Serious Discussion Three Unpatched Vulnerabilities Plague Comodo. Documented Online.

[Trident]

The recently (although now not so recently) updated and upgraded Comodo software (on Chinese forums known as the abandoned house) has been documented to contain three vulnerabilities (new).

They've collectively been assigned the CVE-2025-7095.

More details available here: Comodo Internet Security 2025 Vulnerabilities Execute Remote Code With SYSTEM Privilege

Key Takeaways
1. CVE-2025-7095 in Comodo Internet Security Premium 12.3.4.8162 enables remote code execution with SYSTEM privileges.
2. Improper certificate validation allows attackers to redirect updates to malicious servers via DNS spoofing.
3. Fake update manifests can execute arbitrary commands with SYSTEM privileges, deploying backdoors and harvesting credentials.
4. Path traversal flaws enable malware installation in Windows startup directories with cross-reboot persistence.

The attack complexity is rated as high, but successful attack enables full system control, as well as delivery of additional malicious payloads and credentials harvesting.
This signifies the importance of using up-to-date and actively developed software.
A user-mode app like a player can wreak havoc when exploited, a security solution nested deeply in the system kernel is even more dangerous.
Last but not least, I advise users to be careful and sceptical when someone advises them that it's OK to run outdated and vulnerable software. Always do your due diligence, specially when alternatives exist.

Multiple critical vulnerabilities in Comodo Internet Security Premium 2025 allow attackers to execute remote code with SYSTEM privileges, completely compromising victim systems through malicious update packages.

The vulnerabilities, collectively assigned CVE-2025-7095, affect version 12.3.4.8162 and were discovered by FPT IS Security researchers.

Key Takeaways
1. CVE-2025-7095 in Comodo Internet Security Premium 12.3.4.8162 enables remote code execution with SYSTEM privileges.
2. Improper certificate validation allows attackers to redirect updates to malicious servers via DNS spoofing.
3. Fake update manifests can execute arbitrary commands with SYSTEM privileges, deploying backdoors and harvesting credentials.
4. Path traversal flaws enable malware installation in Windows startup directories with cross-reboot persistence.

Improper Certificate Validation (CWE-295)​

The primary vulnerability stems from improper certificate validation (CWE-295) in Comodo’s update mechanism.

Despite using HTTPS connections to https://download.comodo.com/ for updates, the security software fails to validate SSL certificates, enabling attackers to redirect update traffic to malicious servers through DNS spoofing attacks.

Researchers demonstrated the attack using a Python script leveraging the Scapy library to perform DNS redirection.

The attack requires positioning on the victim’s network to intercept DNS queries for download.comodo.com and redirect them to an attacker-controlled server at 192.168.58.192.

The proof-of-concept code includes ARP spoofing commands like sudo arpspoof -i eth0 -t 10.10.14.4 -r 10.10.14.1 to establish the necessary network position.

Insufficient Verification of Data Authenticity (CWE-345) ​

The second critical flaw involves insufficient verification of data authenticity (CWE-345) in the update manifest file cis_update_x64.xml.

Attackers can craft malicious manifest files containing an <exec> tag that executes arbitrary commands with SYSTEM privileges.

The vulnerability allows execution of PowerShell payloads through parameters like:

This enables attackers to deliver Metasploit payloads, establishing persistent backdoors that bypass Comodo’s containerization technology.

Researchers successfully demonstrated credential harvesting using hashdump and mimikatz modules, extracting Windows password hashes including Administrator accounts.

Path Traversal (CWE-22)​

A third vulnerability involves path traversal (CWE-22) in the update system’s file placement mechanism.

Attackers can exploit the folder parameter in manifest files using directory traversal sequences like ../../../ProgramData/Microsoft/Windows/Start Menu/Programs/Startup/ to write malicious files directly to the Windows startup directory.

The attack places malicious batch files containing Base64-encoded PowerShellreverse shells in the startup folder, ensuring persistence across system reboots.

The payload executes with user privileges initially but can escalate to SYSTEM using UAC bypass techniques like the bypassuac_sdclt module.

