XylentAntivirus
Level 2
- May 9, 2024
- 53
Comodo is bypassable even if sandbox enabled but still good product.
COMODO Internet Security 2025 Premium
- Thread starter Shadowra
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Status
The product experience depends on its features, your usage, and your understanding of the product.
For example, I installed this new version of Comodo Firewall. It only contained one program (the only unsigned program) of the eighteen installed programs on the system. The unsigned program is important to me, so I have set its folder to "ignore" in the containment. It'll auto-update with no issues, but Comodo will show the containment alert for over-install (if unrecognized). I have signed and unsigned eleven portable programs. Comodo contained only one program; it found three in the cloud whitelist and the rest in the trusted vendor list. Overall, excellent experience.
- Apr 13, 2013
- 3,166
Really? If so, please PM to me the file.
- Sep 5, 2018
- 132
Hi all, do you think CIS (both AV + FM components installed) and Cyberlock/Voodooshield overkill? Is there any advantage?
- Aug 19, 2019
- 1,066
I run the two together as I bought CL this year. They run together without issue though it is overkill. Advantage? Mis-configured CIS/CF or human error maybe.
Last edited:
- Sep 5, 2018
- 132
Thanks. I like each of them alone. I guess they together are overkill. But I'll try anyway.
- Aug 19, 2019
- 1,066
Cool. My favourite combination is CF (CruelSister config) with CL and DefenderUI. CF can do what it does best with firewall and Sandbox, Defender can do what it does as an AV and CL, which I really like, covers anything else
- Jan 8, 2011
- 22,491
Someone pointed to this thread.
Link: COMODO Internet Security 2025 PremiumThanks for that.
There are many uneducated people in the world where they think a legacy AV is better security than CIS and its ok to allow an unknown run giving it full access to your computer. Its laughable really. Its like people thinking horses were better transport than Cars when Cars were invented
These people play russian roulette with those unknown files! Its crazy!
They don’t understand how “Zero Trust” cybersecurity works
- Apr 13, 2013
- 3,166
Actually Comodo's protection against various Scriptors has always been very strong (or else I would have jumped all over them for such a deficiency).
- Sep 2, 2021
- 2,358
Facts of reality:
1. The current Comodo' version announced as “2025” is nothing more than the old Beta version, which due to lack of dedication was not only frozen for more than a year, but worse, this abandoned Beta was never finished, most of the five years old bugs remain unfixed, and the only thing Comodo has done is just new UI cosmetics.
2. Comodo was never a great company and never had great products. For years, Comodo only had a single tool (sandbox/containment). Comodo' fanatics built a false myth on top of this sandbox/containment, not only making people believe that it was unbeatable (which many times was already proven false), but worse, these fanatics also built the idea that a simple broken sandbox/containment is enough to label a software as "the best and most complete security system". All of this is irresponsibly false and wrong.
3. In the IT security world, no one invents the wheel, and there are good reasons to explain why the best security software never used sandbox/containment. There have been hundreds of security software over past decades, all promising the best "ultimate solution". But none of these software products ever dared to use a simple broken sandbox/containment as an "ultimate solution". Only Comodo' fanatics insist that this broken sandbox/containment is the "ultimate solution".
4. The Comodo' website was always a disaster, but this is not just a coincidence, this is the Comodo' classic pattern behavior, reflected on every Comodo' product: Old, abandoned, useless and full of bugs.
5. Any conclusion of any expert is always published with the identification of the expert, verifying his technical training & experience, and fundamentally verifying the veracity of his tests and statements, describing in detail the necessary information (allowing to universally reproduce same tests and conclusions).
The participants here at MalwareTips are subjective opinion holders, they are not experts (or at least, they never documented their supposed expertise).
Subjective opinions and cute videos with nice music... are not proof of anything.
1. The current Comodo' version announced as “2025” is nothing more than the old Beta version, which due to lack of dedication was not only frozen for more than a year, but worse, this abandoned Beta was never finished, most of the five years old bugs remain unfixed, and the only thing Comodo has done is just new UI cosmetics.
2. Comodo was never a great company and never had great products. For years, Comodo only had a single tool (sandbox/containment). Comodo' fanatics built a false myth on top of this sandbox/containment, not only making people believe that it was unbeatable (which many times was already proven false), but worse, these fanatics also built the idea that a simple broken sandbox/containment is enough to label a software as "the best and most complete security system". All of this is irresponsibly false and wrong.
3. In the IT security world, no one invents the wheel, and there are good reasons to explain why the best security software never used sandbox/containment. There have been hundreds of security software over past decades, all promising the best "ultimate solution". But none of these software products ever dared to use a simple broken sandbox/containment as an "ultimate solution". Only Comodo' fanatics insist that this broken sandbox/containment is the "ultimate solution".
4. The Comodo' website was always a disaster, but this is not just a coincidence, this is the Comodo' classic pattern behavior, reflected on every Comodo' product: Old, abandoned, useless and full of bugs.
5. Any conclusion of any expert is always published with the identification of the expert, verifying his technical training & experience, and fundamentally verifying the veracity of his tests and statements, describing in detail the necessary information (allowing to universally reproduce same tests and conclusions).
The participants here at MalwareTips are subjective opinion holders, they are not experts (or at least, they never documented their supposed expertise).
Subjective opinions and cute videos with nice music... are not proof of anything.
Last edited:
- Sep 2, 2021
- 2,358
Mind you, I don't claim to be an expert, far from it, I'm just passionate about IT and cyber-security, even though I work in IT.
