umbrapolaris said:
The HIPS of Comodo and BB of Avast doesn't overlap since they are 2 IPS that works differently, they may detect the same malware but the way they treat it is different.
When i used this combo, i kept the SB of CIS and discarded the one of Avast, at that time it was more convenient.
im quite surprise that Comodo AV surpassed Norton AV, in all detection tests i did, not saying that NAV is very slow compared to CAV or EAM...
I set NAV's heuristic on aggressive everywhere, allowed the cloud, etc...
I really think now that Norton focuses on prevention by putting all the power on Sonar.
What Umbra trying to say.
A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.
Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry – the entire application is either good (allowed) or it is not.
Fortunately, many of these types of products combine both.
To sum it up:
If you are comfortable interpreting HIPS pop-ups (advanced): Disable sandbox in COMODO use avast's sandbox. Instead of auto-sandboxing the file, COMODO will show HIPS pop-ups. You are responsible for how you interpret and answer them.
If you don't like many HIPS pop-ups (recommended to most users): Disable sandbox in avast, set COMODO's sandbox to Restricted.
If you think the sandbox prevents a good application from running properly make sure the executable is not malicious by uploading it to Virus Total. Only if you are absolutely sure the application is not malware, run it again and click "Do not sandbox again".
Thanks