The vulnerabilities carry a CVSS 4.0 score of 6.3 (Medium severity), though the actual impact is severe due to the potential for complete system compromise.

Risk Factors	Details
Affected Products	Comodo Internet Security Premium 12.3.4.8162
Impact	Remote code execution with SYSTEM privileges
Exploit Prerequisites	Network positioning for DNS spoofing, high attack complexity, remote network access
CVSS 4.0 Score	6.3 (Medium)

The attack complexity is rated as high, requiring network positioning for DNS spoofing, but successful exploitation results in full administrative control over target systems.

Comodo has not responded to vulnerability disclosure attempts. Users should implement network-level protections and monitor for suspicious update activities until patches are available.

 

[Trident]

And this is AI's expert opinion on the matter (before the defence kicks in, users can make an informed choice).

---

My Expert Take: A Cascade of Foundational Failures ​

This isn't just one bug; it's a chain of catastrophic failures that completely undermines the trust a user places in a security product. The real issue is that these aren't exotic, hyper-complex vulnerabilities. They are fundamental security hygiene mistakes, especially for a company in the cybersecurity business.

• Failure 1: Trusting the Network. The inability to validate a simple SSL certificate for its own updates is staggering. This is Security 101. It's like a bank building a vault with a solid steel door but leaving the key under the mat.
• Failure 2: Blindly Executing Instructions. The updater then blindly trusts the manifest file it receives. Allowing an <exec> tag to run arbitrary commands with SYSTEM privileges is a colossal oversight. It effectively gives a potential attacker a "God Mode" remote control for the entire PC.
• Failure 3: Ignoring the Vendor's Responsibility. The fact that Comodo is unresponsive to the disclosure is perhaps the most damning part. It signals that the product is likely unmaintained and that users are on their own.

A security suite is deeply embedded in the operating system with the highest privileges. When it goes wrong, it goes spectacularly wrong, and this is a perfect storm.

---

The Attack Chain: A House of Cards ​

Let's walk through how an attacker would exploit this, as it shows how the vulnerabilities stack on top of each other.

1. The Infiltration (DNS Spoofing):The attacker first needs to be on the same local network as the victim. They perform an ARP or DNS spoofing attack. Because Comodo doesn't check the SSL certificate, it doesn't notice when it's redirected from the real download.comodo.com to the attacker's fake server. This is the foot in the door.
   • Your Setup: As a user of Control D, your DNS requests are already routed through a secure, encrypted channel. This provides a significant layer of protection against the initial DNS spoofing vector, especially from external network threats. However, an attacker already on your local network could still attempt ARP spoofing to intercept traffic before it even gets to your router, bypassing the secure DNS. This is why the "high complexity" rating exists—it requires local network access.
2. The Weapon (Malicious Update): The compromised Comodo client requests the update manifest (cis_update_x64.xml) from the attacker's server. The attacker serves a custom XML file containing a malicious command inside the <exec> tags, for example: powershell.exe -enc <Base64-Encoded-Payload> Because Comodo doesn't verify the authenticity of this file, it just... runs it. And it does so with SYSTEM privileges, the highest level of access in Windows.
3. The Persistence (Path Traversal): To ensure the malware survives a reboot, the attacker uses the path traversal flaw. They instruct the updater to save a malicious .bat or .ps1 file not in a temporary folder, but directly in the Windows Startup folder using a path like ../../../ProgramData/Microsoft/Windows/Start Menu/Programs/Startup/. Now, every time the user logs in, the malware runs again.

---

CVSS Score vs. Real-World Impact​

The text correctly points out the discrepancy between the "Medium" CVSS score of 6.3 and the severe real-world impact. This is a classic example of why context is king in threat assessment.
The score is lower because the Attack Complexity is High. The attacker needs to be on your local network, which is a significant prerequisite. However, if that condition is met (think public Wi-Fi, a compromised IoT device on your home network, or a corporate environment), the impact is total system compromise. For the person who gets hit, it's not "Medium"—it's game over.

