Does it make sense to focus on AV detection? It seems as if a lot of endpoint protections are now focusing on sandboxing, behavior and AI.
Correct, AV is more than static sig-based detection. And sig-based detection itself is more than a simple list of hash values. Nowadays, it is very complex. This is exactly why you want an AV that does the job right, not Comodo AV.are we judging protection on signatures? - its 2019 not 2009.
If you have no need for an AV, then don't install CIS. Use Comodo Firewall. But a good AV is an important safety net. It is recommended as part of your security config. That's why you should use the AV of your choice + Comodo Firewall.