Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

Decopi

Level 8
Verified
Oct 29, 2017
361
Hi @vitao ! Please allow me a reflection:

In your excellent video (thanks for your effort), you presented Melih's (pathetic) argument, justifying Comodo's mediocrity, by exploiting a false sophism: DETECTION VS PROTECTION. And you (totally correct), in your video confirmed that DETECTION is protection! (congratulations @vitao!). Many other arguments in your video also confirm this reality (including the fact that Comodo's databases are more than 20 years old, with no updates nor upgrades, so there is no DETECTION on Comodo's part).

Therefore, in this context, what the heck is “protection” for Melih?... it's BLOCKING. And why does Melih insist on BLOCKING? Because Comodo was frozen in time, it did not incorporate new technologies in virus/malware DETECTION, it did not update its databases, it did not make upgrades, and the cherry-on-the-top is that Comodo, officially and publicly, abandoned bug fixes (dangerous unfixed bugs that have been accumulating by the hundreds for years, there are 100 bugs recognized by Comodo, and 400 bugs reported by users in lists at the Comodo forum). In such a context of mediocrity, obsolescence and decrepitude, it is logical that Melih can only defend BLOCKING, because the only thing left for Comodo is the Containment feature (everything else is useless deprecated garbage).

And what is the problem with Blocking/Containment? First, since Comodo does not update its database, Containment is not only full of false positives (99% of users can NOT use Comodo Containment), but worse, Containment lets viruses/malware to be executed… and this is not new, this has been going on for years! But second, and more importantly, you only need to look at Windows Defender and the default Windows security settings to understand that BLOCKING is no longer a viable cybersecurity option. In today’s modern times of hyper-connectivity, BLOCKING can no longer be used because it destroys “USABILITY”.

And today, USABILITY is the Holy Grail, because it is required by modern software and hardware, allowing users to have full use and maximum abuse of resources. And that is why the leading cybersecurity companies rely on DETECTION! (to protect users)... these are (many of them free) software with intelligent functions that DETECT viruses/malware before, during or after execution.

And stating that "BLOCKING is the best way to protect a user" is the same as stating that “disconnecting a computer from the internet/electricity... is the safest and most efficient system to block 100% of threats”… ridiculous! DUMB BLOCKING is not protection, DUMB BLOCKING is obsolescence, decrepitude, mediocrity.

It's not me who says that... it's the market share that confirms my words! Comodo hasn't had a market share for decades, so DUMB BLOCKING is failure, mediocrity. And the security systems (many of them free) that have the largest market share are those based on intelligent DETECTION, not DUMB BLOCKING.

So, you are absolutely right when you reject Windows registry patches or hacks, just to hide Comodo's flaws! Even if those patches/hacking could one day be done directly through Comodo's settings, that would also be wrong, because I repeat, Comodo's hardening will never be in DETECTION, it will always be in DUMB BLOCKING... and that kills USABILITY.

Same logic with Windows Defender! There is no point in incorporating patches/hacking that increase DUMB BLOCKING. The right thing to do is always to work on hardening security systems that increase DETECTION.

In short, Comodo should not only never be used because it is abandon-ware, full of dangerous unfixed bugs, no updates or upgrades etc, and Comodo should also never be used because it has had (and still has) serious Firewall and Containment flaws for years, but the main reason why Comodo should never be used is because Comodo is based on DUMB BLOCKING... and regardless of whether that DUMB BLOCKING is as strong as Herakles, DUMB BLOCKING always kills USABILITY. Period!

Comodo fanatics are free to use sh@t. But that doesn't mean Comodo should be promoted to all users. You @vitao have a YouTube Channel, and I know you have the morality and responsibility to differentiate between your personal opinions, and those opinions that affect the majority of users... who should be alerted and informed about the dangers, lies and fake myths of Comodo.
 
Last edited:

vitao

Level 2
Thread author
Mar 12, 2024
64
Hi @vitao ! Please allow me a reflection:

In your excellent video (thanks for your effort), you presented Melih's (pathetic) argument, justifying Comodo's mediocrity, by exploiting a false sophism: DETECTION VS PROTECTION. And you (totally correct), in your video confirmed that DETECTION is protection! (congratulations @vitao!). Many other arguments in your video also confirm this reality (including the fact that Comodo's databases are more than 20 years old, with no updates nor upgrades, so there is no DETECTION on Comodo's part).

Therefore, in this context, what the heck is “protection” for Melih?... it's BLOCKING. And why does Melih insist on BLOCKING? Because Comodo was frozen in time, it did not incorporate new technologies in virus/malware DETECTION, it did not update its databases, it did not make upgrades, and the cherry-on-the-top is that Comodo, officially and publicly, abandoned bug fixes (dangerous unfixed bugs that have been accumulating by the hundreds for years, there are 100 bugs recognized by Comodo, and 400 bugs reported by users in lists at the Comodo forum). In such a context of mediocrity, obsolescence and decrepitude, it is logical that Melih can only defend BLOCKING, because the only thing left for Comodo is the Containment feature (everything else is useless deprecated garbage).

And what is the problem with Blocking/Containment? First, since Comodo does not update its database, Containment is not only full of false positives (99% of users can NOT use Comodo Containment), but worse, Containment lets viruses/malware to be executed… and this is not new, this has been going on for years! But second, and more importantly, you only need to look at Windows Defender and the default Windows security settings to understand that BLOCKING is no longer a viable cybersecurity option. In today’s modern times of hyper-connectivity, BLOCKING can no longer be used because it destroys “USABILITY”.

And today, USABILITY is the Holy Grail, because it is required by modern software and hardware, allowing users to have full use and maximum abuse of resources. And that is why the leading cybersecurity companies rely on DETECTION! (to protect users)... these are (many of them free) software with intelligent functions that DETECT viruses/malware before, during or after execution.

And stating that "BLOCKING is the best way to protect a user" is the same as stating that “disconnecting a computer from the internet/electricity... is the safest and most efficient system to block 100% of threats”… ridiculous! DUMB BLOCKING is not protection, DUMB BLOCKING is obsolescence, decrepitude, mediocrity.

It's not me who says that... it's the market share that confirms my words! Comodo hasn't had a market share for decades, so DUMB BLOCKING is failure, mediocrity. And the security systems (many of them free) that have the largest market share are those based on intelligent DETECTION, not DUMB BLOCKING.

So, you are absolutely right when you reject Windows registry patches or hacks, just to hide Comodo's flaws! Even if those patches/hacking could one day be done directly through Comodo's settings, that would also be wrong, because I repeat, Comodo's hardening will never be in DETECTION, it will always be in DUMB BLOCKING... and that kills USABILITY.

Same logic with Windows Defender! There is no point in incorporating patches/hacking that increase DUMB BLOCKING. The right thing to do is always to work on hardening security systems that increase DETECTION.

In short, Comodo should not only never be used because it is abandon-ware, full of dangerous unfixed bugs, no updates or upgrades etc, and Comodo should also never be used because it has had (and still has) serious Firewall and Containment flaws for years, but the main reason why Comodo should never be used is because Comodo is based on DUMB BLOCKING... and regardless of whether that DUMB BLOCKING is as strong as Herakles, DUMB BLOCKING always kills USABILITY. Period!

Comodo fanatics are free to use sh@t. But that doesn't mean Comodo should be promoted to all users. You @vitao have a YouTube Channel, and I know you have the morality and responsibility to differentiate between your personal opinions, and those opinions that affect the majority of users... who should be alerted and informed about the dangers, lies and fake myths of Comodo.
well i understand your points and agree with all but even so, i still insist in using cis for my main protection, atleast considering prevention. as im aware of the bugs, the flaws and the weakness in detection, im also aware of how to prevent problems for myself. in this context, cis containment continues to be the best solution, but this is for me, in my case only. thats why i tend to not recomend cis for everybody and thats why (maybe) many are so against it. but anyway, right?

what i think that could be the best scenario is comodo releasing a new product called "comodo auto containment" with only the containment technology, the file rating, etc. without firewall, antivirus... forget the internet security things. just release a tool for containment. my guess is that if they do it their market share could increase consistently. :)
 

Decopi

Level 8
Verified
Oct 29, 2017
361
and thats why (maybe) many are so against it.

... yeap, you're right! But "many are so against it"... also because:

1. Comodo, as a security company, is immoral and irresponsible, because for decades (and to this day) it has promoted its products as "The Most Complete, Best And Most Modern Cybersecurity Solution" (blah blah blah)... while the Comodo forum is a real Nazi Concentration Camp, where any disagreement, criticism or bug report is censored and penalized with the deletion or ban of the "infidels / not believers".

