App Review Comodo Internet Security Premium Free 2023

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,336
COMODO is a free American security suite created in 2005.
Comodo is a well known software used by computer geeks.
Once very austere, the software has been able to bring new features but still remains on its spearhead: The Sandbox, the firewall and Defense+, its solution to block unknown threats.
The software hasn't had any major changes in about 2 years, so we'll see what it's worth at the moment.



Interface: 6/10

The interface of Comodo is very complete and customizable.
Comodo also offers 3 protection modes, I left the default mode.
But I take away points because the interface is not at all adapted to computer novices, even less the settings!
The same goes for the Defense+ alerts that ask if you should sandbox a program or not. Even if Comodo helps us with recommendations, it is not at all a software that I would give to a novice.

Protection:10/10 Web / Fake crack 1/1 Remains 181 threats on 303 malware / PC Infected after Malware Pack + files encrypted by Filecoder

The big problem with Comodo is its anti-malware engine which is for me the BADGEST I've ever tested!
Even if the Sandbox isolates correctly, it will not be foolproof at all times.
The machine gets infected despite the isolation and 2 Filecoder Ransomware manage to bypass the Sandbox to encrypt files.

Let's also note 2 BSOD caused by malware. I don't know if it's due to the Sandbox, but it's worth noting.

And finally, the Web protection is useless. Comodo has caught everything in Sandbox.
Even though it protects correctly with the Sandbox, there are many problems that need to be fixed.

Result :
Comodo: 0
NPE : 3
KVRT : 12

Recommand : Average. The protection provided is good but some elements need to be corrected especially at the level of the Filecoder.
System Clean : No system infected + File encrypted

@cruelsister , @partha_roy request
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
842
Thanks for the test. Not sure what to make of Comodo, it looks like another Webroot where users swear by its sandbox protection and argue they have never been infected so it must be great but tests prove it's bad. I've used Comodo about 10/15 years ago (Firewall version only not the suite) but I was a security novice, it was just too noisy but I admit I probably didn't configure it right. Unsure what the final verdict is on Comodo, but this test is not good for it :unsure:
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,153
Just as an FYI, as I was previously supplied (Thanks, Shadowra!) with the malware pack, I ran all (303) samples against CF at my settings once again this morning. As before on sandbox reset and reboot the system was totally clean (and no VM freezes occurred when the malware ran).
 

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
127
CruelSister recommends setting the profile at "Proactive", whereas yours is at the default "Internet". I personally also set containment to block unknown files, yours is also at the default.
I wonder how the result would change if these settings were adjusted as said.
Edit: did not know CruelSister replied while I was typing this message.
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
But these ransomware samples that encrypted the system, were they isolated (they broke out of the containment) or Comodo thought they were trusted and did not isolate them? Or were they documents/media files with exploit/something that can’t be isolated?
 

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,336
But these ransomware samples that encrypted the system, were they isolated (they broke out of the containment) or Comodo thought they were trusted and did not isolate them? Or were they documents/media files with exploit/something that can’t be isolated?

Comodo isolated them well, I think they must have escaped to encrypt the system, or the Sandbox failed to completely isolate the 2 Ransomware.

In a video from a Russian tester (COMSS), Comodo had the same trick with Filecoder :/
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
Comodo isolated them well, I think they must have escaped to encrypt the system, or the Sandbox failed to completely isolate the 2 Ransomware.

In a video from a Russian tester (COMSS), Comodo had the same trick with Filecoder :/
I am just watching the video now, the system_service_exception is most likely a Comodo bug or malware has gained kernel access (it must have downloaded/dropped a signed component).

Containment is only good when it’s maintained, bugs and other security errors are fixed constantly.
Even better, containment should be hardware-assisted, such as the HP Wolf way of doing it.