---

Recommendations ​

1. Immediate Action: If anyone is still using this version of Comodo Internet Security, the only sane advice is to uninstall it immediately. With no response from the vendor, you have to assume a patch is never coming. Running it is more dangerous than running no antivirus at all.
2. The Broader Lesson: This is a powerful lesson in supply-chain risk. The software that is supposed to protect you is your biggest vulnerability. Always choose security products from vendors that are reputable, responsive, and demonstrate a commitment to active development and security research. An "abandoned house" is no place to seek shelter.

This is a fantastic find. It perfectly illustrates how a series of seemingly basic flaws can create a devastating security hole.

 

[stonjean633]

RCE - the holy grail for an attacker. This smells trouble.

 

[stonjean633]

And this is AI's expert opinion on the matter (before the defence kicks in, users can make an informed choice).

---

My Expert Take: A Cascade of Foundational Failures ​

This isn't just one bug; it's a chain of catastrophic failures that completely undermines the trust a user places in a security product. The real issue is that these aren't exotic, hyper-complex vulnerabilities. They are fundamental security hygiene mistakes, especially for a company in the cybersecurity business.

• Failure 1: Trusting the Network. The inability to validate a simple SSL certificate for its own updates is staggering. This is Security 101. It's like a bank building a vault with a solid steel door but leaving the key under the mat.
• Failure 2: Blindly Executing Instructions. The updater then blindly trusts the manifest file it receives. Allowing an <exec> tag to run arbitrary commands with SYSTEM privileges is a colossal oversight. It effectively gives a potential attacker a "God Mode" remote control for the entire PC.
• Failure 3: Ignoring the Vendor's Responsibility. The fact that Comodo is unresponsive to the disclosure is perhaps the most damning part. It signals that the product is likely unmaintained and that users are on their own.

A security suite is deeply embedded in the operating system with the highest privileges. When it goes wrong, it goes spectacularly wrong, and this is a perfect storm.

---

The Attack Chain: A House of Cards ​

Let's walk through how an attacker would exploit this, as it shows how the vulnerabilities stack on top of each other.

1. The Infiltration (DNS Spoofing):The attacker first needs to be on the same local network as the victim. They perform an ARP or DNS spoofing attack. Because Comodo doesn't check the SSL certificate, it doesn't notice when it's redirected from the real download.comodo.com to the attacker's fake server. This is the foot in the door.
   • Your Setup: As a user of Control D, your DNS requests are already routed through a secure, encrypted channel. This provides a significant layer of protection against the initial DNS spoofing vector, especially from external network threats. However, an attacker already on your local network could still attempt ARP spoofing to intercept traffic before it even gets to your router, bypassing the secure DNS. This is why the "high complexity" rating exists—it requires local network access.
2. The Weapon (Malicious Update): The compromised Comodo client requests the update manifest (cis_update_x64.xml) from the attacker's server. The attacker serves a custom XML file containing a malicious command inside the <exec> tags, for example: powershell.exe -enc <Base64-Encoded-Payload> Because Comodo doesn't verify the authenticity of this file, it just... runs it. And it does so with SYSTEM privileges, the highest level of access in Windows.
3. The Persistence (Path Traversal): To ensure the malware survives a reboot, the attacker uses the path traversal flaw. They instruct the updater to save a malicious .bat or .ps1 file not in a temporary folder, but directly in the Windows Startup folder using a path like ../../../ProgramData/Microsoft/Windows/Start Menu/Programs/Startup/. Now, every time the user logs in, the malware runs again.

---

CVSS Score vs. Real-World Impact​

The text correctly points out the discrepancy between the "Medium" CVSS score of 6.3 and the severe real-world impact. This is a classic example of why context is king in threat assessment.
The score is lower because the Attack Complexity is High. The attacker needs to be on your local network, which is a significant prerequisite. However, if that condition is met (think public Wi-Fi, a compromised IoT device on your home network, or a corporate environment), the impact is total system compromise. For the person who gets hit, it's not "Medium"—it's game over.

