App Review COMODO Internet Security 2024 BETA

The associated review may contain personalised views and opinions.
Content created by
Shadowra

Jonny Quest

Level 10
Mar 2, 2023
490
F

ForgottenSeer 97327

Dear MT-members

I think we all agree on the fact that Comodo hast a great Firewall with containment technology, but the antivirus is buggy and its HIPS forgets rules. As a non-Comodo user I am interested in its Firewall plus containment technology. It is possible to install the FW separately, so when you don't like the AV-module, don't select it. The added value over a HIPS is questionable when you also apply containment through sandboxing. It is possible to disable the HIPS, so forget that module also.

Because Comodo has a fanatic army of promotors and an equally outspoken army of disappointed users and critics, let's leave that behind and focus the discussion on Comodo's stronghold: the Firewall module and its sandbox containment. We all know the AV is as fragile as a man of glass and the HIPS suffers from dementia, but their FW+sandbox is a great kick-ass component (which is soon officially compatible with mainstream tech). I hope @Shadowra can repeat his test when the final comes out with ONLY the FW + Sandbox installed (e.g.using Microsoft Defender on default as accompanying AV).

Don't want to offend engaged members on either side of the table. Please focus on the FW+sandbox of Comodo. Thanks.
 

simmerskool

Level 28
Verified
Top Poster
Well-known
Apr 16, 2017
1,751
Dear MT-members

I think we all agree on the fact that Comodo hast a great Firewall with containment technology, but the antivirus is buggy and its HIPS forgets rules. As a non-Comodo user I am interested in its Firewall plus containment technology. It is possible to install the FW separately, so when you don't like the AV-module, don't select it. The added value over a HIPS is questionable when you also apply containment through sandboxing. It is possible to disable the HIPS, so forget that module also.

Because Comodo has a fanatic army of promotors and an equally outspoken army of disappointed users and critics, let's leave that behind and focus the discussion on Comodo's stronghold: the Firewall module and its sandbox containment. We all know the AV is as fragile as a man of glass and the HIPS suffers from dementia, but their FW+sandbox is a great kick-ass component (which is soon officially compatible with mainstream tech). I hope @Shadowra can repeat his test when the final comes out with ONLY the FW + Sandbox installed (e.g.using Microsoft Defender on default as accompanying AV).

Don't want to offend engaged members on either side of the table. Please focus on the FW+sandbox of Comodo. Thanks.
I mentioned this above... 2024 beta, 1 file download, CF is included, when you open install there is a selection for components, and only 2: antivirus &/or firewall (IIRC), BUT at first I selected just firewall and I got the installation error mentioned above, others had the same error message at comodo forum, but reasons unclear. I tried again and selected both, and CIS installed ok, but I don't know if my first failure was due to only selecting the CF component. :unsure: I uninstalled 2024 beta for now...
 

rhythm

Level 11
Apr 13, 2023
535
I mentioned this above... 2024 beta, 1 file download, CF is included, when you open install there is a selection for components, and only 2: antivirus &/or firewall (IIRC), BUT at first I selected just firewall and I got the installation error mentioned above, others had the same error message at comodo forum, but reasons unclear. I tried again and selected both, and CIS installed ok, but I don't know if my first failure was due to only selecting the CF component. :unsure: I uninstalled 2024 beta for now...
I'm running CF on my fully updated Windows 11 production system. Installing and uninstalling the two betas went smoothly. I test security software on an actual system (no VM) with no other real-time security or system hardening tools. The current beta is performing well on my system.
 

Pico

Level 3
Feb 6, 2023
141
If FW also would be able to filter VPN traffic as other FWs do......
If FW also would be able to filter running services and allow to create rules for services like with so many other FWs...
If FW also would be able to create rules by hostname using DNS lookup...
If FW also would be able to use a list of IP addresses to allow or block traffic...
If FW also would...

Then Comodo FW would be great.
 

simmerskool

Level 28
Verified
Top Poster
Well-known
Apr 16, 2017
1,751
If FW also would be able to filter VPN traffic as other FWs do......
If FW also would be able to filter running services and allow to create rules for services like with so many other FWs...
If FW also would be able to create rules by hostname using DNS lookup...
If FW also would be able to use a list of IP addresses to allow or block traffic...
If FW also would...

