App Review Comodo's killer.

[Sandbox Breaker - DFIR]

Not sure that's exactly fair
But since you use prevention and then manual submission and wait till it's clean/ malware
You should be safe against most of the malware in the wild 99.99%+ except a few tactics shown in this fourm
And Andy gave some solution for most of the 0.0001 percentage

Amen

 

[annaegorov]

Then why doesn't it block starrailbase?
Because it's launched by a trusted exe
Using dll files to spread malware is common in modding , piracy and game exe files are usually marked trusted by Valkyrie cloud or else the game likely wouldn't work (restricted)

Both default and cruel sister like configs will fail
Andy gave alternative solutions but unfortunately they will case too much false positives in my opinion
So there is no best solution but in my opinion cruel sister like config without alerts and some av to try to detect the malicious files getting launched by trusted executables is the most balanced approach for my system and what I recommend others to use
(Defender is good enough and isn't disabled by comodo firewall and can be hardened using Andy ful tools but other good free options are Kaspersky, bitdefender,avast )

Ahh So the above seems to state even default deny can be overcome, because of the use of a trusted .exe

Am I understanding this correctly?

 

[Andy Ful]

Ahh So the above seems to state even default deny can be overcome, because of the use of a trusted .exe

Am I understanding this correctly?

Yes. However, this requires using a shortcut or DLL hijacking. In my videos, I used a shortcut as an initial attack vector.