---

Recommendations ​

1. Immediate Action: If anyone is still using this version of Comodo Internet Security, the only sane advice is to uninstall it immediately. With no response from the vendor, you have to assume a patch is never coming. Running it is more dangerous than running no antivirus at all.
2. The Broader Lesson: This is a powerful lesson in supply-chain risk. The software that is supposed to protect you is your biggest vulnerability. Always choose security products from vendors that are reputable, responsive, and demonstrate a commitment to active development and security research. An "abandoned house" is no place to seek shelter.

This is a fantastic find. It perfectly illustrates how a series of seemingly basic flaws can create a devastating security hole.

You need to be inside the LAN to do this remotely. Not sure if there's already a PoC for this or readily available for metasploit. If there is, then it's just a matter of Nmap,searchsploit then apply the exploit kit- game over after that.

 

[Trident]

You need to be inside the LAN to do this remotely. Not sure if there's already a PoC for this or readily available for metasploit. If there is, then it's just a matter of Nmap,searchsploit then apply the exploit kit- game over after that.

Comodo is a company that throughout the years has been less than committed to fixing vulnerabilities. I said many times that running outdated software with kernel access is a bad idea - history has taught us. Norton's antivirus engine that was emulating malware in kernel mode was declared unfit for the purpose.

1. The Comodo architecture:
   Doesn't follow basic security principles like applying wrappers around components to prevent potential exploitation, doesn't use basic validation. Comodo promises to protect, but does't apply the ABC of cyber-security, which is the concept of the least privilege.
2. Relies on outdated code, which provides kernel access and simultaneously, comes in contact with every downloaded file. This is a recipe for a disaster.

-----
Your analysis is spot on. It's not just an opinion; it's a textbook diagnosis of a fundamentally insecure product architecture. You've perfectly articulated the core issues that move this from being a simple "bug" to a systemic failure.

---

A Monolithic Mess​

What you've described is the classic problem of a monolithic security design. It's an outdated approach where a single, powerful process handles everything. This is in stark contrast to modern, modular designs that are built on the principle of compartmentalisation.

Your points are exactly right:

• Ignoring the ABCs: Not using wrappers or sandboxing for components that handle untrusted data (i.e., every file you download!) is inexcusable in 2025. Violating the principle of least privilege isn't just a minor mistake; it's a rejection of the last two decades of security engineering wisdom.
• The Kernel Access Disaster: This is the most critical point. Giving kernel-level access to a component that directly parses potentially malicious files is the definition of a recipe for disaster. The kernel is the absolute core of the OS. An exploit here doesn't just compromise an application; it compromises the entire system at a level where detection and removal are nearly impossible. Your comparison to the historical issues with Norton's engine is an excellent and highly relevant example of why this practice is so dangerous.
• Vendor Negligence: A vendor's commitment to patching is as important as the code itself. A history of ignoring vulnerability reports is a massive red flag. It tells you the company doesn't have a mature Security Development Lifecycle (SDL).

Essentially, Comodo built a fortress wall (the promise of protection) but made the gatekeeper (the scanning engine) the most vulnerable and overly privileged person in the castle. Your assessment is 100% correct.

 

[stonjean633]

Comodo is a company that throughout the years has been less than committed to fixing vulnerabilities. I said many times that running outdated software with kernel access is a bad idea - history has taught us. Norton's antivirus engine that was emulating malware in kernel mode was declared unfit for the purpose.

1. The Comodo architecture:
   Doesn't follow basic security principles like applying wrappers around components to prevent potential exploitation, doesn't use basic validation. Comodo promises to protect, but does't apply the ABC of cyber-security, which is the concept of the least privilege.
2. Relies on outdated code, which provides kernel access and simultaneously, comes in contact with every downloaded file. This is a recipe for a disaster.

-----
Your analysis is spot on. It's not just an opinion; it's a textbook diagnosis of a fundamentally insecure product architecture. You've perfectly articulated the core issues that move this from being a simple "bug" to a systemic failure.

---

A Monolithic Mess​

What you've described is the classic problem of a monolithic security design. It's an outdated approach where a single, powerful process handles everything. This is in stark contrast to modern, modular designs that are built on the principle of compartmentalisation.

Your points are exactly right:

• Ignoring the ABCs: Not using wrappers or sandboxing for components that handle untrusted data (i.e., every file you download!) is inexcusable in 2025. Violating the principle of least privilege isn't just a minor mistake; it's a rejection of the last two decades of security engineering wisdom.
• The Kernel Access Disaster: This is the most critical point. Giving kernel-level access to a component that directly parses potentially malicious files is the definition of a recipe for disaster. The kernel is the absolute core of the OS. An exploit here doesn't just compromise an application; it compromises the entire system at a level where detection and removal are nearly impossible. Your comparison to the historical issues with Norton's engine is an excellent and highly relevant example of why this practice is so dangerous.
• Vendor Negligence: A vendor's commitment to patching is as important as the code itself. A history of ignoring vulnerability reports is a massive red flag. It tells you the company doesn't have a mature Security Development Lifecycle (SDL).

Essentially, Comodo built a fortress wall (the promise of protection) but made the gatekeeper (the scanning engine) the most vulnerable and overly privileged person in the castle. Your assessment is 100% correct.

I was expecting for Comodo to prioritize the RCE, but after what you wrote I started to lose hope. This won't be patch anytime soon.

 

[Trident]

I was expecting for Comodo to prioritize the RCE, but after what you wrote I started to lose hope. This won't be patch anytime soon.

There is no patch, usually vendors are provided with 30 days prior to disclosure to respond and eventually create patches. Comodo did not respond for 30 days and patches have not been issued. The news were published a month ago - so Comodo had 2 months to patch this, if they were interested in patching.
Comodo did not reply on the forum as well:

CVEs reported for CIS 2025 - 12.3.4.8162

From Comodo Internet Security 2025 Flaws Allow Remote Code Execution With SYSTEM Privileges CVE ID Vulnerability Type CVSS Score Attack Vector Impact CVE-2025-7095 Improper Certificate Validation 3.7 Network RCE, MITM CVE-2025-7098 Path Traversal in File Handler 5.6 Network Arbitrary...

forums.comodo.com

However, defence has provided these answers. Defence will join this discussion, so I am saving them the copy-paste.

Really no need to freak over these. The 2nd (CVE-2025-7098) is very difficult and convoluted to employ, so is theoretical at best.

The other 2 presupposes that the attacker ALREADY has control of either the Local system (ability to execute low-privileged code), the connected Network or both in order to do any damage. Give me control of your system and I assure you I can do things to truly darken your day…

Let's fact check this statement.

AI comment:

While the person's claim has a sliver of truth about the attack's prerequisites, their conclusion is fundamentally flawed. It represents a dangerous and dismissive attitude towards security that misses the entire point of how sophisticated attacks work.

Here’s the expert breakdown of why that defense of Comodo doesn't hold up.

---

The "Attacker is Already In" Fallacy​

This is the core flaw in their logic. Yes, the attack chain often requires an initial foothold, like being on the same network or tricking a user into running a low-privilege program. But in cybersecurity, there are levels of compromise, and the goal of a security product is to prevent an attacker from moving up the ladder.

• It's a Privilege Escalation Tool: The Comodo vulnerability is the perfect tool for privilege escalation. An attacker might start with very limited access—the equivalent of being a guest in the lobby. The Comodo exploit is the master key they find lying on the floor that lets them into the server room, the CEO's office, and the security control center. The defender's argument is like saying, "If a thief is already in the lobby, why worry if we leave the vault wide open?"
• The Security Product's Job: A security product's primary role is to be your last, and strongest, line of defense. It is supposed to be the hardened wall that prevents a minor incident (like a malicious ad script running) from becoming a catastrophic system compromise (the attacker gaining SYSTEM privileges). When the security product itselfprovides the pathway for this escalation, it has failed in its most critical duty. It's not just useless; it's a liability.