Secondly, I always place antivirus software on an equal footing and in extreme testing. I take time to look for the most recent samples and I also add several old malware to see how reactive the lab is.
Rest assured, I didn't take your message the wrong way, I just wanted to clarify this point
- Aug 19, 2019
- 1,066
It would be amazing to see actual bypass of Comodo's Containment which is Kernel API Virtualization.
Their transparency pages: Comodo Transparency Page & Xcitium Transparency Page show there haven't been any breaches but if you turn off or turn down features in CIS/CF it doesn't work as intended. Yes, their website is a mess but I can always grab a copy of what I want from the forum until they improve it.
I'm a paranoid user. I'm more bothered that something unknown gets allowed than anything but signatures are very important and with most products these days, the latest is in the cloud so what I like about CIS/CF is that it'll visualize an unknown file, check cloud for signature and and analyze it before allowing it. I also love/appreciation for CyberLock and although overkill I run both together.
People will use what works with them which is why I use Comodo but I also really like the Hard_Configurator approach of hardening the system and using a standard user. Which is the best approach is hard to say, a bit of everything probably. I'm probably just another aforementioned fanboy but have I ever been infected while using it? No.
Their transparency pages: Comodo Transparency Page & Xcitium Transparency Page show there haven't been any breaches but if you turn off or turn down features in CIS/CF it doesn't work as intended. Yes, their website is a mess but I can always grab a copy of what I want from the forum until they improve it.
I'm a paranoid user. I'm more bothered that something unknown gets allowed than anything but signatures are very important and with most products these days, the latest is in the cloud so what I like about CIS/CF is that it'll visualize an unknown file, check cloud for signature and and analyze it before allowing it. I also love/appreciation for CyberLock and although overkill I run both together.
People will use what works with them which is why I use Comodo but I also really like the Hard_Configurator approach of hardening the system and using a standard user. Which is the best approach is hard to say, a bit of everything probably. I'm probably just another aforementioned fanboy but have I ever been infected while using it? No.
- Mar 16, 2019
- 3,671
Comodo/Xcitium missed widespread and prevalent malware samples in AV-Test's business test every time in 2023, there are misses in the previous years also.
In the business test, AV vendors can specify the product's configuration as they see fit prior to testing. So, I certainly expect that Containment was turned on, I think it's on anyway on default on business products equivalent to CruelSister's settings. But it still failed to detect some widespread and prevalent malware samples. Shouldn't that mean, auto-containment failed to protect the system? Its protection was bypassed one way or another. Most products protect against 100% of the malware on these ''widespread and prevalent malware' tests as they are up to 4-weeks old. So long enough for most vendors to have threat intelligence about them.
Test Xcitium Client Security 12 for Windows 10 (232424)
The current test Xcitium Client Security 12 for Windows 10 (232424) from August 2023 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org
Test Xcitium Client Security 12 for Windows 10 (232323)
The current test Xcitium Client Security 12 for Windows 10 (232323) from June 2023 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org
Test Xcitium Client Security 12 for Windows 11 (232224)
The current test Xcitium Client Security 12 for Windows 11 (232224) from April 2023 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org
Test Xcitium Client Security 12 for Windows 10 (232125)
The current test Xcitium Client Security 12 for Windows 10 (232125) from February 2023 of AV-TEST, the leading international and independent service provider for antivirus software and malware.
www.av-test.org
@SeriousHoax Isn't Stage 2 a test for detection or antivirus features? More info lists them: Stage 1: Test of the protection function. Stage 2: Test of the detection function.
- Aug 19, 2019
- 1,066
Thanks for the information. All the tests were 100% for 0-day detection. Reading their testing procedures Test Modules under Windows - Protection the results for Detection of widespread and prevalent malware is "An on-demand scan occurs via the AV-TEST reference set." so @rashmi is correct. With CIS the localized signature base is a light version installed by default (200mb vs 700mb), it's no wonder the 0.2% weren't picked up but will have been put into virtualization and cloud checked/analyzed. The most important result here is the 0-day test and those missed on the av-test isn't the result of any bypass because the samples weren't executed or downloaded.
- Mar 16, 2019
- 3,671
(Also tagging @rashmi), This is not correct. You read point number 2 on that link but missed number 3.
The remaining malware were executed after on-deman scan. Check again,
So, looks like indeed Comodo/Xcitium's protection layers were bypassed. Isn't that so?
Test Modules under Windows - Protection
www.av-test.org
XylentAntivirus
Level 2
- May 9, 2024
- 53
I know it because I read the entire page. I'm confused about the detection test definition. It appears to be a test of antivirus features: an on-demand scan followed by executing the remaining samples for dynamic detection. Comodo scored 100% in all the protection tests you shared, which is why the detection test seems to be for antivirus features.
- Mar 16, 2019
- 3,671
I don't see anything confusing there. AV vendors on home products are tested on default, for corporate vendors can offer settings modification and then AV-Test performs the test.
In Stage 1, malware are introduced via accessing direct to their URL, similar to AV-Comparative's Real-World test.
In Stage 2, malware collection is already prepared. They are scanned first and then executed, similar to AV-Comparative's Malware Protection test.
The protection settings and components for both tests are identical. In both cases, missed samples are executed. So surely Comodo/Xcitium's antivirus capabilities as well as Auto-Containment were tested. Without the Containment feature, it would've missed plenty more.
I'm neither a Comodo hater, nor a fan. I'm just referring to what I saw which indicates that it's not bulletproof as some people seem to think it is, including their CEO. Maybe someone should ask him about these tests and see if he can provide an explanation.
- Status
Similar threads
