Auto-containment - Baselining

Is anyone using the baselining feature under auto containment?

everyone should!

Oh wow thanks for the response. Do you have updated best practices that includes baselining and some information that explains exactly what baselining does?

baselining is done at deployment to make sure to turn all unknown files into known files…once you have done it then you have a “known state” eg: every executable file is a “known good state”. Then turn containment on, voila! Any new unknown executable is run inside containment until it gets a verdict, therefore keeping your machines infection free!

Thanks guys!

Never just deploy CCS with Containment on, not unless you want a constant set of incoming calls from your clients.
As @melih says this is to get started then swap to containment on for protection. If you do not want to use baseline their is a tool called Unknown File Hunter you can run to find and report these files which is what baseline basically does.

Thanks, @StrobeTech I’ve learned this now. :slight_smile: Do you have a suggestion on how long it should run for? 24hours?

Hi @libretech

if you are talking about the Unknown File Hunter, this should run until completed.

In regards to the Baseline, this really depends on the number of computers you are protecting, how often they are used etc.
I would recommend you try and get a business week (5 days) under your belt for a device as this gives the machine time to find the items, report them to Comodo and Comodo scan and rate them.

Once all is rated by Comodo (or manually by you) the devices will then act as required meaning good software should be safe to use without it being contained.

I hope this makes sense?

Thanks for the information.