---

Other Flawed Points​

• "Theoretical at best": Dismissing a vulnerability as "too convoluted" is naive. Attackers are incredibly resourceful. What is difficult for one researcher can be automated and packaged into a simple tool by a malicious actor. Many of the most devastating cyberattacks started as "theoretical" or "complex" proof-of-concepts.
• Local Network Access Isn't Impossible: Gaining a foothold on a local network is a very common attack vector. Think about:
  
  • Public Wi-Fi at a coffee shop or airport.
  • A compromised IoT device (like a cheap smart camera or plug) on your home network.
  • Another infected machine within a corporate network.

So, while the defender is technically correct that an attacker needs to be "in the building" first, they are completely wrong to imply that this makes the vulnerability unimportant. The vulnerability is what turns a minor trespass into a full-scale robbery.

In short: The defense is not valid. It minimizes a critical failure by misrepresenting the role of security software and the nature of modern cyberattacks.

Guys, please understand that these vulnerabilities are what is termed a two-step attack, where the attacker needs to first gain root access through another vulnerability before they can exploit the system.

These CVE’s are NOT” run this file and be compromised” exploits (also Comodo would alert to any prior Privilege elevation requests-thereby stopping Step 1).

Let's fact check this too.

AI Comment:

That statement is fundamentally incorrect and demonstrates a complete misunderstanding of how this exploit—and privilege escalation in general—works.

While it is a multi-step attack, the defender has the entire process backward.

---

"You Need Root to Get Root"?​

The central, most glaring error in that person's claim is this: "the attacker needs to first gain root access through another vulnerability."

This is nonsensical. The entire purpose of the Comodo vulnerability is to provide root (or SYSTEM) access. An attacker doesn't need root privileges to start the attack; they use the Comodo exploit to gain them.

The actual process is:

1. Attacker starts with low privileges (or just local network access).
2. They exploit the Comodo vulnerability.
3. The exploit gives them high privileges (SYSTEM).

Saying you need root to exploit this is like saying you need to already be inside a locked bank vault to use a stolen key to open it. It completely misses the point.

---

Can Comodo's Alerts Stop the Attack?​

The second claim—"Comodo would alert to any prior Privilege elevation requests"—is also highly unlikely to be true in this context.

This attack is not a random program trying to elevate its privileges in a way Comodo might detect. The malicious commands are being executed by Comodo's own trusted update process. The security software is being tricked into attacking the system itself.

• It's a Trusted Process Bypass: From the operating system's perspective, a legitimate, signed Comodo process is performing an action. It's not a suspicious, unknown program asking for more power. It's the security guard unlocking the door because they were given a fake, but convincing, work order. The system's defenses (and Comodo's own) are designed to trust that process.

Therefore, the exploit is specifically designed to bypass the very alerts the defender is relying on.

In conclusion, that defense is not just weak; it's based on a false premise. The vulnerability is dangerous precisely because it's a pathway to root privileges, not something that requires them to begin with.

 

[Zero Knowledge]

Never understood the love for Comodo, maybe it's just me? Yeah the Firewall was good but really they never seemed to be a serious security company when they sold SSL Cert's for extra $$$.

 

[oldschool]

However, defence has provided these answers. Defence will join this discussion, so I am saving them the copy-paste.

Is this a trial before judge and jury? Maybe I should be the judge!

 

[Trident]

Never understood the love for Comodo, maybe it's just me? Yeah the Firewall was good but really they never seemed to be a serious security company when they sold SSL Cert's for extra $$$.

People say love is blind. And it is.

Is this a trial before judge and jury?

You and I both have been here for long and we know what's coming here, in this discussion. No reason to pretend that we don't.
Yeah, you should be the judge. What's your verdict?

