2011-Q2 AV-TEST Product Review and Certification Report

Not exactly true, as Hungry Man pointed out, because of the Sandbox. If you have the restrictions set high enough (at least on "Limited") you should still not be infected, even if you click "allow" when you should "deny."

 

Not that my "tests" are official (I only ever posted them once and was bashed lol) but there's a significant change between Partially Limited and Limited with the same malware and what's left over, though I've never been successfully infected while testing Comodo.

edit: I also think it's important to note that besides the HIPS module there's also the AV, Firewall, and Sandbox modules. Sandboxing java or other programs will protect you from a lot of exploits. The AV (though I do not run it) will also protect you from known malware. Both of those have very little user interaction, they're almost completely handled by the program.

 

That is totally wrong, you still have the sandbox, the av, the cloud av, the cloud BB, so clicking in the wrong alert on D+ does not mean anything.

By the way is very rare to see a D+ alert since the unknown files goes to the sandbox, and the D+ alert on this cases are quite clear.

 

Exactly. Comodo's defenses do not stop at "Do you want to run this?" Not at all.