AV Test MalwareTips - Comodo Report - November 2016

AtlBo

Level 24
Joined
Dec 29, 2014
Messages
1,390
Antivirus
Qihoo 360
#6
Comodo is living up to its reputation in this test. CIS should make users seeing this feel great confidence.

Excellent presentation and breakdown of the data and of test program settings. Anyone can read and understand the results. As Yash Khan says, outstanding work and thanks.
 

Der.Reisende

Level 35
Trusted
AV-Tester
Joined
Dec 27, 2014
Messages
2,460
OS
Windows 10
Antivirus
Tencent
#10
what might have caused the one infection? Because it was not in proactive config?
The auto-sandbox didn't work on that sample. However both me and another member retested, and the sample was sandboxed fine (just before and after accepting UAC). No idea what went wrong.

Thank you both @Yash Khan and @AtlBo for your kind words, I hope I yam keep the standard :)
I switched to testing Dr. Web just because I was so tempted and couldn't find much on it. And as @Av Gurus said, it's hard to get infected with the sandbox working :)
CIS was also incredibly light on my system.
As for false positives, as long as the software is in the endless list of trusted vendors, you'll hardly see one. I had only one when a non-trusted game tried to access the Steam client to run (I bought it via Steam). Both were then autosandboxed.
 

Sven

Level 10
Joined
Nov 5, 2013
Messages
469
OS
Windows 7
Antivirus
Zemana
#13
@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
 

Der.Reisende

Level 35
Trusted
AV-Tester
Joined
Dec 27, 2014
Messages
2,460
OS
Windows 10
Antivirus
Tencent
#14
Great job :) Thanks for sharing!
Thank you :)

thanks for explanations, and thanks for the dedicated testing.

if HIPS had been enabled, what do you think would have happened?
alternatively, if COMODO had been in proactive config, do you think that would have made a difference?
You're welcome :)
I have tried HIPS for a very short time (~3 packs), messages did not appear very often. However, it seems as many malicious actions get blocked silently in the background, which makes it hard to track them down. With auto-sandbox, you can watch the samples rolling out their actions, as long as they don't detect the virtual environment, making them autoterminate.

@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
You're welcome :)

I only turned the "auto-sandbox" exclusion for shared folders and the download folder off, as some ransomware scripts managed to hit other script files within the samples folder regardless sandboxing, however anything else was safe. As this was kinda annoying, I asked for help in the Comodo forum and was suggested to do exactly that.
Here's the bug report:
Malware vs Comodo Containtment ! - News / Announcements / Feedback - CIS

I did not alter the setting for auto-sandboxing, e.g. to "restricted", which should lead to anything crashing on run not being trusted and auto-sandboxed.

Yes, Comodo sandbox is easy to use but incredible powerful :) And their firewall is pretty talkative, perfect if you want to observe services calling out :)

As for installation, you have the option to "custom" install, I unticked the box to "show less alerts".

Everybody thank you for reading and showing so much interest :)
 

Similar Threads

Similar Threads