Analysis of system protection against active online malware – July 2025
- Thread starter Adrian Ścibor
- Start date
- Status
Hello @Andy Ful we work for Xcitium now the name is rebranded from Comodo to Xcitium
Best Regards
Nikola
We are Malware Analysts only if someone needs support team from Xcitium the email is support@xcitium.comWelcome Xcitium team, here on MT.
Best Regards
Nikola
I was all excited to finally see an actual MD5 for a Comodo bypass! Sadly even after manipulating the sample it still is unable to create a Server to connect out, and pretty much (totally, actually) dies in containment (and not that it matters, but virusscope detects it).
I tried, but maybe next time...
I tried, but maybe next time...
Melih and official Comodo staff don't reply to or confirm the mod comments; I agree you cannot take them as an official statement.
I believe you can break any protection measures. Yes, you can bypass Comodo using vulnerabilities, protection design, etc.
Higher restriction levels mean more limits. They improve security but affect containment usability. The theory that "default security" is weak is misleading. There have been no confirmed Comodo bypasses. At least, I am not aware of any. The recent PoC bypassed default and custom setups. Did the tester disable UAC and test Comodo with restriction levels? Did the PoC bypass defaults but not the higher restriction level?
I agree with you about Comodo AV and whitelisted malware. Comodo will not integrate Valkyrie in CIS, as Comodo Cloud provides Valkyrie detection as per Melih.
I don't agree with the statement, "Comodo pushes everything to the sandbox." In a malware-only test, what do you expect from a security layer that protects against malware and unknown files?
You contradict yourself when you recommend, say, a smart-deny program like CyberLock when it blocks everything in your test, but you give the opposite reaction for Comodo when it performs similarly to CyberLock or contains everything, especially when there is no usability test. Comodo's usability is far better than CyberLock's.
I guess @Nikola Milanovic didn't mean he is official Xcitium staff. Did you @Nikola Milanovic?Welcome Xcitium team, here on MT.
@rashmi,
This thread is not appropriate for such discussion. Maybe we should move our posts to another thread?
This thread is not appropriate for such discussion. Maybe we should move our posts to another thread?
Hello @rashmi we are employees of Xcitium we work for Xcitium so we are official Xcitium Employees
Best Regards
Nikola
Last edited:
yikes suddenly I am getting phone calls to my iphone from Xcitium (sales I presume) I know I did NOT give them my phone number when I signed up for Valkyrie online...
Its Nikola.yikes suddenly I am getting phone calls to my iphone from Xcitium (sales I presume) I know I did NOT give them my phone number when I signed up for Valkyrie online...
hacke your phone to prove their comptenceyikes suddenly I am getting phone calls to my iphone from Xcitium (sales I presume) I know I did NOT give them my phone number when I signed up for Valkyrie online...
subscribe to protect yourself
Hello @simmerskool did this number call you +1 (973) 859-4000 or this number +1 (888) 551-1531?yikes suddenly I am getting phone calls to my iphone from Xcitium (sales I presume) I know I did NOT give them my phone number when I signed up for Valkyrie online...
Please let us know
Best Regards
Nikola
well I thought I had deleted the call, but at 20:26 UTC my phone shows 973-265-9528 XCITIUM. -- I might have given Xcitium EDR my number 17 months ago, March 2024, when I considered installing Xcitium on a VM, but decided to wait and see... I assume this was a legit call unless someone is spoofing Xcitium -- unsolicited calls will not convince me...
Hello @simmerskool we are sorry for the inconvinience please drop email to support@xcitium.com and any releated screenshots please do drop team will be able to assist you with your query
Best Regards
Nikola
Question:
Is anyone here a member of the Comodo Forum? Recent Results » AVLab Cybersecurity Foundation
I'm trying to create an account on the Comodo forum to reply. I'm not receiving activation messages on various emails, password reset also does not work for me.
Anyway...
I wanted to explain to them that this is not a mistake, as some people believe of Comodo forum. This sample with a Fail result for Comodo/Xcitium in the test is not our mistake, but the developers / malware researcher in Valkyrie service. Some people still don't believe it and they write nonsense that it is our mistake in methodology or something.
The sample was reported to the vendor and this was changed in the Valkyrie cloud, but the result is the result during the test + we wrote an appropriate statement explaining why this result was obtained. This is not an error in Sandbox Comodo/Xcitium, but human error.