2. Comodo fanatics too, are immoral and irresponsible, because for years, they have repeatedly flooded and continue to flood MT with lies, manipulations, selectivity, false myths... always minimizing the dangerous problems of Comodo, or worse, omitting and hiding the dangers of using Comodo. Over the years, Comodo fanatics have become a religious sect or social-bubble, repeating endless clichés as mantras, to convince themselves that “Comodo is unbeatable / It is good for me so it is good for everybody” blah blah blah. Similar to Comodo Forum, here at MT they have created a binary world, where either you are "a Comodo believer" or "you are the enemy". Any disagreement or criticism is treated with intolerance and bullying... under the religious belief that such stupid behavior makes Comodo a better software. And the worst thing is that by preaching Comodo like a religion, with irrational and false dogmas and false sophisms, Comodo fanatics always try to induce users, who without enough knowledge and info, may end up being tempted to install Comodo garbage.
 

rashmi

Level 12
Jan 15, 2024
562
Ah, yes, the sweet, sweet guilt of being right and responsible! 😉 You are spot on "D" - Comodo, the reigning champion of cybersecurity! 😊
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
no. its just you trying to complete sentences for me. improve means improve. just that.
OK. So for the readers' information:
Windows Sandbox is an on-demand sandbox implemented in Windows 10/11 (except Windows Home editions). The user can run any application in that sandbox. Microsoft could easily add the auto-containment feature and then the sandbox would work like in Comodo. Instead, Microsoft chose the "Block at first sight" feature, which can use a sandbox in the cloud.

The sandbox for Microsoft Defender was created to decrease the attack surface of Microsoft Defender. This sandbox is much more restricted and not capable of running applications.

Both sandboxes can be improved. Anyway, Microsoft never announced plans to add auto-containment in Windows.
 
Last edited:
  • +Reputation
Reactions: simmerskool

vitao

Level 2
Thread author
Mar 12, 2024
64
OK. So for the readers' information:
Windows Sandbox is an on-demand sandbox implemented in Windows 10/11 (except Windows Home editions). The user can run any application in that sandbox. Microsoft could easily add the auto-containment feature and then the sandbox would work like in Comodo. Instead, Microsoft chose the "Block at first sight" feature, which can use a sandbox in the cloud.

The sandbox for Microsoft Defender was created to decrease the attack surface of Microsoft Defender. This sandbox is much more restricted and not capable of running applications.

Both sandboxes can be improved. Anyway, Microsoft never announced plans to add auto-containment in Windows.
thanks for the tips for everybody.

its sad as windows defender has everything it is needed to be a strong av, but microsoft just dont push it... if they implement something like cis containment just would be sick :)
 

Windroter

New Member
Apr 12, 2024
5
hello friends
I am sorry that my language is NOT good
Let's accept that testing in real conditions is different from testing with the conditions that we know about the executable file
So, Sweety like Comodo is not useful at all and the reason is to maneuver on Sandbox and HIPS.
These two features are not useful at all because when we download a file and it does not have a digital signature, there is no reason for it to be malicious, and now these two features make the user confused and make mistakes.
Comodo is a fleeting pleasure and wants to hide all its problems behind sandbox and HIPS.
Comodo joined the memories in version 5. Unfortunately, Comodo's programming team hires a design and graphics team instead of security solutions and improving its software problems.
Years ago, in a Persian language forum, we fell in love with the two features of Sandbox and HIPS, and we used to test with Zero day malware and enjoy it, but with the passage of time, we realized that the world of real testing and real conditions does not pass with Allow and block files.
" Beware of fleeting emotions "
 

Windroter

New Member
Apr 12, 2024
5
From my memories with COMODO Firewall V5. Almost 13 years ago
Screenshot 2024-11-09 195810.png
 
Last edited:

bazang

Level 7
Jul 3, 2024
347
its sad as windows defender has everything it is needed to be a strong av, but microsoft just dont push it... if they implement something like cis containment just would be sick :)
Microsoft would rather fall onto the sword and kill itself than put enterprise-grade security requiring enterprise-grade user support into the hands of any non-enterprise or non-government hands.

