Video Comodo Internet Security Pro 2022

Shadowra

Level 21
Thread author
Verified
Malware Tester
Sep 2, 2021
1,052
Hello and welcome to the Comodo test!
Comodo is a security suite very well known by geeks.
Based in the USA, Comodo is very appreciated by its users.
Today we will test the PRO version, which does not bring much compared to the free version.

The interface is still as detailed as ever, which can be confusing for novices. Although Comodo has done a lot of work on it, it is still not suitable for novices.

The big highlight is its Sandbox! Comodo isolates all unknown malware, so that it will not do any damage to the system!
This is a great asset if you run a file that is unsafe or downloaded from a questionable site.
On the other hand, Comodo's anti-virus engine is very bad... Only 1 alert on URLs, no web blocking and half the pack detected. A bit disappointed with its antivirus engine, I expected some effort.

Watch my review on Odysee !

RAM Usage : Low
Malware URL test : 10/10 (9 Sandoxed 1 malware detected by AV's engine)
Fake crack : 1/1 (detected)
Malware Pack : Remaining 47 files to 89.
Comodo will isolate all launched malware.
However, I don't understand why the analysis says that it has detected 74 malwares when there are still 47...
Resistance to script attacks: Very good

Result :
Comodo : 0
NPE : 0
KVRT : 0

Recommand : Yes
System Clean : Yes, system clean !

@ErzCrz / @cruelsister request
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,952
Interesting to see that also with the IS Pro version, just as with the basic AV version, the application control only monitors and is by default enabled inside the container. That specific, is something I'm looking forward to when it's changed to upcoming tests in the Hub.
 

Shadowra

Level 21
Thread author
Verified
Malware Tester
Sep 2, 2021
1,052
Interesting to see that also with the IS Pro version, just as with the basic AV version, the application control only monitors and is by default enabled inside the container. That specific, is something I'm looking forward to when it's changed to upcoming tests in the Hub.

That's what I noticed too.
I must admit that I would also like to see this in the Hub... you know what to do @harlan4096 :D
 

Andy Ful

From Hard_Configurator Tools
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,074
There is no surprise. Comodo's auto-sandbox technology for PE files (EXE, DLL, etc.) is very strong.
For this reason, I kept Comodo for many years on Windows XP (my dad's computer).

This kind of protection is based on file reputation lookup, so the protection is almost perfect. Even if one uses script malware, most of them only deliver the PE payload which is finally contained in the Comodo Sandbox.
Anyway, there are well known downsides of such protection (it cannot be popular):
  1. Many false positives - more than we can see in Norton 360 (also based on file reputation lookup).
  2. Problems with managing applications running in the sandbox.
So, Comodo can be used by everyone. But, installation of new applications has to be often done with the help of the geek. The auto-updates of already installed applications are usually allowed when they are digitally signed and the signer is trusted by Comodo (this can be also configured by the user). I like this kind of security. :)

If one wants to bypass the Comodo protection, then it can hardly be done like in the video. Simply, the protection is too strong. One has to focus on:
  1. Fileless attacks (no PE file involved).
  2. Signed malware that can use the vendor trusted by Comodo.
  3. Malware that is prepared to escape the sandboxing technology. If I correctly remember Comodo can use several levels of virtualization, and by default, it uses not the strongest one.:)(y)
 
Last edited:

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
343
Thank you Shadowra for doing the test, for taking your valuable time.

COMODO's result surprises me. Practically in every test (YT) COMODO wins against everyone.
I'm surprised that if it is so good, why so few people use it, after all, there is a free version. For me it is a bit complicated
For the general public, usability and stability are as important, if not more so, as protection. Due to the auto-containment policy, you have to interact with Comodo when installing certain software or performing specific tasks, to make everything work as expected. Also, many modern threats are sandbox-aware. They have a million ways to ask users to run the malware outside the sandbox.
 

Shadowra

Level 21
Thread author
Verified
Malware Tester
Sep 2, 2021
1,052
Does the free version of CIS for normal Windows users require special settings after installation for even better protection?

On the attached video I do not see that the settings are changed.

Or just install and forget.

I left it by default actually, as any user would.

For the settings, I leave you with the beautiful @cruelsister one who will know how to help you 😉 😁
 

Asterixpl

Level 10
Verified
Mar 19, 2022
472
I left it by default actually, as any user would.

For the settings, I leave you with the beautiful @cruelsister one who will know how to help you 😉 😁

Thanks for the reply. Actually I am not going to install it now.
I am very happy with my current security.
Possibly after the Avira promotion is over I will give it a chance.
But still it seems in my opinion that CIS is a product for more advanced people. As mentioned above - you have to know what to allow.
 

cruelsister

Level 39
Verified
Helper
Top poster
Content Creator
Well-known
Apr 13, 2013
2,871
many modern threats are sandbox-aware. They have a million ways to ask users to run the malware outside the sandbox.
That's actually a common misconception. Some malware can be coded to be either VM and/or Sandbox aware most certainly- but this means that the malware will just either refuse to run or (occasionally) delete themselves when the presence of a VM or sandbox is detected. This really is a pain for an analyst as a host of sacrificial (non-VM and sandbox naive) systems must be available in order to see how actually nasty the malware can be.

So awareness really means the malware will lack the ability to infect, and not the ability to evade.

Regarding the excellent video- the sub-optimal performance by the Comodo AV module is the reason why I suggest using Comodo firewall. The main difference between CIS and CF is the presence of an on-demand AV scanner in CIS; but please note that CF still has VirusScope as well as the file rating Scan, so nothing is really lost in any way by using CF over CIS
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
343
That's actually a common misconception. Some malware can be coded to be either VM and/or Sandbox aware most certainly- but this means that the malware will just either refuse to run or (occasionally) delete themselves when the presence of a VM or sandbox is detected. This really is a pain for an analyst as a host of sacrificial (non-VM and sandbox naive) systems must be available in order to see how actually nasty the malware can be.
Yeah. I've seen a lot of malware pretending to be a legitimate installer and asking users not to run it in a sandbox to make sure the "installation" process goes smoothly. And many newbie users just follow their instructions because it seems to make sense... Some sandbox-aware malware asks users to re-run it outside the sandbox after detecting the sandbox environment.
 
Last edited:

Moonhorse

Level 33
Verified
Top poster
Content Creator
Well-known
May 29, 2018
2,208
Does the free version of CIS for normal Windows users require special settings after installation for even better protection?

On the attached video I do not see that the settings are changed.

Or just install and forget.
I have used it on default settings alot of time, more than with tweaked settings

I dont think its more complicated than any other antivirus, you dont get that much of prompts / falsepositives that people might think

Of course one can set it to cs settings > rejected or just use simple block rule , wich might be useful if youre testing it against malware ( less prompts > less work)

after installation you should run rating scan > boot computer > redo ..since you have to trust some certificates
 

Asterixpl

Level 10
Verified
Mar 19, 2022
472
I have used it on default settings alot of time, more than with tweaked settings

I dont think its more complicated than any other antivirus, you dont get that much of prompts / falsepositives that people might think

Of course one can set it to cs settings > rejected or just use simple block rule , wich might be useful if youre testing it against malware ( less prompts > less work)

after installation you should run rating scan > boot computer > redo ..since you have to trust some certificates
I will keep this in mind when installing CIS. Thanks to
 

ErzCrz

Level 12
Verified
Top poster
Well-known
Aug 19, 2019
563
Great test :) Comodo does take a lot of tweaking and I use basically the @cruelsister setup but with CIS and Proactive default of Hips being enabled.

The web protection only really works in IE or Firefox, a feature I think either they should just maintain with the browser addon rather than having it part of CIS. I use full CIS to avoid mixing and matching products.

Anyway, nicely done test and good to see Comodo still performing well as always despite the lenghy peroid between program updates ;)

@Shadowra Rocks :D 🤘🤘
 
Last edited:

ErzCrz

Level 12
Verified
Top poster
Well-known
Aug 19, 2019
563
Does the AV settings include the cloud scanning option being turned on?
Cloud lookup is part of File Rating settings.
1653256070314.png
 
Last edited by a moderator: