Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

[Digmor Crusher]

Please stop.

 

[vitao]

Hi @vitao ! Please allow me a reflection:

In your excellent video (thanks for your effort), you presented Melih's (pathetic) argument, justifying Comodo's mediocrity, by exploiting a false sophism: DETECTION VS PROTECTION. And you (totally correct), in your video confirmed that DETECTION is protection! (congratulations @vitao!). Many other arguments in your video also confirm this reality (including the fact that Comodo's databases are more than 20 years old, with no updates nor upgrades, so there is no DETECTION on Comodo's part).

Therefore, in this context, what the heck is “protection” for Melih?... it's BLOCKING. And why does Melih insist on BLOCKING? Because Comodo was frozen in time, it did not incorporate new technologies in virus/malware DETECTION, it did not update its databases, it did not make upgrades, and the cherry-on-the-top is that Comodo, officially and publicly, abandoned bug fixes (dangerous unfixed bugs that have been accumulating by the hundreds for years, there are 100 bugs recognized by Comodo, and 400 bugs reported by users in lists at the Comodo forum). In such a context of mediocrity, obsolescence and decrepitude, it is logical that Melih can only defend BLOCKING, because the only thing left for Comodo is the Containment feature (everything else is useless deprecated garbage).

And what is the problem with Blocking/Containment? First, since Comodo does not update its database, Containment is not only full of false positives (99% of users can NOT use Comodo Containment), but worse, Containment lets viruses/malware to be executed… and this is not new, this has been going on for years! But second, and more importantly, you only need to look at Windows Defender and the default Windows security settings to understand that BLOCKING is no longer a viable cybersecurity option. In today’s modern times of hyper-connectivity, BLOCKING can no longer be used because it destroys “USABILITY”.

And today, USABILITY is the Holy Grail, because it is required by modern software and hardware, allowing users to have full use and maximum abuse of resources. And that is why the leading cybersecurity companies rely on DETECTION! (to protect users)... these are (many of them free) software with intelligent functions that DETECT viruses/malware before, during or after execution.

And stating that "BLOCKING is the best way to protect a user" is the same as stating that “disconnecting a computer from the internet/electricity... is the safest and most efficient system to block 100% of threats”… ridiculous! DUMB BLOCKING is not protection, DUMB BLOCKING is obsolescence, decrepitude, mediocrity.

It's not me who says that... it's the market share that confirms my words! Comodo hasn't had a market share for decades, so DUMB BLOCKING is failure, mediocrity. And the security systems (many of them free) that have the largest market share are those based on intelligent DETECTION, not DUMB BLOCKING.

So, you are absolutely right when you reject Windows registry patches or hacks, just to hide Comodo's flaws! Even if those patches/hacking could one day be done directly through Comodo's settings, that would also be wrong, because I repeat, Comodo's hardening will never be in DETECTION, it will always be in DUMB BLOCKING... and that kills USABILITY.

Same logic with Windows Defender! There is no point in incorporating patches/hacking that increase DUMB BLOCKING. The right thing to do is always to work on hardening security systems that increase DETECTION.

In short, Comodo should not only never be used because it is abandon-ware, full of dangerous unfixed bugs, no updates or upgrades etc, and Comodo should also never be used because it has had (and still has) serious Firewall and Containment flaws for years, but the main reason why Comodo should never be used is because Comodo is based on DUMB BLOCKING... and regardless of whether that DUMB BLOCKING is as strong as Herakles, DUMB BLOCKING always kills USABILITY. Period!

Comodo fanatics are free to use sh@t. But that doesn't mean Comodo should be promoted to all users. You @vitao have a YouTube Channel, and I know you have the morality and responsibility to differentiate between your personal opinions, and those opinions that affect the majority of users... who should be alerted and informed about the dangers, lies and fake myths of Comodo.

well i understand your points and agree with all but even so, i still insist in using cis for my main protection, atleast considering prevention. as im aware of the bugs, the flaws and the weakness in detection, im also aware of how to prevent problems for myself. in this context, cis containment continues to be the best solution, but this is for me, in my case only. thats why i tend to not recomend cis for everybody and thats why (maybe) many are so against it. but anyway, right?

what i think that could be the best scenario is comodo releasing a new product called "comodo auto containment" with only the containment technology, the file rating, etc. without firewall, antivirus... forget the internet security things. just release a tool for containment. my guess is that if they do it their market share could increase consistently.

