Should Comodo users stop using Comodo?

[Antig]

Cruelsister vs the Wild Bunch.
It seems to me that cruelsister-being super partes from a commercial point of view-and because of what she did in the past,is much more credible than most.
No need to repeat the same old considerations over again,perhaps the people understand the tactics employed by firms in times of economic crisis.

 

[Andy Ful]

Are those CVE's related to ARP?

For home use anti-ARP spoofing doesn't make much sense (leave it disabled) as an ARP attacker should have physical access to your network which is unlikely in home situation.

Yes, at least one of them:

Serious Discussion Post in thread 'Three Unpatched Vulnerabilities Plague Comodo. Documented Online.'

Sep 17, 2025

Hey there! I'm the researcher that found the RCE in Comodo! I didn't see this topic just until now. I want to fully break down about this (just for fun and to share techical details )
- Comodo doesn't have any intergrity check whatsoever. That means threat actor can easily create fake update server. There are other defense mechanisms but can be bypassed to make a full chain attack.
- The 1 mechaism is binary signing. Comodo verifies ANY PE file. Funny enough, I just used powershell script to bypass this. That was hilarious.
- The connection is using HTTPS. However, update client of...

• dmknght

• 
• 

 

[Andy Ful]

6). All I request (and have requested for a long time) is a single file hash showing that CF sucks. After hundreds of negative posts over numerous threads I don't feel that this is too much to ask.

Such a request is natural from your side, and it is also natural that I will not do it for practical reasons.

If you think about CF only, I can post you the POC that abuses Trusted EXE to run an Unknown DLL without containment. This will be a bypass of autocontainment, but not a full bypass of CF protection. This attack vector is well known, and examples can be found on the web. However, @Loyisa already made a video showing the example of such an attack against CIS (not the first video, but the video without bypassing containment).

The case of malware in the wild is much more complex because most malware is ineffective after one day.
The only practical method would be to modify the malicious DLL, recreate the custom URL, etc. However, this requires installing a few versions of Visual Studio, researching GitHub for DLL code and malicious code, testing the code, etc. I did it at the beginning of last year, so I have simple (non-malicious) DLLs. Currently, I do not plan to create custom malware.

So I can only help you to find the malware, and you can modify it if you want to see if CF can be bypassed.

 

[Andy Ful]

You wrote "bugs". Does that imply that CF does not have real bugs?
Are these "bugs" only caused by users because they don't understand the CF settings and CF is not to blame?

Bugs are normal in any software. CF/CIS had many documented bugs in the past:

Serious Discussion Post in thread 'Three Unpatched Vulnerabilities Plague Comodo. Documented Online.'

Sep 23, 2025

Also read this, links included (not tested if they still work) Comodo CIS Bug fix policy

Thanks. Those lists are still available and not deleted, as @Tridend suspected.
If you compare the bugs listed for the prior version with the list of bugs gathered for CIS beta 12.3.1.8104, then most bugs from the first list are absent on the second.
The second list includes only 40 bugs (the rest are suggested improvements). Comodo has 6 months to remove bugs, so the number of current bugs can be significantly smaller.

All of this suggests that Comodo staff worked hard...

• Andy Ful

• 
• 

People who use CF with @cruelsister settings were unaffected by most of those bugs, so for them, they can be "bugs". That is why they like Comodo.
However, those were still bugs for Comodo staff. No one can deny that.

 

[Andy Ful]

@Trident,

Did you encounter any bugs while testing CIS 2025?
CIS users, have you encountered any bugs in the newest version?
Currently, there are only a few bugs reported for CIS 2025 (some reported issues are not bugs).

 

[bazang]

I know more users who were happy with Comodo, than those who had some issues.

The 99.9% of Comodo users all experienced issues with Comodo and consequently stopped using it and moved on in their lives, and lived happily ever after (except for the traumatized ones who remain hurt to this day).

That's why nobody hears about all their negative experiences with Comodo.

Lots of people try Comodo because of AV test lab results and Youtube promotion videos, but a tiny fraction of those that try it end up sticking with it.

 

[Andy Ful]

I think that the rules from the OP should be extended as follows:

• Removing posts does not indicate that the poster was wrong or that the staff wanted to censor the posters. Simply, it is assumed that the poster accepted the rules (including removal rules).

Furthermore, the rules should be accepted by MT staff to avoid biased threads.
Please be understanding. The hot threads usually have a short life without accepting additional rules.

 

[Trident]

@Trident,

Did you encounter any bugs while testing CIS 2025?
CIS users, have you encountered any bugs in the newest version?
Currently, there are only a few bugs reported for CIS 2025 (some reported issues are not bugs).

These are my observations after testing Comodo:

The product protection is highly centred around containment, script analysis, antivirus and VirusScope are useless. In the light of that, I will have to agree with @cruelsister . Comodo containment is a valuable security layer and can easily be ran alongside quality antivirus—tested with McAfee and Microsoft Defender with ASR rules.
However, Microsoft Defender with ASR rules and McAfee both leave very little room where the Comodo containment can shine.

Bugs: I did not experience any fatal bugs or compromised system performance. That being said, on opening applications, Comodo can draw a little bit more resources than some major AVs, however, this can easily be mitigated by turning off VirusScope monitoring for all applications.

Settings: the settings in the new version of Comodo have been refactored. Although they could still be considered advanced users affair, even for a novice user Comodo could still be configured using the pre-defined modes/postures.

