Equal' will invert your selected choice. a. Select the required status to refine your search. The parameters available are: Success: Displays events in which the configuration change actions were successfully implemented Failure: Displays events at which the configuration change actions failed. Modifier: The 'Modifier' option allows you to filter logs based on the source of the change. Example sources include the user making a change at an alert, auto-learning, the antivirus alert or execution alert. Select 'Modifier' then click 'Add' to select the source(s) of change(s): 76

77 a. Select 'Equal' or 'Not Equal' option from the drop-down menu. b. Select the source that implemented the change to refine your search. The parameters available are: User Antivirus Alert Auto Learn Firewall Alert Defense+ Alert BO Alert Execution Alert For example, if you choose 'Equal' in the drop-down and select 'User', only the log entries with the value 'User' in the 'Modifier' column will be displayed. Name: The 'Name' option allows you to filter the logs based on the profile or the file that have been changed. Select 'Name' then click 'Add' to specify the filter criteria: a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu. b. Enter the name of the item in full or part as filter criteria in the text box. For example, if you choose 'Contains' option from the drop-down and enter the phrase '/var/' in the text field, then only the log entries containing the /var/ in the 'Name' column will be displayed. Object: The 'Object' option allows you to filter the logs based on the CCS setting or parameter affected by the configuration change. 77

78 Select 'Object' then click 'Add' to select the filter criteria: a. Select 'Equal' or 'Not Equal' option from the drop down menu. 'Not Equal' will invert your selected choice. b. Select the setting(s)/parameter(s) to refine your search. For example, if you chose 'Equal' and 'Antivirus: Mode', you will only see log of events where the real-time scanner mode was enabled/disabled. Click Remove' beside a filter to clear the respective filter type. 4.5.Browse Support Forums Click 'More' > 'Browse Support Forums' The 'Browse Support Forums' link takes you to the Comodo One community message boards, a forum for our users to discuss anything related to our products. Please register for a free account to post questions and join discussions. To open the Comodo One forum Open Comodo Client Security Click 'More' > 'Browse Support Forums' You will be taken to the community pages at 78

79 Online Knowledge Base An online knowledge base and support ticketing system is available at Registration is free. 4.6.Help Click 'More' > 'Help' The 'Help' link lets you view the CCS online help guide at Each area has its own dedicated page and contains detailed descriptions of the application's functionality. To open the online guide Open Comodo Client Security Click 'More' > 'Help' 79

80 You can also print or download the help guide in pdf format from the webpage. 4.7.About The 'About' dialog shows copyright information and the software version number. To view the 'About' information Open Comodo Client Security Click the 'More' > 'About' 80

81 5. Appendix 1 - CCS for Linux How To... Tutorials This section contains tutorials on key tasks in Comodo Client Security. Use the links below to go to each tutorial's page: Scan your Computer for Viruses - How to automatically or manually scan your computer View Antivirus Events - How to view logs made by the virus scanner Configure Database Updates - Specify how virus signature updates should be handled Quickly Change Security Levels - How to enable or disable real-time virus scans Change CCS Language Settings - Change the language used in the CCS interface Run an instant Antivirus scan on Selected Items - How to run custom scans on specific items or areas Create a Scheduled Scan - Setup up a virus scan which automatically runs at regular intervals Restore Incorrectly Quarantined Item(s) - Revert quarantined files to their original location Switch Off Automatic Antivirus Updates - Disable automatic and virus signature database updates 5.1.Scan your Computer for Viruses You can run a full scan, a quick scan, or create a custom scan profile. To run an on-demand virus scan Open Comodo Client Security Click the 'Antivirus' tab > 'Run a Scan' 81

82 CCS ships with two pre-defined scan profiles My Computer (Default) - Scans every local drive, folder and file on your system. Critical Areas - A targeted scan of important operating system files and folders. Select the profile you want then click the 'Scan' button. Create New Scan. Define a custom scan profile of specific areas of your system. The profile will appear in the 'Run a scan' dialog after you save it. See custom scan to find out more. CCS will check for and download any available updates before starting the scan. The scan will commence after updates have been installed: The results are shown at the end of the scan. The results show any threats found along with their location and severity level. 82

83 Use the check-boxes on the left to select specific files, or select 'All?' to choose every file. Then pick one of the following options: Clean - CCS will deal with the threats. They will either be deleted, disinfected, or moved to Quarantine, depending on the type of threat found. Ignore - Allows you to ignore the threat this time only, report the file to Comodo as a false positive, or create an exclusion for the file. You can export the results to a text file by clicking the 'Save Results' link. See Quarantined Items for more details on quarantined applications. To create a new scan profile Click 'Create New Scan' in the 'Run a Scan' interface. 83

84 Type a name for the scan profile Click 'Add' to select the items you wish to include in the scan Next, choose which items you want to scan: 84

85 You can add items in two ways: Manually enter the path in the 'Add new item' field and click the '+' button Drag and drop the files, folders and/or drives you require from the left pane to the right pane. Repeat the process to select multiple items Click 'Apply' to add items for the new scan profile. 85

