AV Test MalwareTips - Comodo Report - November 2016

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

BoraMurdar

Super Moderator
Staff member
Aug 30, 2012
5,874
23,220
Operating System
Windows 10
Installed Antivirus
Emsisoft
#1
Due to the small number of samples used in these tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.​

Comodo Internet Security Premium November 2016-page-001.jpg
Comodo Internet Security Premium November 2016-page-002.jpg

PDF

All credits to @Der.Reisende
 

AtlBo

Level 24
Dec 29, 2014
1,380
5,454
Installed Antivirus
Qihoo 360
#6
Comodo is living up to its reputation in this test. CIS should make users seeing this feel great confidence.

Excellent presentation and breakdown of the data and of test program settings. Anyone can read and understand the results. As Yash Khan says, outstanding work and thanks.
 

Der.Reisende

Level 34
Verified
AV-Tester
Dec 27, 2014
2,353
25,663
Operating System
Windows 10
Installed Antivirus
Quick Heal
#10
what might have caused the one infection? Because it was not in proactive config?
The auto-sandbox didn't work on that sample. However both me and another member retested, and the sample was sandboxed fine (just before and after accepting UAC). No idea what went wrong.

Thank you both @Yash Khan and @AtlBo for your kind words, I hope I yam keep the standard :)
I switched to testing Dr. Web just because I was so tempted and couldn't find much on it. And as @Av Gurus said, it's hard to get infected with the sandbox working :)
CIS was also incredibly light on my system.
As for false positives, as long as the software is in the endless list of trusted vendors, you'll hardly see one. I had only one when a non-trusted game tried to access the Steam client to run (I bought it via Steam). Both were then autosandboxed.
 

shmu26

Level 57
Jul 3, 2015
4,670
14,865
Operating System
Windows 10
Installed Antivirus
Default-Deny
#12
The auto-sandbox didn't work on that sample. .
thanks for explanations, and thanks for the dedicated testing.

if HIPS had been enabled, what do you think would have happened?
alternatively, if COMODO had been in proactive config, do you think that would have made a difference?
 

Sven

Level 10
Nov 5, 2013
468
1,885
Operating System
Windows 7
Installed Antivirus
Zemana
#13
@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
 

Der.Reisende

Level 34
Verified
AV-Tester
Dec 27, 2014
2,353
25,663
Operating System
Windows 10
Installed Antivirus
Quick Heal
#14
Great job :) Thanks for sharing!
Thank you :)

thanks for explanations, and thanks for the dedicated testing.

if HIPS had been enabled, what do you think would have happened?
alternatively, if COMODO had been in proactive config, do you think that would have made a difference?
You're welcome :)
I have tried HIPS for a very short time (~3 packs), messages did not appear very often. However, it seems as many malicious actions get blocked silently in the background, which makes it hard to track them down. With auto-sandbox, you can watch the samples rolling out their actions, as long as they don't detect the virtual environment, making them autoterminate.

@Der.Reisende Thank you very much for the awesome informations! Just a question, have you made any changes to the Auto-Sandbox which may not be stated in the PDF? Did you just make it "on" and left all the subvariants as they were, or changed it to "Restricted" or something? :)

Thanks and glad to see Comodo doing great! :)
You're welcome :)

I only turned the "auto-sandbox" exclusion for shared folders and the download folder off, as some ransomware scripts managed to hit other script files within the samples folder regardless sandboxing, however anything else was safe. As this was kinda annoying, I asked for help in the Comodo forum and was suggested to do exactly that.
Here's the bug report:
Malware vs Comodo Containtment ! - News / Announcements / Feedback - CIS

I did not alter the setting for auto-sandboxing, e.g. to "restricted", which should lead to anything crashing on run not being trusted and auto-sandboxed.

Yes, Comodo sandbox is easy to use but incredible powerful :) And their firewall is pretty talkative, perfect if you want to observe services calling out :)

As for installation, you have the option to "custom" install, I unticked the box to "show less alerts".

Everybody thank you for reading and showing so much interest :)