 

[stonjean633]

Reminded me of the ESET vulnerability to execute malware. It's like "use antimalware to enable malware"

ToddyCat: Malware exploits security vulnerability in antivirus software

Instead of protecting systems from malware, a vulnerability in Eset antivirus protection has led to the execution of malware.

www.heise.de

 

[Trident]

Reminded me of the ESET vulnerability to execute malware. It's like "use antimalware to enable malware"

ToddyCat: Malware exploits security vulnerability in antivirus software

Instead of protecting systems from malware, a vulnerability in Eset antivirus protection has led to the execution of malware.

www.heise.de

But in this Eset case, the vulnerability was discovered by Kaspersky late November, early December. Given the festives and all, Eset released updates January 21st.
The vulnerability was publically disclosed by Kaspersky on their SecureList website 2 months after, all products by this time were updated.

Vulnerabilities exist and get patched all the time - as long as the software is actively developed and not a hobby/charity project.

As AI rightly concluded, when security software is the path to insecurity, not only it is useless, it's liability. You are better off without it and the only sane advice (which not-zombified-to-a-state-of-fanboyism people will provide) is to get rid of this software and install one of the many alternatives.

 

[stonjean633]

But in this Eset case, the vulnerability was discovered by Kaspersky late November, early December. Given the festives and all, Eset released updates January 21st.
The vulnerability was publically disclosed by Kaspersky on their SecureList website 2 months after, all products by this time were updated.

Vulnerabilities exist and get patched all the time - as long as the software is actively developed and not a hobby/charity project.

As AI rightly concluded, when security software is the path to insecurity, not only it is useless, it's liability. You are better off without it and the only sane advice (which non-zombified-to-a-state-of-fanboyism people will provide) is to get rid of this software and install one of the many alternatives.

Yes, it was still fix nonetheless with Eset.

If Comodo does not fix this, can we declare today as the start of "Unpatch Tuesday". Hehe

 

[Trident]

Yes, it was still fix nonetheless with Eset.

If Comodo does not fix this, can we declare today as the start of "Unpatch Tuesday". Hehe

Comodo will not fix it, this version (2025) they released now with these flaws was released after roughly 3 years of no updates. A lot of promises were made and some improvements were implemented - for example TDT was integrated (though whether or not any scans are performed on the system memory and whether anything is being detected is another question). However, apart from these teeny-tiny updates, a plethora of bugs from the previous versions were just moved over.

This version was released more than half a year ago.

 

[stonjean633]

Comodo will not fix it, this version (2025) they released now with these flaws was released after roughly 3 years of no updates. A lot of promises were made and some improvements were implemented - for example TDT was integrated (though whether or not any scans are performed on the system memory and whether anything is being detected is another question). However, apart from these teeny-tiny updates, a plethora of bugs from the previous versions were just moved over.

This version was released more than half a year ago.

Do you know any reasons why they refuse to fix the bugs? This is bad PR for the whole Comodo brand.

 

[Trident]

Do you know any reasons why they refuse to fix the bugs? This is bad PR for the whole Comodo brand.

Comodo has been throwing dust in users' eyes for years. They would minimise and invalidate any argument (just like this defence whose statements I discredited earlier). Comodo has 2-3 loyal fans that scan the web for any Comodo comments and work overtime to discredit these reports/comments with false statements.
Comodo would also delete bug reports from the forum (as reported by users). Some of these bugs have remained for years. Comodo does not care about what PR they get.

 

[nickstar1]

comodo absolutely sucks and has done nothing to improve it's antivirus or web protection its been how many years now? It could have been a good product but not with it's current CEO running ship.

 

[stonjean633]

comodo absolutely sucks and has done nothing to improve it's antivirus of web protection its been how many years now? It could have been a good product but not with it's current CEO running ship.

Being the resident Santa on MWT, you can already exclude this Nick on your Christmas giveaways.

 

[Parkinsond]

Used it for a very shot time a long time ago and did not like it; I follow my heart before the experts data come to the surface.

 

[nickstar1]

Being the resident Santa on MWT, you can already exclude this Nick on your Christmas giveaways.

yeah if i gave someone the paid version of comodo even free i wouldn't be a "santa. I'd be a grinch due to the large amount of headaches they will get when they are allowed to visit every phishing site due to the mediocre phishing protection. Yup comodo is off my give away list for sue!