HIPS: I recommend users to switch this off

Overall product quality: There are several aspects of the product which create the feeling of a low quality, starting with blurry UI, installer from the main page that has revoked signature but is still being pushed. Comodo design is rich on kernel mode drivers, there is no evidence that they cause instability though.

However, these do not affect Comodo’s ability to contain unknown/malicious code.

In conclusion, whilst Comodo can not be considered superior to other products (as many people like to believe), it could be used alongside high quality protection software that will provide everything Comodo won’t (effective behavioural analysis, effevtive web blocking) and will add automatic sandboxing.
Such security setup would be suitable for users where stakes are high (happy clickers, people with crypto-wallets) and so on.

 

[Andy Ful]

In conclusion, whilst Comodo can not be considered superior to other products (as many people like to believe), it could be used alongside high quality protection software that will provide everything Comodo won’t (effective behavioural analysis, effevtive web blocking) and will add automatic sandboxing.
Such security setup would be suitable for users where stakes are high (happy clickers, people with crypto-wallets) and so on.

This view is quite similar to mine.

 

[Halp2001]

@Trident,

Did you encounter any bugs while testing CIS 2025?
CIS users, have you encountered any bugs in the newest version?
Currently, there are only a few bugs reported for CIS 2025 (some reported issues are not bugs).

Hello, I am not an advanced user or an expert in computer security, which is why I really enjoy reading the MT forums on this topic, where people discuss and demonstrate the effectiveness or inefficiency of security software. That said, when I have used Comodo Firewall, I have used the configuration recommended by @cruelsister and have had no problems. I currently only use WHHLight (thanks @andy for making my life easier), and it's great for me, as I basically just browse the internet and don't download/install unknown software. I hope my comment hasn't strayed too far from the topic.

 

[Helmut]

These are my observations after testing Comodo:

Unfortunately, this makes my decision even more difficult. First of all, thank you for the time you took to provide such an expert opinion.
So, Comodo isn't that bad after all, and I've already gotten used to it. No, it would be easy for me to wean myself off it if a serious, demonstrable error had been pointed out, because I was almost there.
I hope @cruelsister also comments on this, not because I'm hoping for a contradiction, no, but to perhaps add a picture or better yet, simply read her opinion.
You've already gone into quite a bit of depth with your expertise, because you also had to conduct a "behavioral analysis." From my layman's perspective: Professionally done! And thanks to @Andy Ful for initiating something like this with this thread and doing so on a neutral level.

 

[cruelsister]

I hope @cruelsister also comments on this,

Try this:
1). Setup Comodo FIREWALL according to my videos (no further "tweaks")
2). Place Comodo in Silent Mode (you will get ZERO popups, just malware blocks)
3). Enable Windows Defender
4). Live a Happy and Productive Life.

(The Dogs May Bark, but the Caravan Moves On...)

 

[Trident]

The Dogs May Bark, but the Caravan Moves On

Well, hopefully I’m not classed as one of these barking dogs

 

[Andy Ful]

Anyway, a week ago, I would not have hoped for such an agreement between @cruelsister, @Trident, and @Andy Ful .

 

[Divergent]

I know that you love cats, but provoking dogs is unnecessary.
Well, both our posts should probably be corrected according to the rules of this thread.

It’s a bit ironic, when a cat taunts a confined dog, and that dog finally breaks free, it’s usually the cat that ends up in trouble, realizing it pushed too far. Its overconfidence becomes its downfall.

I say this as someone who loves all animals, but it’s difficult to feel sympathy for those who continuously provoke others fully capable of striking back.

 

[Andy Ful]

@cruelsister,

I think that Comodo can be bypassed (as many other AVs) in this supply-chain attack:

Thread 'Massive npm infection: the Shai-Hulud worm and patient zero'

Sep 25, 2025

Shai-Hulud worm infects npm packages

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

securelist.com

• Khushal
• Replies: 2
• Forum: News Archive

• 
• 

The malicious JavaScript script runs in the context of Trusted executable node.exe (Cscript and Wscript are not used).

 

[Andy Ful]

@Divergent,

It is partially my fault. My post contradicted the rules of this thread, so I deleted it.
If @cruelsister is a peaceful and kind person, as I think she is, she will correct her post too.

 

[Trident]

It’s ok, I like a bit of fight anyway

No need to correct the post.

Just be mindful that the dog is a pitbull.

Anyway, that’s an expression, we have it where I come from.

 

[Pico]

And the CF settings should be MINIMAL as many of the "bugs" noted have been to enabling things that the user may not really understand.

You wrote "bugs". Does that imply that CF does not have real bugs?
Are these "bugs" only caused by users because they don't understand the CF settings and CF is not to blame?

@cruelsister,
Does latest CIS still have many unfixed bugs inherited from previous versions or doesn't have latest CIS any unfixed bugs as suggested in this thread?
I would like to hear your answer.on the above, thanks.

 

[cruelsister]

@cruelsister,

I think that Comodo can be bypassed (as many other AVs) in this supply-chain attack:

Thread 'Massive npm infection: the Shai-Hulud worm and patient zero'

Sep 25, 2025

Shai-Hulud worm infects npm packages

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

securelist.com

• Khushal
• Replies: 2
• Forum: News Archive

• 
• 

Perhaps. On the other hand, if you remember the CCleaner "Update" attack from a number of years ago, CF was able to question the validity of the malicious file as it had not gone through the additional vetting that Comodo uses prior to Whitelisting a file, whereas other AM proucts had no issue with it.

Just sayin'.