Comodo Antivirus 5.8 detection rate and heuristic test (by FaraVirusi.com Labs)

As many are wondering about Comodo's total an heuristic detection rate, we, at FaraVirusi.com IT security blog decided to perform a complex test on 21.390 malwares.

*
The results:

• Comodo – 83.94% detection
  *

For the heuristic detection rate, we've used 9150 infected files from 2 to 4 november 2011, while Comodo's definition were freezed on the 27th of October.

Proactive detection rate was: 4274 (46.71%)

Additional details are available here: http://www.faravirusi.com/2011/11/0...rus-2012-test-al-detectiei-by-faravirusi-com/

 

Comodo is notoriously known for heuristic false positives so testing it on files that you know are malware will yeld incredible results. But if you push in clean files and deduct detection score with false positives, the result won't be so stellar. I mean, it's easy to make awesome heursitics if you don't care about false positives. You can pretty much make them 100%. But that just won't work in real world...

 

RejZoR: You're right here, but given the fact they had no FP on the latest VirusBulletin test result, means they improved things.

 

Yes, Comodo has high False Positive rates. I don't know why they need such a sensitive heuristic when they have Defense+ and autosandbox.

 

One Antivirus is not just fail scaner.
One Antivirus is complex solution-black listing URL\fail,proactive.....
To try detection for one Antivirus just on "right click context menu" is very bad idea!
Wher you finde 9150 infected fails hust for 2 days?
To realy make a virus competion it is very complicated.
The processe of contamination is not just en .exe
The processe of contamination is one complete feature.
You go to site, there you click to something after you .....
Is not just en .exe
Many AV block just the page, or just the exe, or ....
If you can understand me.

*

 

It also depends on the settings used. VB100 uses default as far as i know, but we don't know what setting was used in this test.

 

Quote from faravirusi.com

 

Well then, that explains everything. AVIRA heuristics on High can still be used perfectly fine every day. Comodo heuristics on High are a complete no go as it detects pretty much every EXE with it.

 

I use it with heuristics set on "High" and I received only one FP on a file where many other vendors had a FP.

Things are not so bad as you describe them. I know Comodo has sometimes a higher number of FPs than an average antivirus, but this number is not so big.

See the latest AV-Test.org evaluation where Comodo took part (Q2/2011).
Industry average was 9 FPs on their 699,760 clean files set.
Comodo had an average of 12 FPs taken into account the 3 months when it was tested.

*

 

+1 It detected HD Sentinel, cFosSpeed and a couple of other programs as false positives on my machine. Not all files, just picked up 1 or 2 files in these programs.

 

@Narxis: You should report them here: http://www.comodo.com/home/internet-security/submit.php

They fix it in maximum 24H.

 

I have notice a lot of improvements in Comodo AV lately, still they need to add valkirie with CIS 6

 

Im sure its fixed, it was few months ago.

 

Well i hate it when AV detects no-cd patches and similar stuff and they never bother to fix them because they consider them illegal. Even if they aren't malware. They are not here to judge that, you just have to decide if its malware or not, not if its legal or not.

 

That's pretty much an industry-wide problem. I will say that Avast doesn't seem to be so bad about it, so when they detect a patch or something like it, I pause.

 

avast! is the only one that actually removes false positives on files regardless of what they are. So if it's no-cd but not malware, they'll fix it. They really care only about what's really a malware and i really appreciate that. They are security company, not moral police. I wish others would work the same...

 

Same here, we have plenty of other people/organizations dictating what we should/shouldn't have and can/can't do. My AV should protect me, not get behind a pulpit.

 

I don't exactly know what's Comodo's behaviour on this. *

 

actually along with avast eset for me at least is great about not detecting things like this. avast is a bit better but eset does not pick up most no cd type of things either (again at least from my testing)

 

Good deal I haven't tested Eset in quite some time, so that's good to know.

 

Comodo AV part wasn't the best part but lately its gaining quite ground. Regarding FPs well you know its FP so restore it or just add to trusted files and you are done. You can't ask more if you get something good stuff for free. And as such comodo AV part has come up from a really long way

 

Nice to see it continue improving