I prefer Comodo for the reasons listed above, rather than default-allow AVs. Your and @Shadowra's tests also show Comodo protects on par with or better than leading AVs. It is very compatible with the most recent Windows. I prefer it, as I can use it effectively. The features are useful to me; I know its flaws, and I keep informed about it.
Three Unpatched Vulnerabilities Plague Comodo. Documented Online.
- Thread starter Trident
- Start date
- Status
The new Comodo version was published this year, so it would be hard to insist that it is abandoned. I agree that Comodo is neglected, compared to Xcitium.
Comodo does not improve as much as other solutions because there is no real pressure for improvements. It is highly effective in the wild without improvements. Comodo still blocks almost all FUDs without any improvements, and other AVs are constantly compromised by many FUDs, even with constant improvements. Microsoft did not improve "Windows Defender Application Control" and "Smart App Control for years". This is typical for allowlisting solutions.
I would say that Comodo development is focused not on new security improvements, but rather on keeping compatibility with Windows and removing important bugs.
Comodo does not improve as much as other solutions because there is no real pressure for improvements. It is highly effective in the wild without improvements. Comodo still blocks almost all FUDs without any improvements, and other AVs are constantly compromised by many FUDs, even with constant improvements. Microsoft did not improve "Windows Defender Application Control" and "Smart App Control for years". This is typical for allowlisting solutions.
I would say that Comodo development is focused not on new security improvements, but rather on keeping compatibility with Windows and removing important bugs.
Last edited:
The last update for Comodo was again, end of October 24. Given that it's now September, that's 10 months, almost a year of no updates.
Before that it went 3 and half years with no updates.
Comodo, relying on a simple logical template is effective. But effective doesn't equal secure, stable, performant or desired.
For many users, effectiveness causes security. Furthermore, Comodo is highly performant for those who use it.
One can say that the above features can be desired.
The Comodo stability can depend on the applied settings and other security layers. This was a reason that I stopped using it on Windows 10 and 11.
I do not think that Comodo could satisfy most users - autocontainment can cause usability problems (that is why most people prefer other solutions).
Last edited:
If I had to recommend a more usable Comodo-based free solution, it could be Comodo Firewall (Internet Security settings) + Microsoft Defender (MD).
The Internet Security settings use autocontainment limited to 3-day-old executables, which is more usable than autocontainment for unknown executables.
After 3 days, most evasive malware is well detected by MD. Furthermore, the Comodo vulnerabilities can be independently covered by MD.
Such a setup uses the best of old allowlisting and modern blacklisting approaches.
The Internet Security settings use autocontainment limited to 3-day-old executables, which is more usable than autocontainment for unknown executables.
After 3 days, most evasive malware is well detected by MD. Furthermore, the Comodo vulnerabilities can be independently covered by MD.
Such a setup uses the best of old allowlisting and modern blacklisting approaches.
Last edited:
I was wrong. The latest version was not published this year, but in December 2024. Time goes by so fast.
New Version 12.3.4.8162 Available for Comodo Internet Security 2025
New Version 12.3.4.8162 Available for Comodo Internet Security 2025 Hey everyone, We’ve got more great news! We’ve just rolled out version 12.3.4.8162 of Comodo Internet Security 2025, which introduces two major updates: Direct Upgrade from Existing Versions: You can now seamlessly upgrade...
forums.comodo.com
As I understand, Xcitium is EDR solution with built-in AV feature. So seeing untrusted DLL loaded by a process is a normal feature. But we can assume that the core mechanics are roughly the same with Comodo. There are some easy way to test:
1. Create a virtual machine, setup HTTPS website with either apache2 or nginx (it'd be very fast), then in xctium machine, modify hosts file that resolvs xcitium's domain to the virtual machine's IP. If access log of apache2 or nginx shows requests of Xcitium's update, then it has SSL vulnerability.
2. Check manifest file of Xcitium. If there's no checksum at the end of the file, then it has no integrity check.
3. If the manifest file has tag exec, likely the OS command execution is there, unless Xcitium updated the engine that handles XML data. Both command execution and path traversal requires real test (or sort of reverse engineering) to confirm.
A site note: Finding vulnerabilities is not always about money to me. Sometime, it's more like do it for fun and learn new stuff. However, when I find critical vulnerabilities and vendor doesn't care, it's just pure frustration. When I do it for free, I expect something like "Thank you for all the research, we fixed the problem. Can you verify on our latest version?". Of all researches I did (for free), there was only 1 time I got that kind of response. I think you all can guess how dispointed I was seeing no response from Comodo hehe.
1. Create a virtual machine, setup HTTPS website with either apache2 or nginx (it'd be very fast), then in xctium machine, modify hosts file that resolvs xcitium's domain to the virtual machine's IP. If access log of apache2 or nginx shows requests of Xcitium's update, then it has SSL vulnerability.