Consumers (home users) are a conundrum and such a burden, that if it were possible, then Microsoft would rid its product pipeline of home users. Home users are not wanted, but Microsoft is addicted to the revenue stream from games, movies, etc via the Microsoft Store.
 
  • Like
Reactions: simmerskool

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
It is probably too late to change the title of this thread. :unsure:
In the video, Comodo correctly recognizes the benign/legal file as trusted but does not recognize ransomware as trusted (contrary to the title). Comodo will allow loading the ransomware DLL if it is not on the File Reputation List or has an Unrecognized reputation (after an on-demand scan). It blocks loading the DLL if it is recognized as malicious.
If the same ransomware DLL was executed via restricted LOLBin (like rundll32.exe), Comodo would properly confirm/check/apply the DLL's reputation and could contain it.

The correct title might look like:
Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

Post updated.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
I found a bug in CIS 2025. After unticking two settings in File Reputation, CIS blocked its GUI itself (cis.exe blocked). After the Windows restart I can see:

ciserror.png


Diagnostics did not fix the issue, so I ended up in CIS without GUI (cannot revert the settings).
Those settings were:
  • Trust applications trusted by trusted vendors
  • Trust files installed by trusted installers
Fortunately, most users will not do this. I tried to check if those settings are responsible for not containing DLL hijacking. ⛔ :)

Edit.
It seems that the issue is related to the setting "Trust applications trusted by trusted vendors". It also prevented CIS reinstallation. I did not manage to uninstall CIS via a dedicated CIS uninstaller or Revo Uninstaller. I restored the VirtualBox image and applied "Trust applications trusted by trusted vendors" again. The same issue. The only way to reinstall CIS was by using "Killing Comodo" (which runs TDSSKiller to kill Comodo) and next uninstalling Comodo via Revo Uninstaller (Advanced scan). After this, I managed to install CIS again.
 
Last edited:

Windroter

New Member
Apr 12, 2024
5
I found a bug in CIS 2025. After unticking two settings in File Reputation, CIS blocked its GUI itself (cis.exe blocked). After the Windows restart I can see:

View attachment 286205

Diagnostics did not fix the issue, so I ended up in CIS without GUI (cannot revert the settings).
Those settings were:
  • Trust applications trusted by trusted vendors
  • Trust files installed by trusted installers
Fortunately, most users will not do this. I tried to check if those settings are responsible for not containing DLL hijacking. ⛔ :)
Malwares feels comfortable and cozy against this suite and an infected system is more reliable than one with Comodo installed.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,550
@cruelsister,
Disabling a protection level then terming it a bug is actually sort of silly.
I agree, that that bug will not affect most users, because they will keep "Trust applications trusted by trusted vendors" ticked to avoid many false positives. Furthermore, for now, the bug happened only on my Virtual Machine.

Anyway, It is not about disabling the protection level. On the contrary, the protection level increases after unticking "Trust applications trusted by trusted vendors" because the applications are not automatically trusted via the trusted vendors list.
I hoped that such additional protection could help to contain DLL hijacking, but it did not. In its current form, that setting can work properly only on the default setting, so Comodo could simply remove it. If the bug will be confirmed, it should be corrected because Comodo is crippled after unticking "Trust applications trusted by trusted vendors". GUI does not work anymore, Comodo cannot be repaired, uninstalled, or reinstalled.
 
Last edited:

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,549
@cruelsister,

I agree, that that bug will not affect most users, because they will keep "Trust applications trusted by trusted vendors" ticked to avoid many false positives.
Anyway, It is not about disabling the protection level. On the contrary, the protection level increases after unticking "Trust applications trusted by trusted vendors" because the applications are not automatically trusted via the trusted vendors list.
I hoped that such additional protection could help to contain DLL hijacking, but it did not. In its current form, that setting can work properly only on the default setting, so Comodo could simply remove it.
You probably already deserve a long list of bounties from comodo XD
Anyway since I haven't found any free reputation based sandbox I still use it on some PCs
But if I were a paying enterprise customer well you better run away as there are endless better options
 

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
590
I downloaded the very latest Comodo 2025 a while back and it's at Cruel settings.

I know this is off topic but digging into advanced protection, I see something called Intel TDT. Should it be checked, since this laptop has Intel aboard?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top