AV Test MalwareTips - Comodo Report - November 2016

Discussion in 'Comodo' started by BoraMurdar, Dec 15, 2016.

  1. BoraMurdar

    BoraMurdar Super Moderator
    Staff Member

    Aug 30, 2012
    5,784
    22,531
    Doctor of medicine
    Serbia
    Windows 10
    Emsisoft
    Due to the small number of samples used in these tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.​

    Comodo Internet Security Premium November 2016-page-001.jpg Comodo Internet Security Premium November 2016-page-002.jpg

    PDF

    All credits to @Der.Reisende
     
  2. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,307
    5,778
    Far East
    Comodo really shines this time
     
    SHvFl, BoraMurdar, davisd and 5 others like this.
  3. Der.Reisende

    Der.Reisende Level 32
    Trusted AV Tester

    Dec 27, 2014
    2,198
    23,507
    Tax Officer
    Germany
    Windows 10
    Quick Heal
    As long as the sandbox works, unbeatable :)
    HIPS are very difficult to show off. As for signature detection, better choose anything else next to it, for example Qihoo :)

    Thank you @BoraMurdar for sharing:)
     
    Sunshine-boy, Parsh, Hector1 and 16 others like this.
  4. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,307
    5,778
    Far East
    I've just installed the BD free AV (in place of WD) and waiting for CFW v10 to be released
     
    Parsh, SHvFl, Der.Reisende and 4 others like this.
  5. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    BoraMurdar, Thank You for the report & your time to do & share this.

    Der.Reisende, I like your tests...You give excellent test details...Thank You for the tests, hard work & your time.
     
    Parsh, SHvFl, Der.Reisende and 5 others like this.
  6. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,519
    Qihoo 360
    Comodo is living up to its reputation in this test. CIS should make users seeing this feel great confidence.

    Excellent presentation and breakdown of the data and of test program settings. Anyone can read and understand the results. As Yash Khan says, outstanding work and thanks.
     
    Sunshine-boy, Parsh, SHvFl and 5 others like this.
  7. Coder

    Coder Level 1

    Sep 6, 2015
    16
    41
    sweden
    Windows 7
    Default-Deny
    To bad it isn't right configured, then it would have been 100%
    But thats not bad with default settings.
     
    SHvFl and Der.Reisende like this.
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,294
    13,682
    Utopia
    what might have caused the one infection? Because it was not in proactive config?
     
    SHvFl and Der.Reisende like this.
  9. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    Comodo is always good and put everything in sandbox (this is good if you test malware files but...) because of that I suggest that we make a False Positive test also...but others say no.
     
    Sunshine-boy, Parsh, SHvFl and 2 others like this.
  10. Der.Reisende

    Der.Reisende Level 32
    Trusted AV Tester

    Dec 27, 2014
    2,198
    23,507
    Tax Officer
    Germany
    Windows 10
    Quick Heal
    The auto-sandbox didn't work on that sample. However both me and another member retested, and the sample was sandboxed fine (just before and after accepting UAC). No idea what went wrong.

    Thank you both @Yash Khan and @AtlBo for your kind words, I hope I yam keep the standard :)
    I switched to testing Dr. Web just because I was so tempted and couldn't find much on it. And as @Av Gurus said, it's hard to get infected with the sandbox working :)
    CIS was also incredibly light on my system.
    As for false positives, as long as the software is in the endless list of trusted vendors, you'll hardly see one. I had only one when a non-trusted game tried to access the Steam client to run (I bought it via Steam). Both were then autosandboxed.
     
  11. Great job :) Thanks for sharing!
     
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,294
    13,682
    Utopia
    thanks for explanations, and thanks for the dedicated testing.

    if HIPS had been enabled, what do you think would have happened?
    alternatively, if COMODO had been in proactive config, do you think that would have made a difference?
     
    Parsh, Yash Khan, AtlBo and 1 other person like this.
  13. Sven

    Sven Level 10

    Nov 5, 2013
    468
    1,898
    Turkey
    Windows 7
    Zemana
    @Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

    Thanks and glad to see Comodo doing great! :)
     
    Yash Khan, AtlBo and Der.Reisende like this.
  14. Der.Reisende

    Der.Reisende Level 32
    Trusted AV Tester

    Dec 27, 2014
    2,198
    23,507
    Tax Officer
    Germany
    Windows 10
    Quick Heal
    Thank you :)

    You're welcome :)
    I have tried HIPS for a very short time (~3 packs), messages did not appear very often. However, it seems as many malicious actions get blocked silently in the background, which makes it hard to track them down. With auto-sandbox, you can watch the samples rolling out their actions, as long as they don't detect the virtual environment, making them autoterminate.

    You're welcome :)

    I only turned the "auto-sandbox" exclusion for shared folders and the download folder off, as some ransomware scripts managed to hit other script files within the samples folder regardless sandboxing, however anything else was safe. As this was kinda annoying, I asked for help in the Comodo forum and was suggested to do exactly that.
    Here's the bug report:
    Malware vs Comodo Containtment ! - News / Announcements / Feedback - CIS

    I did not alter the setting for auto-sandboxing, e.g. to "restricted", which should lead to anything crashing on run not being trusted and auto-sandboxed.

    Yes, Comodo sandbox is easy to use but incredible powerful :) And their firewall is pretty talkative, perfect if you want to observe services calling out :)

    As for installation, you have the option to "custom" install, I unticked the box to "show less alerts".

    Everybody thank you for reading and showing so much interest :)
     
Loading...
Similar Threads Forum Date
thank you malwaretips community New Member Introductions Jan 5, 2018
dvnkt: Hello MalwareTips New Member Introductions Nov 24, 2017
Hello MalwareTips! Is Windows 10 tracking me? New Member Introductions Oct 3, 2017