Did comodo increase their Detection rates ?

[mekelek]

Nope I am not. I felt that @mekelek was not interested in what this thread had to say about COMODO and saw that he was using Kaspersky under his avatar. No one is forcing anyone to use COMODO if they don't like it.

I wasn't saying you were claiming it, but the test results do so. Once again, read my initial post, I was attacking the test and its results, and the Comodo part came at last. I have nothing against Comodo other than they not fixing the rule disappear bug, but it has a weak AV detection ration.

 

[S3cur1ty 3nthu5145t]

For someone who tests products on a daily basis I have not seen a single test come from you.

This is all I have seen from you. I can think of at least 30 products who have missed 11 samples before. You're counting specks of dust here in contrast to how much malware is actually out there. If we all listened to you, COMODO would have only a 0.08% detection rate but we all know that isn't true. And I never once mentioned COMODO having a detection rate of 100%, you're just putting words in my mouth now. I've used a VM before so you can save your explanation for someone who doesn't know better. It's amusing to me you probably think i'm some noob who takes lab results for face value but in reality, if that were the case I would be using Avira or something else. Just to make it 100% clear for you I'm very aware of the malware hub results. This thread isn't about COMODO having "100% detection rate" its about whether or not the DETECTION has IMPROVED. That's all i'm going to say, have a nice day.

If your familiar with a VN, and not a noob as you stated, then test it for yourself instead of blindly reading and watching others.

To be clear, I never stated that comodo sucks, it has one of the best enterprise level sandboxes out there, I'm stating the AV portion is basically worthless, it's detection rates with newer samples is well below average.

 

[S3cur1ty 3nthu5145t]

For someone who tests products on a daily basis I have not seen a single test come from you.

This is all I have seen from you. I can think of at least 30 products who have missed 11 samples before. You're counting specks of dust here in contrast to how much malware is actually out there. If we all listened to you, COMODO would have only a 0.08% detection rate but we all know that isn't true. And I never once mentioned COMODO having a detection rate of 100%, you're just putting words in my mouth now. I've used a VM before so you can save your explanation for someone who doesn't know better. It's amusing to me you probably think i'm some noob who takes lab results for face value but in reality, if that were the case I would be using Avira or something else. Just to make it 100% clear for you I'm very aware of the malware hub results. This thread isn't about COMODO having "100% detection rate" its about whether or not the DETECTION has IMPROVED. That's all i'm going to say, have a nice day.

Yesterdays sample pack...

Spoiler: Pack

https://malwaretips.com/threads/19-6-17-15.72736/

Spoiler: CCAV Static Test

After these samples were collected, they have been tested in the Hub, and still a day later, 3 samples only were detected, which is good compared to what I normally see.

Comodo has never really focused on their Av detection rates, as they rely on the firewall and sandbox, which speaking of, I could have executed everyone of those and had them stopped by the autosandbox, but that would be besides the point in this conversation.

 

[mekelek]

Yesterdays sample pack...

Spoiler: Pack

https://malwaretips.com/threads/19-6-17-15.72736/

Spoiler: CCAV Static Test

After these samples were collected, they have been tested in the Hub, and still a day later, 3 samples only were detected, which is good compared to what I normally see.

COMODO has never really focused on their Av detection rates, as they rely on the firewall and sandbox, which speaking of, I could have executed everyone of those and had them stopped by the autosandbox, but that would be besides the point in this conversation.

that's, shocking to be fair, i didn't know it's this bad.
sure, not detecting the samples on the day it popped up, but 3 days after??

 

[509322]

COMODO's detection is decent for older malware - meaning more than 2 weeks old. The AV module is shipped with COMODO products so that the user doesn't have to contend with autosandboxing of known malicious files. So, as Melih explains it, the AV is there for enhanced usability and not protection; protection is provided by autosandoxing, HIPS and firewall.

 

[Thirio]

COMODO has never really focused on their Av detection rates, as they rely on the firewall and sandbox

True up until now, it seems they are still in a transition period with their cloud module (CCAV still feels like a beta to me, theres a lot of bugs still). It might take some time before they can consistently have good detection against a day old samples, but hey thats what sandboxing is for. Would be intersting to see how long it takes them to add signatures for those files. Have you uploaded that pack yet?

I could have executed everyone of those and had them stopped by the autosandbox, but that would be besides the point in this conversation.

Once again I agree. Can't find a fault with your post, because you conducted a test for yourself and Comodo did poorly. Thanks for sharing the results on this thread and bringing attention to it.

I've seen Comodo do very poorly detecting new files in the malware hub, but it can also surprise sometimes. For older malware right now its detection is not bad at all. All we can hope is that they improve, with valkyrie it at least seems like they are trying to. There's no right or wrong in this thread, we're all just looking for answers to our questions. I posted a test, you posted a test, was anyone wrong? No. Different situations have different outcomes.

 

[S3cur1ty 3nthu5145t]

True up until now, it seems they are still in a transition period with their cloud module (CCAV still feels like a beta to me, theres a lot of bugs still). It might take some time before they can consistently have good detection against a day old samples, but hey thats what sandboxing is for. Would be intersting to see how long it takes them to add signatures for those files. Have you uploaded that pack yet?


