In Endpoint Manager, an option "File Rating" is available. It is a Comodo Cloud Security (CCS) file rating system that defines various options related to file rating.
Whenever a file is handled by a computer for the first time, CCS will check the file based on the rules of Comodo's master whitelists and blacklists and will provide "Trusted" status if:
- The application is from a vendor which is included in the Trusted Software Vendors list.
- The application is available in the extensive and constantly updated safe list of Comodo.
- The status of the application or file is "Trusted" in the local file list.
- In Endpoint Manager, Go to "Configuration Templates" → "Profiles".
- Please select profile associated with device or group.
For example, a profile "Setting File Rating" is selected.
Step : In "Add Profile section", select "File Rating" from the drop-down menu.
Step : The file rating screen has two tabs:
- File Rating - This is to enable the file rating and configure its overall behavior.
- Local Verdict Server Settings - This is to choose whether the clients should obey administrator defined file rating or not as can be configured via Endpoint Manager portal. Administrator can override Comodo file rating and it will be given highest priority.
Step : Click "File Rating" tab.
There are various options present in this "File Rating" tab.
- Enable Cloud Lookup (recommended) - It is to enable or disable the cloud-based file rating.
- Enable upload metadata of unknown files to the cloud - When enabled, this will upload anonymized information about unknown files to Comodo servers.
This also helps in effective analysis of blacklist/whitelist files.
- Show cloud alert - - If enabled, will show an alert on the device when any malware is found during file rating scan.
If disabled, CCS will automatically quarantine or delete the file based on scan settings defined for that client
- Detect potentially unwanted applications - When enabled, CCS can detect this category of malware, which may not be harmful as such but may be potentially unwanted. Such applications are typically installed with user consent but mislead with actual objectives and participate in data collection or adware kind of behavior.
- Auto purge is enabled - CCS checks and removes the entries of files which are no longer present in the disk. Specify the interval when the check should take place. For example, the time interval is set as 4 hours. This option ensures that temporary files do not take space in listing.
- Custom FLS access ports - CCS uses port 4446 for TCP and port 4447 for UDP while connecting to cloud services. In case outgoing connections on above ports are blocked in your network, you can enable this and use 53 for UDP and 80 for TCP. It is suggested to not change these.
- Enable report for non-executable files - CCS sends reports to ITSM for non-executable files, If the option is enabled.
- Show non-executable files - Endpoint Manager shows non-executable files from the endpoints once the option is enabled.
Step : "Local Verdict Server Settings" This is a database that has admin defined file ratings. Admin can define file rating in Endpoint Manager portal and these ratings are made available to CCS. It is strongly suggested to keep this enabled.
- Enabled- CCS will obey the local trust verdict on a file, in case of any conflict with cloud verdict.
- Disabled - CCS will use only cloud verdicts to define a file's trust level.
Timeout for unknown files - If client sees a file as Unknown and time defined in this settings has expired, client will re-check latest Admin rating of that unknown file.
Timeout for known files(Trusted, Malware and Unrecognized) - In case admin defines rating of file malware, safe or unrecognized, this value defines as for how long it should be treated valid. In case this time is expired and a file is executed, the latest admin file rating is checked by looking up local verdict server.
Note: The changes made in the profile will reflect in the device after 5 minutes.