 

[rashmi]

Please stop.

The 'D' virus is stuck in a loop of 'D'efeat against Comodo!

 

[rashmi]

Ah, yes, the sweet, sweet guilt of being right and responsible! You are spot on "D" - Comodo, the reigning champion of cybersecurity!

 

[Andy Ful]

no. its just you trying to complete sentences for me. improve means improve. just that.

OK. So for the readers' information:
Windows Sandbox is an on-demand sandbox implemented in Windows 10/11 (except Windows Home editions). The user can run any application in that sandbox. Microsoft could easily add the auto-containment feature and then the sandbox would work like in Comodo. Instead, Microsoft chose the "Block at first sight" feature, which can use a sandbox in the cloud.

The sandbox for Microsoft Defender was created to decrease the attack surface of Microsoft Defender. This sandbox is much more restricted and not capable of running applications.

Both sandboxes can be improved. Anyway, Microsoft never announced plans to add auto-containment in Windows.

 

[vitao]

OK. So for the readers' information:
Windows Sandbox is an on-demand sandbox implemented in Windows 10/11 (except Windows Home editions). The user can run any application in that sandbox. Microsoft could easily add the auto-containment feature and then the sandbox would work like in Comodo. Instead, Microsoft chose the "Block at first sight" feature, which can use a sandbox in the cloud.

The sandbox for Microsoft Defender was created to decrease the attack surface of Microsoft Defender. This sandbox is much more restricted and not capable of running applications.

Both sandboxes can be improved. Anyway, Microsoft never announced plans to add auto-containment in Windows.

thanks for the tips for everybody.

its sad as windows defender has everything it is needed to be a strong av, but microsoft just dont push it... if they implement something like cis containment just would be sick

 

[Jonny Quest]

Please stop.

But this happens with everything that has to do with Comodo in the title. MalwareTips should start a whole new website with nothing but Comodo threads and topics, to give most of us here a break from all of this.

 

[Sorrento]

Rumor on the street says this forum may be renamed 'Comodo Tips' - Though some lesser AV/AM solutions MAY be discussed though only occasionally

 

[Windroter]

hello friends
I am sorry that my language is NOT good
Let's accept that testing in real conditions is different from testing with the conditions that we know about the executable file
So, Sweety like Comodo is not useful at all and the reason is to maneuver on Sandbox and HIPS.
These two features are not useful at all because when we download a file and it does not have a digital signature, there is no reason for it to be malicious, and now these two features make the user confused and make mistakes.
Comodo is a fleeting pleasure and wants to hide all its problems behind sandbox and HIPS.
Comodo joined the memories in version 5. Unfortunately, Comodo's programming team hires a design and graphics team instead of security solutions and improving its software problems.
Years ago, in a Persian language forum, we fell in love with the two features of Sandbox and HIPS, and we used to test with Zero day malware and enjoy it, but with the passage of time, we realized that the world of real testing and real conditions does not pass with Allow and block files.
" Beware of fleeting emotions "

 

[Windroter]

From my memories with COMODO Firewall V5. Almost 13 years ago

 

[ForgottenSeer 114717]

its sad as windows defender has everything it is needed to be a strong av, but microsoft just dont push it... if they implement something like cis containment just would be sick

Microsoft would rather fall onto the sword and kill itself than put enterprise-grade security requiring enterprise-grade user support into the hands of any non-enterprise or non-government hands.

Consumers (home users) are a conundrum and such a burden, that if it were possible, then Microsoft would rid its product pipeline of home users. Home users are not wanted, but Microsoft is addicted to the revenue stream from games, movies, etc via the Microsoft Store.

 

[Andy Ful]

It is probably too late to change the title of this thread.
In the video, Comodo correctly recognizes the benign/legal file as trusted but does not recognize ransomware as trusted (contrary to the title). Comodo will allow loading the ransomware DLL if it is not on the File Reputation List or has an Unrecognized reputation (after an on-demand scan). It blocks loading the DLL if it is recognized as malicious.
If the same ransomware DLL was executed via restricted LOLBin (like rundll32.exe), Comodo would properly confirm/check/apply the DLL's reputation and could contain it.

The correct title might look like:
Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

Post updated.