86 Repeat the process to create more scan profiles Click 'Add' to select the items you wish to include in the scan Click the 'Apply' You can also create new scan profiles in the Scan Profiles in the 'Antivirus' task interface. To run an instant scan on a particular item, see Run an Instant Antivirus Scan on Selected Items for more help with this. 5.2.View Antivirus Events The 'View Antivirus Events' module contains extensive logs of all actions taken by the virus scanner. The basic event viewer shows: The date and time a particular virus was detected Location of the threat The action taken against it. To view Antivirus Events Click the '<number> in front of 'Threat(s) detected so far' on the 'Summary' screen. This will open the event viewer: 86

87 See View Antivirus Events for more help with event logs. 5.3.Configure Database Updates It is essential that you use the latest virus database to ensure you are protected against the newest threats. The default policy of CCS for Linux: i. Periodically check for and download database updates ii. Automatically check and update the virus database before starting any scan. Please see the following links if you would like to manage updates: Manually update the virus database Configure automatic database updates To manually update the virus database Open Comodo Client Security Click Antivirus' > 'Update Virus Database' CCS will contact Comodo servers and download any available updates. Please ensure you are connected to the internet. 87

88 To configure automatic database updates Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' Select 'Real Time Scanning' Enable or disable the 'Automatically update virus database' check-box: 88

89 You can enable or disable pre-scan updates for each type of antivirus scan (real-time virus monitor, manual scans and scheduled scans). See 'Scanner Settings' if you need more help with this. 5.4.Quickly Set up Security Levels Right-click on the system tray icon to quickly view or change the current security level: Move your mouse cursor over the 'Antivirus Security Level' 89

90 On Access - Files will be scanned as soon as you open them. 'On access' is another name for the 'Real-Time Scanning' feature that is mentioned elsewhere in the interface. We highly recommend you leave this enabled. Disabled - Not recommended. Files are not scanned when they are opened, strongly raising the possibility that your system could get infected. The currently active configuration will be shown with a mark next to it. See Real Time Scan for more details. You can also access these settings through the the summary screen. 5.5.Change CCS Language Settings Open Comodo Client Security Click 'More' > 'Preferences' Click the 'Language' tab Choose the language you wish to use from the drop-down menu. Click 'OK' then restart the application to apply changes: 90

91 5.6.Run an Instant Antivirus Scan on Selected Items You can instantly run a virus scan on file, folder, app or hard-drive by dragging them into the scan box in the 'Summary' area. To scan selected item(s): Open Comodo Client Security Drag items into the scan box on the summary screen. You can drag virtually any type of item - files, folders, photos, applications or drives. CCS will first check for AV database updates. If updates are available they will be downloaded and installed: Scanning will commence immediately after the updates are installed. 91

92 The results will be shown at the end of the scan. The results show any threats found along with their location and severity level. See Run a Scan for help on how to react if infected item(s) are found. 5.7.Create a Scheduled Scan A scheduled scan is one that automatically runs at a set time on the items specified in the scan profile. You can configure scans to run daily, weekly or at any interval of your choice. To create an antivirus scan schedule Open Comodo Client Security Click 'Antivirus' > 'Scheduled Scans' Click 'Add' to create your schedule: 92

93 Type a name for your new schedule. For example, 'Daily Scan', or 'Weekly Scan of External Drives', etc. Select the profile you want to use for the scheduled scan. The scan profile determines which items of your computer are scanned. See Scan Profiles for help with this. Select the day(s) and time that you want the scan to run. Click 'Apply'. The scan will run in future on the day and time you selected. Scheduled scans will continue ad-infinitum until such time as you remove them. The 'Scheduled Scans' interface lists all current scan schedules: 93

94 To modify or remove it at any time, click the 'Edit' or 'Remove' button Repeat the process to add more scan schedules For more details, see Scheduled Scans. 5.8.Restore Incorrectly Quarantined Item(s) You can restore items that you believe have been incorrectly quarantined to their original location: Open Comodo Client Security Click 'Antivirus' > 'Quarantined Items' Select the items you wish to restore. Hold down the COMMAND key to select multiple items. 94

95 Click 'Restore' All selected files will be restored to their original locations immediately. See Quarantined Items for more details. 5.9.Switch off Automatic Antivirus Updates By default, Comodo Client - Security automatically checks for virus database updates. However, some users like to have control over what gets downloaded and when it gets downloaded. For example, network administrators may not wish to automatically download because it will take up to much bandwidth during the day. Similarly, users that have particularly heavy traffic loads may not want automatic updates because they conflict with their other download/upload activity. To switch off automatic antivirus database updates Automatic virus updates can be completely switched off, or can be switched off for individual scans. Click the link appropriate to your requirements: Switch off automatic virus updates Switch off updates prior to a Manual Scan Switch off updates prior to a Scheduled scan To switch off automatic virus database updates Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' 95

96 Click the 'Real Time Scanning' tab Deselect 'Automatically update virus database': Click 'OK'. To switch off virus database updates prior to a Manual Scan Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' Click the 'Manual Scanning' tab Deselect 'Automatically update the virus database before scanning': 96

97 Click 'OK'. To switch off virus database updates prior to a Scheduled Scan Open Comodo Client Security Click 'Antivirus' > 'Scanner Settings' Click 'the Scheduled Scanning' tab Deselect 'Automatically update the virus database before scanning': 97

98 Click 'OK'. CCS will no longer automatically check for download database updates prior to running a scan. 98