If it’s only software-based and fixes are not pushed in a timely manner, the result is what we see on this test. Components that are in contact with malware (scanners, emulators, sandboxes) should never be outdated.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,076
I just installed CF in win10_VM yesterday (with Kaspersky Free), as I had used CF for a number of years, up until a few years ago. I thought I had configured it to @cruelsister's recommended settings from memory, but after I watched her Feb 2023 video implementing her settings on the current version, I realized that I had missed a few, so I tweaked my CF config settings accordingly. So it would be interesting to see cruelsister make a short video with CF at her settings against this same malware pak. For the record, I totally believe her when she says she ran this test and had no infections, no encryptions but not everyone is a trusting as me :rolleyes: 😇😆 (in the past 48 hours this VM has not been infected :whistle:)
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,076
sure! my last sentence was a tongue in check off the cuff comment -- true but so what. Plus doubt I went anywhere to attempt to get an infection. I meant just re-test CF alone at cruelsister settings...
 
Last edited:
F

ForgottenSeer 100397

Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.

It appears your system is running Windows 11. (The vendor hasn't labeled the latest CIS version as compatible with Windows 11.) But thank you for the test, as many users have CIS on Windows 11.

Did you get the malware folder on the system before or after the CIS installation?
 

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,336
Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.

It appears your system is running Windows 11. (The vendor hasn't labeled the latest CIS version as compatible with Windows 11.) But thank you for the test, as many users have CIS on Windows 11.

Did you get the malware folder on the system before or after the CIS installation?

The answer is in the video :) I load the malware pack after the CIS install and after Malware URL's test.

The 2 crashes were caused by malware and not by CIS itself. I had run it on Windows 11 for several days before the test without any problems.

And finally, CIS is unfortunately not an antivirus that will block everything, because no antivirus even CIS will protect 100% :)
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.
System crashes happen all the time specially when antivirus software is not stable enough. On my ZoneAlarm test (another thread) I had to record the test over 3 times due to crashes of ZoneAlarm, BSOD-s and whatnot. The same BSODs were not observed with any other product or without any AV.
The crash is not @Shadowra ’s fault and it doesn’t invalidate his test in any way. It is Comodo’s responsibility to ensure that their software is stable and secure.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
I am just watching the video now, the system_service_exception is most likely a Comodo bug or malware has gained kernel access (it must have downloaded/dropped a signed component).

Containment is only good when it’s maintained, bugs and other security errors are fixed constantly.
Even better, containment should be hardware-assisted, such as the HP Wolf way of doing it.

If it’s only software-based and fixes are not pushed in a timely manner, the result is what we see on this test. Components that are in contact with malware (scanners, emulators, sandboxes) should never be outdated.
You can search in the Comodo forum for “hardware assisted”.

Comodo did in fact used that. Not sure if they currently do however.

@cruelsister
might be able to confirm it
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
You can search in the Comodo forum for “hardware assisted”.

Comodo did in fact used that. Not sure if they currently do however.

@cruelsister
might be able to confirm it
It can not be hardware-assisted if it’s not been updated for 2 years and is design to run both on Intel and AMD processors. They may vaguely use some features of the Intel CPUs (like some use the anti-ransomware features) but it won’t be like HP
Wolf where dedicated chip runs only to keep the containment secure.

Scanning, emulating and containing malware is not a joke, it’s a process that requires stringent security. All components must be secure by design and they must be receiving security fixes. Otherwise you are not protecting anything, you are increasing your attack surface.
 
F

ForgottenSeer 100397

The answer is in the video :) I load the malware pack after the CIS install and after Malware URL's test.

The 2 crashes were caused by malware and not by CIS itself. I had run it on Windows 11 for several days before the test without any problems.

And finally, CIS is unfortunately not an antivirus that will block everything, because no antivirus even CIS will protect 100% :)
I noticed the malware pack on the desktop, but it was not clear whether you copied it from another location on the system or another channel.

It may run well for you and others (including me), but the product is not officially compatible with Windows 11.

If anything, your test sides with the vendor and shows the risks of using beta, not-ready, in-progress, or incompatible software.
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,028
Yep the files remain encrypted even after reset :/
Thanks. Nice to see an example where the system was compromised with default settings. Comodo lessened the security of CIS significantly focusing more on usability back around 2018 and really the protection is sub-par and practically solely relying on the Containment part. So unless your running it with Proactive config, there's holes in the protection. I like Comodo, used it for years and years but waiting really on the "summer" update bringing it in line with the Xcitium clients but that's wishful thinking. Comodo is best as just the Firewall rather than the whole CIS package and tweaking as @cruelsister has it for elementany real security and leave the rest of the protection to the likes of MD or 3rd party AV.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top