2. Check manifest file of Xcitium. If there's no checksum at the end of the file, then it has no integrity check.
3. If the manifest file has tag exec, likely the OS command execution is there, unless Xcitium updated the engine that handles XML data. Both command execution and path traversal requires real test (or sort of reverse engineering) to confirm.
A site note: Finding vulnerabilities is not always about money to me. Sometime, it's more like do it for fun and learn new stuff. However, when I find critical vulnerabilities and vendor doesn't care, it's just pure frustration. When I do it for free, I expect something like "Thank you for all the research, we fixed the problem. Can you verify on our latest version?". Of all researches I did (for free), there was only 1 time I got that kind of response. I think you all can guess how dispointed I was seeing no response from Comodo hehe.
To those who didn't know, back in 2014 researcher Joxean Koret (who wrote the book The Antivirus Hacker's Handbook later) published his research in "Breaking AV Software" slide. This slide is the main reason why I focus on AV vulnerabilities 
. According to this slide, there are some interesting info about Comodo:
- Comodo used this slide to do dirty marketing stuff. They said something like other AV products were vulnerable while Comodo didn't actually vulnerable
- Comodo has (had) free version for Linux. It's likely not installable because package requires old libraries. However, it's still downloadable.
- Comodo has multiple vulnerabilities in file parsers. The was a stack overflow. That mean a nice crafted file would gives remote code execution when Comodo scans the file.
- Comodo HIPS uses user-land hooking. According to the slide, Comodo use madCodeHook. The slide suggested some attacks to bypass the HIPS and at least 1 method worked.
- Comodo has "secure browser" called Comodo Dragon. It didn't update Chromium engine. It disabled HSTS protection of the browser. It has a "DNS leakage check" plugin that's vulnerable against ARP spoofing attack and leads to XSS in plugin's dashboard. Theoretically speaking, this also could leads to a in-LAN RCE if attacker can combine with 0-day or 1-day vulnerability of Chromium engine (bypass Chrome's sandbox).
So of all fancy features Comodo delivered, it could be a mess under the hood and user is more vulnerable using Comodo rather than get extra protections. Ofc, generally speaking, home user would not likely being targeted by some highly crafted exploit. But in the other hand, I'd recommend choosing AV products that's more carefully developed and more mainained.
. According to this slide, there are some interesting info about Comodo:- Comodo used this slide to do dirty marketing stuff. They said something like other AV products were vulnerable while Comodo didn't actually vulnerable
- Comodo has (had) free version for Linux. It's likely not installable because package requires old libraries. However, it's still downloadable.
- Comodo has multiple vulnerabilities in file parsers. The was a stack overflow. That mean a nice crafted file would gives remote code execution when Comodo scans the file.
- Comodo HIPS uses user-land hooking. According to the slide, Comodo use madCodeHook. The slide suggested some attacks to bypass the HIPS and at least 1 method worked.
- Comodo has "secure browser" called Comodo Dragon. It didn't update Chromium engine. It disabled HSTS protection of the browser. It has a "DNS leakage check" plugin that's vulnerable against ARP spoofing attack and leads to XSS in plugin's dashboard. Theoretically speaking, this also could leads to a in-LAN RCE if attacker can combine with 0-day or 1-day vulnerability of Chromium engine (bypass Chrome's sandbox).
So of all fancy features Comodo delivered, it could be a mess under the hood and user is more vulnerable using Comodo rather than get extra protections. Ofc, generally speaking, home user would not likely being targeted by some highly crafted exploit. But in the other hand, I'd recommend choosing AV products that's more carefully developed and more mainained.
This is a great suggestion. I'd recommend using killswitch toolset of Comodo too. The killswitch GUI is very easy to use and can be useful sometime to detect "strange" activities manually. However, I strongly recommend to not use CCE (the scanner feature). Last time I checked, CCE updates signatures and engine files using HTTP without binary verification (like in CIS). So this tool likely vulnerable to RCE attack similar to the vulnerabilties I found in CIS.
Comodo released the latest version in December 2024, but I believe they issued an update in January or February 2025, so technically, the last update or release was this year. The latest version receives an update after installation with no changes in the version number; the manual check shows no update, but the auto-update pops up after a while. Comodo What's New doesn't list the update.
So? Any "security" company that doesn't verify its own files or uses certificates which existed since what?, early 90s and especially a company WHOSE BUSINESS MODEL ARE CERTIFICATES to fail at certifying your own updates is like morbidly obese fitness instructor. Would you trust your fitness instructor to aid you in fitness if they can't aid themselves?
Pathetic company
Last edited:
Yes, it's probably the new protected file entry for that containment issue. As for me, I use Comodo, but it's an abandoned product from my viewpoint.
I doubt anyone expects it to not be bad.
A software with a codebase that is written to “oh it executed successfully” quality level has many vulnerabilities. Upon a deep and proper research, many more will be discovered. Comodo is all covered in security holes, which haven’t been discovered due to low interest. The product is not a priority at all, it’s a freebie and the CEO is telling you “this is what I offer, take it or leave it”.