Unfortunately, I cannot explain this on the Comodo forum, which I would like to do, because our reputation suffers from users who write nonsense :/
Is anyone here a member of the Comodo Forum? Recent Results » AVLab Cybersecurity Foundation
I'm trying to create an account on the Comodo forum to reply. I'm not receiving activation messages on various emails, password reset also does not work for me.
Anyway...
I wanted to explain to them that this is not a mistake, as some people believe of Comodo forum. This sample with a Fail result for Comodo/Xcitium in the test is not our mistake, but the developers / malware researcher in Valkyrie service. Some people still don't believe it and they write nonsense that it is our mistake in methodology or something.
The sample was reported to the vendor and this was changed in the Valkyrie cloud, but the result is the result during the test + we wrote an appropriate statement explaining why this result was obtained. This is not an error in Sandbox Comodo/Xcitium, but human error.
Unfortunately, I cannot explain this on the Comodo forum, which I would like to do, because our reputation suffers from users who write nonsense :/
Hi Guys,
We are up to Seven pages of whether Comodo or some other Deity has achived Nirvana. I am getting excited. Can we make it to Eight pages?
We are up to Seven pages of whether Comodo or some other Deity has achived Nirvana. I am getting excited. Can we make it to Eight pages?
Adrian- First off, compliments for your site. The fact that you provide a detailed spreadsheet of the malware used with product results speak highly of its integrity.
The issue that I found was with the Comodo result. Although Xcitium relies on an extent on Valkyrie, Comodo does not; therefore, any error (whitelisting of the sample) in the Valkyrie Cloud would not apply to Comodo. The only possibility would be if this sample was added into the LOCAL File Rating database which could not have occurred as there has been no program updates for a while.
My posts are about Comodo (normally the Firewall only setup) without the AV module. Further, when running test malware in Comodo I always disable both the Cloud AV (VirusScope) and File rating components, thus relying only on the strength of the product which are the Sandbox and firewall modules.
Thus, when the sample is run it will go into the sandbox, and not being able to establish a connection to a Server will close. Further, even with Containment disabled the Firewall will block the malicious connection out to Moscow which also results in the malware closing.
In Summary, the statement on your website:
"The results of Comodo and Xcitium are also surprising, as both solutions failed to block a single (same) threat that had previously been classified by the developer as a False Negative: incorrectly marked as safe in the developer’s cloud, which may have affected the global response for workstations."
in actuality may ONLY apply to Xcitium and NOT Comodo, the latter not relying on the Valkyrie Cloud at all.
Regards,
Meghan
The issue that I found was with the Comodo result. Although Xcitium relies on an extent on Valkyrie, Comodo does not; therefore, any error (whitelisting of the sample) in the Valkyrie Cloud would not apply to Comodo. The only possibility would be if this sample was added into the LOCAL File Rating database which could not have occurred as there has been no program updates for a while.
My posts are about Comodo (normally the Firewall only setup) without the AV module. Further, when running test malware in Comodo I always disable both the Cloud AV (VirusScope) and File rating components, thus relying only on the strength of the product which are the Sandbox and firewall modules.
Thus, when the sample is run it will go into the sandbox, and not being able to establish a connection to a Server will close. Further, even with Containment disabled the Firewall will block the malicious connection out to Moscow which also results in the malware closing.
In Summary, the statement on your website:
"The results of Comodo and Xcitium are also surprising, as both solutions failed to block a single (same) threat that had previously been classified by the developer as a False Negative: incorrectly marked as safe in the developer’s cloud, which may have affected the global response for workstations."
in actuality may ONLY apply to Xcitium and NOT Comodo, the latter not relying on the Valkyrie Cloud at all.
Regards,
Meghan
- Status
You may also like...
-
Advanced In-The-Wild Malware Test in March 2026 including effectiveness analysis and telemetry- Started by Adrian Ścibor
- Replies: 22
-
Advanced In-The-Wild Malware Test - September 2025
- Started by Adrian Ścibor
- Replies: 204
-
Advanced In-The-Wild Malware Test results for March 2025
- Started by Adrian Ścibor
- Replies: 44
-
Product Of The Year 2025 – Summary of Advanced In-The-Wild Malware Test
- Started by Adrian Ścibor
- Replies: 16
-
Anti-Tampering Certification Test 2025- Started by Gandalf_The_Grey
- Replies: 1