 

[lokamoka820]

From my memories with COMODO Firewall V5. Almost 13 years agoView attachment 286196

I miss the Malwarebytes old logo, the good old days.

 

[Andy Ful]

I found a bug in CIS 2025. After unticking two settings in File Reputation, CIS blocked its GUI itself (cis.exe blocked). After the Windows restart I can see:

Diagnostics did not fix the issue, so I ended up in CIS without GUI (cannot revert the settings).
Those settings were:

• Trust applications trusted by trusted vendors
• Trust files installed by trusted installers

Fortunately, most users will not do this. I tried to check if those settings are responsible for not containing DLL hijacking.

Edit.
It seems that the issue is related to the setting "Trust applications trusted by trusted vendors". It also prevented CIS reinstallation. I did not manage to uninstall CIS via a dedicated CIS uninstaller or Revo Uninstaller. I restored the VirtualBox image and applied "Trust applications trusted by trusted vendors" again. The same issue. The only way to reinstall CIS was by using "Killing Comodo" (which runs TDSSKiller to kill Comodo) and next uninstalling Comodo via Revo Uninstaller (Advanced scan). After this, I managed to install CIS again.

 

[Windroter]

I found a bug in CIS 2025. After unticking two settings in File Reputation, CIS blocked its GUI itself (cis.exe blocked). After the Windows restart I can see:

View attachment 286205

Diagnostics did not fix the issue, so I ended up in CIS without GUI (cannot revert the settings).
Those settings were:

• Trust applications trusted by trusted vendors
• Trust files installed by trusted installers

Fortunately, most users will not do this. I tried to check if those settings are responsible for not containing DLL hijacking.

Malwares feels comfortable and cozy against this suite and an infected system is more reliable than one with Comodo installed.

 

[Andy Ful]

@cruelsister,

Disabling a protection level then terming it a bug is actually sort of silly.

Comodo Internet Security 2025 Beta / Final / Infos Thread

Those with the previous version of CF should download the CIS Premium 2025 installer and not the Pro. The installation package is a bit different as...

www.wilderssecurity.com

I agree, that that bug will not affect most users, because they will keep "Trust applications trusted by trusted vendors" ticked to avoid many false positives. Furthermore, for now, the bug happened only on my Virtual Machine.

Anyway, It is not about disabling the protection level. On the contrary, the protection level increases after unticking "Trust applications trusted by trusted vendors" because the applications are not automatically trusted via the trusted vendors list.
I hoped that such additional protection could help to contain DLL hijacking, but it did not. In its current form, that setting can work properly only on the default setting, so Comodo could simply remove it. If the bug will be confirmed, it should be corrected because Comodo is crippled after unticking "Trust applications trusted by trusted vendors". GUI does not work anymore, Comodo cannot be repaired, uninstalled, or reinstalled.

 

[Vitali Ortzi]

@cruelsister,

I agree, that that bug will not affect most users, because they will keep "Trust applications trusted by trusted vendors" ticked to avoid many false positives.
Anyway, It is not about disabling the protection level. On the contrary, the protection level increases after unticking "Trust applications trusted by trusted vendors" because the applications are not automatically trusted via the trusted vendors list.
I hoped that such additional protection could help to contain DLL hijacking, but it did not. In its current form, that setting can work properly only on the default setting, so Comodo could simply remove it.

You probably already deserve a long list of bounties from comodo XD
Anyway since I haven't found any free reputation based sandbox I still use it on some PCs
But if I were a paying enterprise customer well you better run away as there are endless better options

 

[Chuck57]

I downloaded the very latest Comodo 2025 a while back and it's at Cruel settings.

I know this is off topic but digging into advanced protection, I see something called Intel TDT. Should it be checked, since this laptop has Intel aboard?

 

[Andy Ful]

But if I were a paying enterprise customer well you better run away as there are endless better options

The enterprise version may be free of that bug. Also, if I correctly recall, @Loyisa posted that the enterprise version is better for fighting DLL hijacking.

 

[Vitali Ortzi]

I downloaded the very latest Comodo 2025 a while back and it's at Cruel settings.

I know this is off topic but digging into advanced protection, I see something called Intel TDT. Should it be checked, since this laptop has Intel aboard?

Yes it helps a lot against ransomware unless you use defender /other av that already has TDT then it should be on (you will get a notification from comodo that some other program is using TDT ) and since it runs on the graphic cores it's very efficient