Rodney- A very timely question as I'm going to wrap things up this weekend with a CF vs ransomware video.
First, let me answer your question- CIS and CF are essentially identical products except CIS has a Local AV module- that is, you can actually run an AV scan on your system. But understand both products have cloud AV functionality. The reason that I do not suggest using CIS is that (and I'll have to call a Spade a Spade) the Comodo AV is not mediocre, it is totally Horrid. So why burden yourself with something that sucks?
Understand that a bad AV tacked on to a product does not diminish the strength of the overall protection. For example, if AppGuard decided to add ClamAV to the product, would Umbra stop using it? No, he would just call them idiots and shut off that module (sorry, Umbra, for assuming your actions!). I feel the same way about Comodo- although I probably hold the Comodo AV in more contempt than anyone else on MT, I personally would use no other product than CF. So Fxxx the AV and let's instead look at the other protective components involved:
CF is a wonderfully complex product. One can increase the protective baseline by changing configurations, you have a Sandbox ("Containment"), a Firewall, and a HIPS module. The complex part about Comodo, and something that may be not initially understandable, is that by bleeding in resources to one component will decrease the need for others. Case in point is that I suggest that the HIPS module be disabled in my setup- this is not because I feel the HIPS sucks (far from it, it is excellent!). It's just that as we will increase the Sandbox level to either Restricted or Untrusted, the need for the HIPS being active diminishes to nothing. So at the default Comodo settings (Firewall Security, Sandbox at Partially Limited) the HIPS module is needed; but at the Proactive configuration with the Sandbox at Restricted (or Untrusted) the HIPS will just generate popups without any increase in system protection.
Now to the Firewall- it's an Urban Legend that the Comodo Firewall module itself is excellent. It's not- it is totally oblivious to malware hollowed processes connecting out. But as the Firewall is being used in conjunction with the HIPS and Sandbox at default, or with the Sandbox itself at my settings this deficiency is negated (although my one Firewall setting change is also needed).
Finally, does one need an AV to supplement CF? No, not really, but as it can be of use if you are trying to install a legitimate unsigned application (like VT Uploader or SeaMonkey Browser). Comodo will isolate unsigned applications (which is a GOOD thing), so an excellent freeware AV like Avast (yes, I'm liking this one recently) or Qihoo really will give a fine second opinion.
At this point I would normally write "I hope this helped", but I'm sure I totally confused you, and I apologize for that!
M
