XylentAntivirus
Level 3
- May 9, 2024
- 100
Comodo is bypassable even if sandbox enabled but still good product.
The product experience depends on its features, your usage, and your understanding of the product.Same old Comodo, all on the sandbox.
Really? If so, please PM to me the file.Comodo is bypassable even if sandbox enabled but still good product.
I run the two together as I bought CL this year. They run together without issue though it is overkill. Advantage? Mis-configured CIS/CF or human error maybe.Hi all, do you think CIS (both AV + FM components installed) and Cyberlock/Voodooshield overkill? Is there any advantage?
Thanks. I like each of them alone. I guess they together are overkill. But I'll try anyway.I run the two together as I bought CL this year. They run together without issue though it is overkill. Advantage? Mis-configured CIS/CF or human error maybe.
Cool. My favourite combination is CF (CruelSister config) with CL and DefenderUI. CF can do what it does best with firewall and Sandbox, Defender can do what it does as an AV and CL, which I really like, covers anything elseThanks. I like each of them alone. I guess they together are overkill. But I'll try anyway.
Link: COMODO Internet Security 2025 PremiumThanks for that.
There are many uneducated people in the world where they think a legacy AV is better security than CIS and its ok to allow an unknown run giving it full access to your computer. Its laughable really. Its like people thinking horses were better transport than Cars when Cars were invented .
These people play russian roulette with those unknown files! Its crazy!
They don’t understand how “Zero Trust” cybersecurity works
Actually Comodo's protection against various Scriptors has always been very strong (or else I would have jumped all over them for such a deficiency).Sandbox finally isolates scripts (JAR, VBS, JS etc)
Mind you, I don't claim to be an expert, far from it, I'm just passionate about IT and cyber-security, even though I work in IT.The participants here at MalwareTips are subjective opinion holders, they are not experts (or at least, they never proved their supposed expertise).
Cute videos with nice music are not proof of anything.
Comodo/Xcitium missed widespread and prevalent malware samples in AV-Test's business test every time in 2023, there are misses in the previous years also.It would be amazing to see actual bypass of Comodo's Containment which is Kernel API Virtualization.
Their transparency pages: Comodo Transparency Page & Xcitium Transparency Page show there haven't been any breaches
Thanks for the information. All the tests were 100% for 0-day detection. Reading their testing procedures Test Modules under Windows - Protection the results for Detection of widespread and prevalent malware is "An on-demand scan occurs via the AV-TEST reference set." so @rashmi is correct. With CIS the localized signature base is a light version installed by default (200mb vs 700mb), it's no wonder the 0.2% weren't picked up but will have been put into virtualization and cloud checked/analyzed. The most important result here is the 0-day test and those missed on the av-test isn't the result of any bypass because the samples weren't executed or downloaded.Comodo/Xcitium missed widespread and prevalent malware samples in AV-Test's business test every time in 2023, there are misses in the previous years also.
In the business test, AV vendors can specify the product's configuration as they see fit prior to testing. So, I certainly expect that Containment was turned on, I think it's on anyway on default on business products equivalent to CruelSister's settings. But it still failed to detect some widespread and prevalent malware samples. Shouldn't that mean, auto-containment failed to protect the system? Its protection was bypassed one way or another. Most products protect against 100% of the malware on these ''widespread and prevalent malware' tests as they are up to 4-weeks old. So long enough for most vendors to have threat intelligence about them.
(Also tagging @rashmi), This is not correct. You read point number 2 on that link but missed number 3.Thanks for the information. All the tests were 100% for 0-day detection. Reading their testing procedures Test Modules under Windows - Protection the results for Detection of widespread and prevalent malware is "An on-demand scan occurs via the AV-TEST reference set." so @rashmi is correct. With CIS the localized signature base is a light version installed by default (200mb vs 700mb), it's no wonder the 0.2% weren't picked up but will have been put into virtualization and cloud checked/analyzed. The most important result here is the 0-day test and those missed on the av-test isn't the result of any bypass because the samples weren't executed or downloaded.
So, looks like indeed Comodo/Xcitium's protection layers were bypassed. Isn't that so?
- Whereas the products for home users are installed with default settings, the manufacturer is able to specify the configuration of corporate solutions. The products are updated and have complete Internet access at all times.
- An on-demand scan occurs via the AV-TEST reference set.
- All files not detected in the on-demand scan are executed on the test system in order to test the dynamic detection.
HydraDragonAntivirus - Repositories you can find at my repos by searching it.Really? If so, please PM to me the file.
I know it because I read the entire page. I'm confused about the detection test definition. It appears to be a test of antivirus features: an on-demand scan followed by executing the remaining samples for dynamic detection. Comodo scored 100% in all the protection tests you shared, which is why the detection test seems to be for antivirus features.(Also tagging @rashmi), This is not correct. You read point number 2 on that link but missed number 3.
The remaining malware were executed after on-deman scan. Check again,
I don't see anything confusing there. AV vendors on home products are tested on default, for corporate vendors can offer settings modification and then AV-Test performs the test.I know it because I read the entire page. I'm confused about the detection test definition. It appears to be a test of antivirus features: an on-demand scan followed by executing the remaining samples for dynamic detection. Comodo scored 100% in all the protection tests you shared, which is why the detection test seems to be for antivirus features.