A few quick thoughts. Note: The folllowing is the opinion of the poster (that's me I think). If you don't agree... that's okay. For as long as I've been paying attention, COMODO CIS has been an effective firewall with a poor AV which means that D+ is its first line of defense. This is different to most other effective anti-malware apps which have a fine-tuned, definition-based detector at their core, to which additional tools/techniques have been augmented. Whitelisting and other techniques may have made D+ less "chatty" but it's still not very smart. So it makes sense to me that in COMODO's ongoing quest for an effective set-and-forget product, that they might "give up" on AV development and make behaviour analysis and/or virtualization of anything not on the clean list, the new first line.