Q&A Panda Free AV and COMODO Firewall - Is this a good combo?

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
Mar 20, 2017
20
51
Operating System
Windows 10
Installed Antivirus
Kaspersky
#21
ok, Panda Free AV and Comodo Firewall....In my own personal oppinion Panda Antivirus alone is not really great and its detection update in Virustotal is a little bit slow. I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology...then it is not the right one. You can try Voodooshield + Panda Free AV or like my home computer is protected with AVG + Voodooshield. What you need to combat against new, unknown and most sophisticated malware/ransomware while protected against all known malware - is VoodooShield + any free AV. It is very rare these days hackers hack your ports directly..instead, they use targetted attacks through emails, or websites that will trick you to download and execute malware. Seriously, it is up to you as long it has all the features that you want and can really protect you against zeroday or fresh malware.
Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.
 
Mar 20, 2017
20
51
Operating System
Windows 10
Installed Antivirus
Kaspersky
#22
ok, Panda Free AV and Comodo Firewall....In my own personal oppinion Panda Antivirus alone is not really great and its detection update in Virustotal is a little bit slow. I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology...then it is not the right one. You can try Voodooshield + Panda Free AV or like my home computer is protected with AVG + Voodooshield. What you need to combat against new, unknown and most sophisticated malware/ransomware while protected against all known malware - is VoodooShield + any free AV. It is very rare these days hackers hack your ports directly..instead, they use targetted attacks through emails, or websites that will trick you to download and execute malware. Seriously, it is up to you as long it has all the features that you want and can really protect you against zeroday or fresh malware.
VoodooShield vs Cerber ransomware
- Video Review - VoodooShield vs Cerber ransomware
 

brod56

Level 12
Feb 13, 2017
556
1,563
Operating System
Windows 10
Installed Antivirus
Default-Deny
#23
Voodooshield is very bad, without self-protection cerber ransomware deactivates it and manages to pass Voodooshield, in this case COMODO Firewall is much better.
I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
 
Mar 20, 2017
20
51
Operating System
Windows 10
Installed Antivirus
Kaspersky
#24
I have to disagree. If a Cerber file has at least 1 detection in VirusTotal (very likely) Voodoshield will block it straight away.
That video presented a vulnerability which has been already fixed. That file was specifically built to bypass Voodooshield.
This can happen again if Voodooshield does not have self-protection.
 
Likes: Solarlynx

Evjl's Rain

Level 31
Verified
AV-Tester
Apr 18, 2016
2,099
14,925
Operating System
Windows 8.1
Installed Antivirus
Avast
#26
No program is perfect. Avast has self-protection, see how many ransomware get passed by it even in hardened mode.
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
 

brod56

Level 12
Feb 13, 2017
556
1,563
Operating System
Windows 10
Installed Antivirus
Default-Deny
#27
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
Yeah I know. What I'm saying is that as there could be bypasses with .exe files in Avast Hardened Mode, the same applies for Voodoshield.
Of course the chance of even getting a malware file is minimum if we use our brain and don't run uncommon extension files (js, bat, etc).
 
Likes: Sunshine-boy
Mar 11, 2017
146
340
Operating System
Windows 7
Installed Antivirus
Panda
#28
wow I like this topic. hehehhe. Application whitelisting apps are based on MD5 hash. Voodooshield alone cannot defeat known malware that can stop Voodooshield's process, so pointing out a malware can bypass Voodooshield alone is useless because it is not an Antivirus so I have to agree with that but my post is about combining with AV so Artificial Inteligence...please read properly my post so to show some Intelligence, so we are in a thread talking about a combination of AV and Blocking of network intrusion/protection against zero day malware-hacking attacks..
 
Last edited:

cruelsister

Level 33
Verified
Apr 13, 2013
2,252
13,546
#30
(Oh God, do I just hate CCAV...)

But the best way to look at adding an AV to CF should be this:

1). Let's assume the maximum protection possible with a CF is 100
2). Comodo Firewall will be termed X
3). Any addon AV will be termed Y

So we can state and third party AV addition to CF by the following equation:

X + Y = 100

the crappier the AV used (the smaller the Y value), the more work will be done by CF. The better the AV (higher Y value) the less work by CF needs to be done.

(did that make any sense at all? It's been a REALLY long day...)
 