Then Comodo FW would be great.
honestly, I'm clueless about other FW, please name or link one or two with above features so I can look them up, maybe try on VM, thanks. Does one FW do all of the above? :unsure:
 

Decopi

Level 6
Verified
Oct 29, 2017
250
Simplewall and Fort FW can do most of the things but not sure about create FW rules by hostname using DNS lookup though.

With regards to the Firewall, please, if you allow me, also I would add Windows Firewall (WF) as an excellent firewall, even more compatible and robust than Comodo Firewall (CF). Windows OS doesn't need an external third-party Firewall.
The only issues with WF are its "not friendly" settings. Average-Joe can't customize WF. And advanced-users need to invest time to do that. Compared to WF, other external third-party firewall only add "friendly settings" (but they don't really add more protection).
Without Containment, CF itself as a module, doesn't add more protection than customized WF already does.
WF is a powerful tool, yeah, takes time to setup it, but here at MalwareTips and in the web is possible to find amazing WF tutorials.
In the last 30 years, the consumer market never massively adopted any third-party firewall, and there is a good reason for that.

That leaves Containment as the sole useful module in Comodo.
Therefore, if Comodo launches a simple software only for Containment, it would be great. Nothing else at Comodo is worth it.
Unfortunately, as many advanced users reported here at MalwareTips, also at Comodo Forum, and as @Shadowra mentioned (attached below)... in the near past Comodo Containment was buggy.
I tested new beta, and Containment remains the same, with some unfixed bugs.
I'm in contact with several comodo-advanced-users, and they also confirm some Containment bugs.

After new Beta, as usual, the Comodo Forum is starting to accumulate a long list of different kind of bugs. It's premature to make conclusions, but at first sight, it seems new Comodo Beta is old Comodo just with new GUI, no new features, no new core improvements, few fixed bugs, but still containing lot of the same unfixed old bugs.

... as previously, Ransomware could encrypt data despite the Sandbox...
 
Last edited:

simmerskool

Level 28
Verified
Top Poster
Well-known
Apr 16, 2017
1,751
With regards to the Firewall, please, if you allow me, also I would add Windows Firewall (WF) as an excellent firewall, even more compatible and robust than Comodo Firewall (CF). Windows OS doesn't need an external third-party Firewall.
...
Without Containment, CF itself as a module, doesn't add more protection than customized WF already does.
...
That leaves Containment as the sole useful module in Comodo.
Therefore, if Comodo launches a simple software only for Containment, it would be great. Nothing else at Comodo is worth it.
Unfortunately, ...
I agree with you! :D
For sure I am not an "expert" with CF. I see cruelsister has posted a review video, but I have not watched it yet. Always "concerned" when you say Containment is buggy, but you mention it in only a generalized non-specific way here. :( Perhaps it's too soon to discuss real security bugs in CF_2024 beta? :unsure: Ever since ESET Premium borked my win firewall, I've only been running WF (other than a short test of CIS_2024 beta now uninstalled)
 

ErzCrz

Level 17
Verified
Top Poster
Well-known
Aug 19, 2019
834
WF lacks the control that CF has. WF lets anything outbound, I think I only ever had 1 or two alerts with it and the program could still connect out in the interim. Also, quite a pain to find the logs in WF. If you enable IPv6 that adds additional protection though some ICMP whitelisting needed.
 
Last edited:

Decopi

Level 6
Verified
Oct 29, 2017
250
Perhaps it's too soon to discuss real security bugs in CF_2024 beta?

Yeah, IMHO, new Beta seems to be old standard version, but with new GUI and lot of bugs (more than expected for a Beta).

Days ago I installed Beta to take a look at it, I tested exactly those bugs I reported in the past (including Containment issues), and lot of old and present issues weren't fixed.
Some Comodo' Forum friends of mine, very well known old veteran Comodo advanced users, also found issues.
And at Comodo Forum the list of bugs is growing and growing... another Comodo day.
So almost instantaneously I lost interest at Beta, it seems too raw for my taste (or more of the same old stuff), so I decided to wait "standard version" to make my tests and conclusions.

Please, don't worry about Containment.
Comodo Containment is good and useful!
Just don't buy Containment myths! Containment is not unbeatable, and yes, in the past had issues, today it still has issues, and surely it'll have issues in the future.
It doesn't exist the perfect security software!

The truth is not in my words, but the truth also is not at Comodo fan voices.
The truth is in the market, and the market never massively adopted any Comodo product. Comodo brand, even free for decades, is known only by a very small niche of users. And this is not a consumer fault.
 

Chuck57

Level 9
Well-known
Oct 22, 2018
434
Comodo may have tweaked a few things, but overall I think this is the old Comodo firewall with a new face and maybe a tweak here and there. Someone mentioned that much of the code is the old code. They do seem to be, or at least are saying they're fixing bugs. That remains to be seen. It isn't a bad thing. The containment, properly set up, is very good. Or, keep the old that works and improve those things that need improving.

I don't have a machine that I can play with the FW, so take this for what it's worth - which isn't much.
 

simmerskool

Level 28
Verified
Top Poster
Well-known
Apr 16, 2017
1,751
reinstalled CF 2024 beta on a newly cloned win10_VM, no issues, running ok with MS Defender. cruelsister's video was helpful with settings in new GUI, although as I was following along it felt familiar, but I had missed a few tweaks on my first install a day or 2 ago. :whistle::rolleyes:
 

rhythm

Level 11
Apr 13, 2023
535
Another question I would like to ask. Contained application will run virtually for a limited duration or permanently? Is there an algorithm in place to determine the safety of a contained application, and if deemed safe, release it from the sandbox?

Thanks. :)
Comodo can upload unknown apps or metadata if you have enabled the cloud options in your settings. Then, it will either move the apps to trusted status or quarantine them based on the verdict or manual analysis. However, I am unsure of the speed at which Comodo returns the verdict, so I usually move the apps manually.
 

Anthony Qian

Level 9
Verified
Well-known
Apr 17, 2021
440
Comodo can upload unknown apps or metadata if you have enabled the cloud options in your settings. Then, it will either move the apps to trusted status or quarantine them based on the verdict or manual analysis. However, I am unsure of the speed at which Comodo returns the verdict, so I usually move the apps manually.
Thanks for your answer!

With a larger user base and more reputation information, it's less likely for safe apps to be mistakenly sandboxed. Sandboxing every non-whitelisted app seems like an aggressive measure against malware. Like other sandboxes, I'm 99.99% confident that malware in the Comodo sandbox won't affect the actual PC. However, I do wonder if this approach could impact our regular workflows and affect our work efficiency, given we use safe apps more than malware.
 

rhythm

Level 11
Apr 13, 2023
535
Thanks for your answer!

With a larger user base and more reputation information, it's less likely for safe apps to be mistakenly sandboxed. Sandboxing every non-whitelisted app seems like an aggressive measure against malware. Like other sandboxes, I'm 99.99% confident that malware in the Comodo sandbox won't affect the actual PC. However, I do wonder if this approach could impact our regular workflows and affect our work efficiency, given we use safe apps more than malware.
Default-deny setups affect usability to different extents depending on the user, software, and efficiency of the setup. Fortunately, Comodo has made significant improvements to usability. For instance, I use several independent and unsigned programs, and most of them are on the Comodo Cloud Whitelist.

I prefer using CFW because it offers excellent protection and meets my needs in one package. It doesn’t slow down my system. I find Cloud AV to be sufficient. (I’m not interested in daily signature updates or background scanning.) Firewall is easy to use for blocking app connections. Containment is useful for quickly checking new or unknown software. (I hit block on the firewall alert if I’m unsure of an app.) Virtual Desktop provides extra security for accessing banking or shopping websites. There are tools like KillSwitch and AutoRun for instant checks for suspicious or malicious activity. And I know CFW well enough to use it effectively.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top