That’s most of the HIPS, sandboxes and behavioural blockers. Even if there are components in kernel mode, there are still user mode hooks. In future, kernel mode code will be reduced and completely eliminated. Unhooking can happen, it is expected that a programmatic attack should be stopped way earlier, before unhooking can occur (which often requires kernel mode access too).
An abandoned house with walls that are falling down is not a place where someone wants to live.
Comodo not once or twice has used questionable marketing practices and continues to use them. For example, on the Comodo website currently, someone may be left under the impression that the product offers email security and IPS. At one point they used porn to promote their products, there was a video released by them “how to watch porn safely”. They had several beefs, including but not limited to beefs with Symantec and testing bodies. I think Melih is a great salesman but just not a tech man.
I think you missed his point. I believe what he meant was "if public POC is available then it's extremely dangerous". And yeah my full POC is there wiith full read access
Talk about POC, i found it funny because the "security news" BS used AI to parse and generate articles. Most of the articles missed a lot of information or even gave wrong info. There's only Seucirty Insider website that contacted me, asked me nicely for more details before release their article.Either way, Comodo actually sold (sells) certificates and their products just ignored validation check?? That's just insane lol.
LoL I laughed hard reading this. Yeah at some point I agree with this. A normal abandoned software is dangerous enough. Abadoned AV software is even more dangerous. Meanwhile there are a lot of good products out there.
Comodo users are cybersecurity rebels... An abandoned house with falling walls is a cozy place—offering walls that serve as both beds and art—for us!
I have a question that's meant honestly and has nothing to do with fanboying or anything else.
First of all: I've been seriously doubted by the recently discovered security vulnerabilities and the discussions about them, not here, but in the Comodo forum. I was about to leave Comodo after decades. My question, which will be difficult to answer, not because it's too specific or technically difficult (I wouldn't be able to do that due to a lack of knowledge, as I'm not a programmer), but because no one can look at my configurations and immediately tell me for this or that reason or because of that. My question, as I said, has nothing to do with Comodo itself; I could certainly ask a similar question about other programs.
Why, in all the decades I've been using Comodo, haven't I been harmed even once by a cyberattack:
Identity, bank account, ransomware, or anything else.
I can already offer one or two answers based on what I've read here:
- Comodo is too insignificant for cybercriminals, so it's not worth attacking.
- The user base is too small and also too insignificant.
- Attempting a break-in would be too complex, or the hurdles are too high at Comodo.
There have been security concerns and vulnerabilities at Comodo for some time, and these have been discussed.
I was really considering switching, and the recent posts here have reinforced my doubts somewhat (but then some things were revised again), but my experience with Comodo contradicts this.
First of all: I've been seriously doubted by the recently discovered security vulnerabilities and the discussions about them, not here, but in the Comodo forum. I was about to leave Comodo after decades. My question, which will be difficult to answer, not because it's too specific or technically difficult (I wouldn't be able to do that due to a lack of knowledge, as I'm not a programmer), but because no one can look at my configurations and immediately tell me for this or that reason or because of that. My question, as I said, has nothing to do with Comodo itself; I could certainly ask a similar question about other programs.
Why, in all the decades I've been using Comodo, haven't I been harmed even once by a cyberattack:
Identity, bank account, ransomware, or anything else.
I can already offer one or two answers based on what I've read here:
- Comodo is too insignificant for cybercriminals, so it's not worth attacking.
- The user base is too small and also too insignificant.
- Attempting a break-in would be too complex, or the hurdles are too high at Comodo.
There have been security concerns and vulnerabilities at Comodo for some time, and these have been discussed.
I was really considering switching, and the recent posts here have reinforced my doubts somewhat (but then some things were revised again), but my experience with Comodo contradicts this.
Last edited:
This guy is finder of this CVE and Comodo fans still ignores this CVE.
No, I'm not ignoring the recently uncovered issues and other users don't either. But that's the thing: I started to have doubts about security, but I've been using Comodo for decades and have never had malware, cyberattacks, or anything else. And that's an honest statement. I'm not stupid and use software that I can't trust.
And look there: CVEs reported for CIS 2025 - 12.3.4.8162
by nik.luckin:
Therefore my question (see above):
So the protection must be good?
or 
I don't want to become a victim of cybercriminals.
Last edited:
- Status
You may also like...
-
Windows Active Directory Vulnerability Allows Attackers to Execute Malicious Code- Started by Brownie2019
- Replies: 1
-
Critical Windows Admin Center Vulnerability Allows Privilege Escalation- Started by Parkinsond
- Replies: 4
-
AVideo Platform Vulnerability Allows Hackers to Hijack Streams via Zero-Click Command Injection
- Started by Brownie2019
- Replies: 1
-
TeamViewer DEX Vulnerabilities Let Attackers Trigger DoS Attack and Expose Sensitive Data
- Started by Brownie2019
- Replies: 1