Apr 30, 2012
689
2,280
#31
You see, Y must cover what misses X, so in most cases it happens, but not in all. Keeping the units, I would change the formula to
[ 1 - (1-X/100) * (1-Y/100) ]*100 so Y covers some gap of X but not up to 100.

(Yeah, and have rest, sister.)
 

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,473
30,686
Operating System
Windows 10
Installed Antivirus
Default-Deny
#32
Actually it really does not matter what AV will be run with Comodo (as long as there are no conflicts, of course). With no AV at all the Sandbox will do all of the work; with the best AV (fill in your favorite here) the Sandbox will do less work. Either way you will be protected and this is the goal of any security setup.
Indeed, i would only use Comodo IS or Comodo FW + Windows Defender. With Comodo, no need 3rd party AVs (unless you need a special feature).

But Panda would be fine if only for the cute panda face in the tray.
i don't know why, but i expected this kind of observation :p

I have never use Comodo firewall before..but based on the name it seems like you are focusing on Antivirus and Anti Network Instrusion combination. If it is what you are looking for from this two product..i'd say it is a good one. But if your concern is more on zero-day and unknown malware and sophisticated malware, if Comodo does not offer Application Whitelisting and Sandbox technology.
Comodo :

- AV (if Internet Security version)
- Firewall
- HIPS
- Behavior Blocker (based on rules, opposed to its HIPS)
- Full virtualization sandbox

Comodo is one of the strongest solution; if set properly, it is as good as Appguard.

if you don't know it , would be good for you to start here: Comodo
 
Mar 1, 2014
225
568
Operating System
Windows 10
Installed Antivirus
Microsoft
#33
Oh that tread has too much of formulas for my little head. :eek::D I haven't really taken a look at VoodooShield, but as far as i see it it is something which uses a blacklist/whitelist like SecurAPlus. I really believe that Comodo can do it's job alone, especially when the fileless protection (a.k.a Embedded code detection) is on as well. If you use Comodo Internet Security then you have an AV against the known threats. But why i use Avast with Comodo firewall and not Comodo IS - because of their URL:Mal checking for all software, not only browsers + intelligent stream scanning, because of the good script protection, because of the well implemented SSL scanning, because of the AvEmUpdate and their fast monthy agile way of development, because of the extensive beta testing. Also because of the multiple layer model they use and the fact that i like such models. Because of the very promising CyberCapture (what they are trying to do is to create something like Panda's paid Adaptive Defense but for free although they need more work). This is a very solid combo, but not at all paranoid, very easy to use when you know your way around it. No protection is 100 percent secure, it might be penetrable by state-sponsored hackers, but i don't pretend i am something more than a normal person and don't really believe that it is so much important to spend that much time to penetrate it. Good and very light additions are Malwarebytes Anti-Exploit Premium and 0patch + KC Software's SUMo. Though there is an incompatibility with Comodo and 0patch for now which is currently being worked on.
 
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#34
self-protection has nothing to do with malware protection
ransomwares can bypass hardened mode because HM does not work with script files (.vbs, .js., .hta,...) just .exe. The bypasses came from scripts. Not many .exe malwares have bypassed avast as far as I observed
=> Hardened mode + disabling Windows script host + remind your self never execute any .vbs, .hta, .js, .jsw, or even .cmd,... => you are pretty much protected
Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
 
Last edited:
Likes: Sunshine-boy

Evjl's Rain

Level 31
Verified
AV-Tester
Apr 18, 2016
2,099
14,925
Operating System
Windows 8.1
Installed Antivirus
Avast
#35
Ever experienced malware somehow reactivating or bypassing WSH when it's disabled? Apparently there's a way to bypass powershell if it's disabled via registry so I was wondering if there's any similar bypass for WSH.
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
 
Likes: Sunshine-boy
Apr 1, 2017
1,365
5,987
Operating System
Windows 10
Installed Antivirus
ESET
#36
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
lol even god can't enable it again:p
 
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#37
malwares may change the registry key and re-enable WSH and powershell. It's definitely possible
I'm aware of this problem so I used process lasso to disallow those processes + used firewall to block them connecting to the internet + (blacklist the process in the AV or rename the extension of the processes)
Got it. I'd imagine malware would probably have to do something real fancy to be able to execute with aggressive hardened mode enabled and WSH disabled anyway. I'm running this setup at the moment since CF died on me. I should probably disable powershell too just to be sure. (Even if it won't be able to drop its payload I say better safe than sorry. :p)
 
Last edited: