Comodo Question

As D+ with the Sandbox is essential in protecting the computer from things like zero day malware, rootkits and ransomware, it really isn't in your best interest to even consider disabling those functions.

 

Do you mean the detection rates are pretty good? Could it be an alternative to Panda/AVG/Avast?

 

Yes the AV is pretty good now & a good alternative to the top free AV's. I have tested it few times in comparison to top free AV's like Avast, Avira, Panda, AVG, etc with mostly 100 zeroday maleware & I must say in my tests Avira & Comodo AV were the best with the top position, few times Avira was No.1 & few times Comodo AV.

Just take out some time & test it yourself in comparison to the top free AV's.

Thanxx
Naren

 

The updates are very slow and I got 19 false positives after the first full scan Defense+ may be a good thing but overall I can't recommend Comodo AV

 

A did a test a few days ago of Comodo AV+FW (no D+ or Sandbox). It didn't do as well as the other freebies.

 

Could you post the fp's report here if you still have it?

I have compared it with other freebies av's and I only found avast being stronger. The AV it's improving a lot lately, and I think that the addition of valkirye will represent a huge step in detection rates, it will be probably ready for v6

 

Another question(s):

Does Comodo continue to install that whitelist of 6000+ "trusted" vendors?
If one deletes it, does it re-populate at the next "update"?

.

 

You can disable Comodo trusted vendor list from being used or updated, take a look to this post

https://www.wilderssecurity.com/showpost.php?p=1928849&postcount=21

I'm not sure if only using the second option you won't get the list updated anyway try to check only the second option before block CIS via firewall, so you don't lose the cloud av and behavior blocker, av and cis updates in case you are interested.

Also the TVL is not used if you use the paranoid mode.

 

Sorry - I have already deinstalled it but most of the FP were game files ...

However, they have to improve their AV: http://www.virusbtn.com/vb100/rap-index.xml

 

This test is not very representative, all the detections labeled as suspicious does not count that means that all the detections made by the cloud behavior blocker, the cloud heuristics and valkirye in a future will not count until comodo label the malware with a "name".
Anyway it could do it better.

 

I see - how about this "harakiri" module? How does it work?

 

What do you mean with harakiri? valkirye?

 

Yes

 

valkyrie will be soon added to the CIS cloud

Take a look here:
http://valkyrie.comodo.com/
http://forums.comodo.com/news-annou...ea€-is-formally-released-today-t70977.0.html

Upload some malware and take a look to the tabs Static Detection (17 Artifial Intelligence Detectors), Dynamic Detection (CAMAS/CIMA) and Advanced Heuristics (3 heuristics engines). This is right now, they have been adding more and more "engines" lately

Right now is a beta and they are tunning it.
You may think that this will produce many fp's but a file (Final Result) is not labeled as malware just for being detected by some of the "engines" It needs certain combinations, I guess they are also using neuronal networks for that, so valkirye is able to automatically learn the dangerous combinations and the good ones that produces fp's... They have also people assigned to valkirye to help to train it.

 

How does cloud come into play with no internet connection?

 

It doesn't. But how often are you exposed to malware when you aren't connected to the internet?

 

it is way less for sure,maybe usb

 

Indeed, yet Virus Bulletin still tests under these unrealistic conditions (correct me if their methodology changed).

 

Even always connected, how often are you exposed to malware ?
That's a very very hard task (to catch a malware).

 

As the topic is the AV part of Comodo, allow me to share some data that we've collected. To sum,

1). every day a total of 25 malware samples are collected from public and private sources. All must have made a first appearance within 18 hours of collection.
2). Samples are run in a clean unprotected computer, effects are noted to verify sample was truly malicious.
3). Adware is discarded.
4). samples are submitted to VT. Anything with a VT detection level of more than 7 are discarded. but at least 13/25 must have detection rates of 2 or less,
5). the accepted samples are run on a clean system protected by CIS 5.8 at settings I've discussed in other threads.
6). All samples that were undetected by are saved and rescanned at 24 hour intervals.
7). all samples were submitted to Comodo.

Results from the previous 7 days (12-10-11 through 18-10-11):

Number of samples: 125
Number of infections: 0

As to the AV portion, the current defs were downloaded 30 minutes ago, the last samples was run almost exactly 24 hours ago. Out of the 125 samples collected there are still 11 that are not detected by Comodo AV with the specific dates and the current (as of 1 hour ago) VT detection rates:

12-10: 1 VT- 31/44
13-10: 1 VT- 32/44
14-10: 3 VT- 28/44; 28/44: 27/44
15-10: 2 VT- 27/4; 25/44
16-10: 0 VT- n/a
17-10: 1 VT- 29/44
18-10: 3 VT- 2/44; 2/44; 3/44

(An on demand scan was run with HMP and MB on the remaining 11. Both had detection rates of 10/11 with different samples missed- both are from 18-10.)

One last thing- our tests have been proceeding for a bit over 2 months. The 12-10-11 sample is the oldest still undetected.

 

An addendum to the above: Before I went home today I found 11 items to test. All were malware that showed up on the lists since the earlier testing. 10 were trojans of diverse types, and one was a legitimate program (RealVNC) that someone has "customized" with malware. I did not run any against VT, HMP, or MB prior to testing, but I made sure all were malware.

For the 10 trojans, the AV + Cloud caught 9/10. The remaining trojan was run as Untrusted and did not result in any infection. Both HMP and MB detected it as malware. VT results were 5/44.

For the infected RealVNC, the program was allowed to run but the malware components were caught and quarantined. The program itself was installed successfully and is non-malicious.

One thing I have noticed- the ability of the AV to detect malware (assuming current definitions) varies with the time of day the testing takes place. I've found just about the worst time (lowest detection) occurs from about 0600 to 1200 GMT. Guess Comodo people have to sleep sometime.

 

Too bad that i don't sleep in the same time.

p.s. I use Comodo Firewall for years, thanks for all of the setting-tips and info.

 

My pleasure!

But what I'm really starting to wonder about is how the validity of true zero day malware tests varies with the actual time of day the test is performed. With Comodo I've been getting at the least a 20-30% detection difference between the nadir time as mentioned in the previous post and the "prime" time 12 hours later.

Unless an AV company is full staffed 24/7 I would be surprised if this effect isn't seen elsewhere as well.

 

How does ComodoFirewall+HiPS perform against these security threats?

-http://www.spyshelter.com/download/AntiTest.exe-

 

well in Version 5.8 it detected as malware. now my settings are all defaults