Once again I agree. Can't find a fault with your post, because you conducted a test for yourself and COMODO did poorly. Thanks for sharing the results on this thread and bringing attention to it.

I've seen COMODO do very poorly detecting new files in the malware hub, but it can also surprise sometimes. For older malware right now its detection is not bad at all. All we can hope is that they improve, with valkyrie it at least seems like they are trying to. There's no right or wrong in this thread, we're all just looking for answers to our questions. I posted a test, you posted a test, was anyone wrong? No. Different situations have different outcomes.

We will leave it at this. I just hope now you see, that there is a need to question what you see and read, there is a lot of misleading, misinformation out there. It was my pleasure to share this with you.

 

[Antimalware18]

No, It's detection rates are most likely the same.

I understand their structure as well and why their scanner is second-tier in their hierarchy

BUT imagine what they could become if they took their AV/Signatures as seriously as they do their Autosandbox/hips.

I mean, based on that I don't see why they don't work on their AV glitches aside their product packs a hell of a punch. It could pack
the proverbial mega punch if they had Kaspersky level sigs.

EDIT: But I think I answered my own question there. I think they fear their sandbox would become redundant on a certain level if they had Kaspersky level signatures.

 

[mekelek]

No, It's detection rates are most likely the same.

I understand their structure as well and why their scanner is second-tier in their hierarchy

BUT imagine what they could become if they took their AV/Signatures as seriously as they do their Autosandbox/hips.

I mean, based on that I don't see why they don't work on their AV glitches aside their product packs a hell of a punch. It could pack
the proverbial mega punch if they had Kaspersky level sigs.

EDIT: But I think I answered my own question there. I think they fear their sandbox would become redundant on a certain level if they had Kaspersky level signatures.

they just gotta throw BD signatures under it and it's top tier.

 

[Parsh]

@S3cur1ty 3nthu5145t

I understand their structure as well and why their scanner is second-tier in their hierarchy

BUT imagine what they could become if they took their AV/Signatures as seriously as they do their Autosandbox/hips.

I mean, based on that I don't see why they don't work on their AV glitches aside their product packs a hell of a punch. It could pack
the proverbial mega punch if they had Kaspersky level sigs.

EDIT: But I think I answered my own question there. I think they fear their sandbox would become redundant on a certain level if they had Kaspersky level signatures.

For your curiosity, I would like to refer you to the White Paper of Comodo that I shared in post #14.
Their Auto-containment+Whitelisting+File lookups+CPU virtualization have been their chief selling point(s) and they do not seem to care to improve their AV engine seriously since they know that the former modules are unique and an asset of theirs and of the enterprise users mainly, and complete in fundamental senses.

As discussed eariler in the thread, AV provided is only for enhanced usability and not protection. The obvious malware that get eliminated by static detection reduce the number of sandboxing cases and alerts to deal with.
They could anyway use a famous engine like BD if they cared so much about definitions alongwith advancing their above mentioned assets. But they've already done something similar by acquiring BOClean years before, and almost failed to keep up.

 

[Antimalware18]

For your curiosity, I would like to refer you to the White Paper of COMODO that I shared in post #14.
Their Auto-containment+Whitelisting+File lookups+CPU virtualization have been their chief selling point(s) and they do not seem to care to improve their AV engine seriously since they know that the former modules are unique and an asset of theirs and of the enterprise users mainly, and complete in fundamental senses.

As discussed eariler in the thread, AV provided is only for enhanced usability and not protection. The obvious malware that get eliminated by static detection reduce the number of sandboxing cases and alerts to deal with.

This basically reassure my beliefe in what I stated earlier, That if they developed a powerful AV/Sig's it would switch the assets/direction of the company completely and put the sandboxing/hips second and AV first instead of the other way around (although AV detection's come first to knock out known malware)

Which is what I mean when I said that I understand why they don't improve it. But that's also the reason why I don't use them anymore I'm old school. I want a powerful Signature (sig, Heuristic, cloud) line of defense first.

But that's just me.

 

[AtlBo]

What about a reverse angle on sigs? What if Comodo actually were stepping up their detection capabilities in order to better refine whitelisting for Cloud Lookup? They could just as easily deemphasize a-v sigs they come up with focusing on better "after the fact" detection via Valkyrie or Viruscope and then more or less keep everything else the same (actually including poor detection by testing standards). Not that Cloud Lookup is unreliable now, although I am aware of the errors in the past. Also, not that poor detection is a noble thing. It's just why have a huge database of sigs if there isn't any chance of them being needed.

I guess what I am saying is maybe Comodo is not really going to try to out a-v anyone. The newest recognizer is in testing, so with that happening, maybe it's their largest intention to simply improve reliability with Cloud Lookup and its whitelisting. OK, if they find new sigs along the way fine for the a-v, but they could stick to an improved high priority "hot list" of a-v sigs if all goes well with Valkyrie/Viruscope. Don't think the program would lose any credibility.