App Review Comodo Internet Security 11 Review | Test vs Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Moonhorse

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,608
Nestor said:
This Valkyrie project is very ambitious and the same time very risky.
Click to expand...
Not really, advanced user will probably never be infected in real life
And if that happens once, valkyrie probably wont fp that and the backup saves ass anyways

If you take a look at CCAV its great av when comparing the performance and it comes as free product

The malware couldnt even prompt, and woul've been clean after antimalware reboot
 
  • Like
Reactions: oldschool, AtlBo and Nestor
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
Moonhorse said:
Not really, advanced user will probably never be infected in real life
And if that happens once, valkyrie probably wont fp that and the backup saves ass anyways

If you take a look at CCAV its great av when comparing the performance and it comes as free product

The malware couldnt even prompt, and woul've been clean after antimalware reboot
Click to expand...
The power of Comodo is not only the container but also the HIPS.In this case we don't know if it gave an alert,actually it was off but if it was on i believe it wil prompt an alert so an advanced user would understand that something was wrong.This also proves the wrong testing Leo used for this program.
 
  • Like
Reactions: stefanos, AtlBo and Moonhorse
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,150
Morphius said:
If you create an account at verdict.valkyrie.comodo.com you can download this file.
Click to expand...

M- I don't mean to burden you in any way, but I did sign up for an account at valkyrie and did not see any option to download the sample (I thought it may have been a browser issue, but tried it with all of them and still No Joy).

If you have the time and desire, can you upload the file to something like Google Drive and PM me the link? I hate making ignorant statements and would like to determine what occurred (although the shotgun method of the Python script used hardly represents real world usage).

Anyway, if you have the time it would be appreciated, if not you still have my respect!.

M
 
  • Like
  • HaHa
Reactions: kylprq, Tiny, simmerskool and 5 others
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
cruelsister said:
M- I don't mean to burden you in any way, but I did sign up for an account at valkyrie and did not see any option to download the sample (I thought it may have been a browser issue, but tried it with all of them and still No Joy).

If you have the time and desire, can you upload the file to something like Google Drive and PM me the link? I hate making ignorant statements and would like to determine what occurred (although the shotgun method of the Python script used hardly represents real world usage).

Anyway, if you have the time it would be appreciated, if not you still have my respect!.

M
Click to expand...
Check your inbox
 
  • Like
Reactions: simmerskool, harlan4096, ZeroDay and 2 others
D

Deleted member 178

My post is based on assuming the file was trusted.

Protocol 7 said:
a lesson Comodo needs to learn with their trusted list.
Click to expand...
It happened already, they don't retain the lesson, Comodo is a lost cause; like some major bugs not fixed after 10 years, denying of bug reports, etc...LOL.

Nestor said:
The power of Comodo is not only the container but also the HIPS.In this case we don't know if it gave an alert,actually it was off but if it was on i believe it wil prompt an alert so an advanced user would understand that something was wrong.This also proves the wrong testing Leo used for this program.
Click to expand...
The testing was not wrong. The HIPS is disabled by default but not OFF
Comodo Internet Security's Auto-Sandbox (Containment) & HIPS interaction explanation

but even HIPS is ON, it won't do at damn thing because the file was trusted, the only right setting to catch the file is to set the HIPS on Paranoid, as i always promoted.

Comodo's Myths & Facts


Comodo without HIPS on Paranoid = put your pant down and bend over.

so before bashing a tester, learn the damn software.


itwt
 
Last edited by a moderator:
  • Like
Reactions: Behold Eck, ravi prakash saini, Andytay70 and 2 others
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
Umbra said:
My post is assuming the file was trusted.


It happened already, they don't retain the lesson, Comodo is a lost cause; like some major bugs not fixed after 10 years, denying of bug reports, etc...LOL.


The testing was not wrong. The HIPS is disabled by default but not OFF
Comodo Internet Security's Auto-Sandbox (Containment) & HIPS interaction explanation

but even HIPS is ON, it won't do at damn thing because the file was trusted, the only right setting is to set the HIPS on Paranoid, as i always promoted.

Comodo without HIPS on Paranoid = put your pant down and bend over.

so before bashing a tester, learn the damn software.


itwt
Click to expand...
Even when HIPS is on safe mode, in some trusted files they "false" give an alert considering malicious actions,(ccleaner).It could be the same in that case and this maybe will make someone suspicious.
 
  • Like
Reactions: stefanos and AtlBo
D

Deleted member 178

Check here: Comodo's Myths & Facts

  • Safe Mode = "HIPS Alert Mode" for any Unrecognized files + Auto-Sandboxing of Unrecognized files
last time i used Comodo, Safe mode only alert on "unrecognized" file, safe mode assume (obviously) that a trusted file is clean and will ignore it.
i dont believe the principle changed since.
 
  • Like
Reactions: harlan4096
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
Umbra said:
Check here: Comodo's Myths & Facts

  • Safe Mode = "HIPS Alert Mode" for any Unrecognized files + Auto-Sandboxing of Unrecognized files
last time i used Comodo, Safe mode only alert on "unrecognized" file, safe mode assume (obviously) that a trusted file is clean and will ignore it.
i dont believe the principle changed since.
Click to expand...
I am using now CIS v10 Proactive,HIPS on (safe mode) and when i run ccleaner i am getting an alert "a program trying to make changes to your browser"and it's trusted.
 
Last edited:
  • Like
Reactions: floalma, simmerskool and AtlBo
Moonhorse

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,608
Nestor said:
I am using now CIS v10 Proactive,HIPS on (safe mode) and when i run ccleaner i am getting an alert "a program trying to make changes to your browser".
Click to expand...
The newest cis build wont even do that ( 11) also for me safe mode hips is killing forticlient completely so i have to run hips off on cf . Anyways im using cs settings on fw for now

The 11 is buggy as people talks, but still usable for some people
 
  • Like
Reactions: Behold Eck, simmerskool, stefanos and 2 others
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
Moonhorse said:
The newest cis build wont even do that ( 11) also for me safe mode hips is killing forticlient completely so i have to run hips off on cf . Anyways im using cs settings on fw for now

The 11 is buggy as people talks, but still usable for some people
Click to expand...
I hope they will fix v.11,it's already 2 months + in BETA.
 
  • Like
Reactions: stefanos, Moonhorse and AtlBo
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I've downloaded the file, and by my preliminary estimation, the file is indeed malware wrongly marked as Trusted by Comodo.
It doesn't do anything obviously malicious for today's standards (encrypting documents)"except" for calling home, adding some reg keys.

Enough for me to mark it as malicious.
 
  • Like
Reactions: Tiny, Andytay70, Thirio and 10 others
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Umbra said:
yeah, so it is not the first time, we had already a long thread in the past for the same reason...how can you trust a vendor that keep whitelisting malware LOL
Click to expand...
Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted bucket.
export-01.jpgexport-02.jpgexport-03.jpgexport-04.jpgexport-05.jpgexport-06.jpgexport-07.jpgexport-08.jpgexport-09.jpgexport-10.jpgexport-11.jpgexport-12.jpgexport-13.jpgexport-14.jpgexport-15.jpgexport-16.jpgexport-17.jpgexport-18.jpgexport-19.jpgexport-20.jpg
 
  • Like
Reactions: Behold Eck, Andytay70, Thirio and 8 others
D

Deleted member 178

BoraMurdar said:
Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted basket.
Click to expand...
Shameful, people must be blind to keep trusting it (sorry for the pun) after all the issue/bugs discovered.
I was a big fan of Comodo from v3 to v8, then i say bye bye...

itwt
 
  • Like
Reactions: stefanos
M

Morphius

Level 1
Sep 13, 2011
47
BoraMurdar said:
Even their expert reviewed the file and marked it as malicious, but in the end, they put it in the Trusted bucket.
View attachment 196644View attachment 196645View attachment 196646View attachment 196647View attachment 196648View attachment 196649View attachment 196650View attachment 196651View attachment 196652View attachment 196653View attachment 196654View attachment 196655View attachment 196656View attachment 196657View attachment 196658View attachment 196659View attachment 196660View attachment 196661View attachment 196662View attachment 196663
Click to expand...
This is an automated analysis and this file was trusted before it. Its “trusted” verdict is not based on it. It has to be removed.

The alert from Ccleaner about browser modification is independent from HIPS. It comes from browser protection module. This module protects browsers from both trusted and unknown files modification.
 
  • Like
Reactions: Behold Eck, simmerskool, oldschool and 4 others
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Morphius said:
This is an automated analysis and this file was trusted before it. Its “trusted” verdict is not based on it. It has to be removed.
Click to expand...
The file is still Trusted, I tested it 40min ago against Comodo Cloud AV. And where is the logic in that? Isn't the purpose of the "cloud" being always up to date? The file dates from 2014, reviewed 3 times by Valkyrie and 1 time by a human, relation 2:2 Malware:NotMalware
 
  • Like
Reactions: Behold Eck, Sunshine-boy, Thirio and 9 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Use Comodo together with an AV. It is very unlikely for both softwares to make the same mistake, and whitelist the same malware sample.
Because for Comodo to mistakenly whitelist malware, it needs to be reviewed by a human. By the time that happens, most AVs will already know about the file, and blacklist it.
This way, Comodo will block the zero-days, and your AV will block the Comodo mistakes. You are covered from all angles. :)
 
  • Like
Reactions: Behold Eck, Sunshine-boy, Tiny and 9 others

Similar threads

NB InfoTech
    • Like
App Review Huorong Internet Security Antivirus Review
Replies
5
Views
793
Video Reviews - Security and Privacy
Dave Russo
Dave Russo
NB InfoTech
    • Like
App Review Bitdefender vs Ransomware | Bitdefender Total Security Antivirus Review | 2023 [TESTED]
Replies
0
Views
583
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
NB InfoTech
    • Like
App Review Kaspersky Standard Antivirus Review | Kaspersky Standard Antivirus vs 100 + 10 Malware Sample | 2023
Replies
0
Views
829
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top