Real time scanning is in the pipeline, we will have it.
That's great news

We although can change CMF so when it detects any vulnerability, it can send information about it to comodo.
But even though CMF alerts about any vulnerability, that product has to be analyzed and vulnerability has to be confirmed.
As of now role of CVA is just to inform users about known vulnerabilities and as of now Comodo is not in the business of exposing vulnerabilities and publish them.
Sorry I didn't explain myself as I know nearly nothing about BO and exploits. As I understand Vulnerability research require a cooperative approach and I understand that there is no way for a single company to take such a heavy task.
I always wondered if there could be a different way to warn user about a specific exploit attack. Usually AV signature-based approach can identify specific exploit code and alert the user.
However this type of detection is somewhat limited as changing the code to leverage on the same vulnerability could be undetected.
CMF instead trap BO on the fly and it can detect even new exploit code on the act. However as end user there is no sure-strike way to know if an alert was due to a malicious attempt.
As I don't have the necessary know-how I don't know it an existing BO vulnerability is able to trigger a well defined range of alerts regardless of the exploit code or end-user machine specific setups.
If there is a way to to bind an existing reported exploit/vulnerability to a specific set of alert characteristics then there would be an alternate way to detect exploits without relying on exploit code signatures.
Since CMF is monitoring BO events I wondered if there could be something like a BO signature (based for example only on memory range exception addresses, exploitable component name/signature and type of BO) specific enough to link a specific BO alert to an existing reported vulnerability (if that vulnerability provided exploit code to gather such data).
I don't know if there is a way to define something like a BO signature but I imagined if something like this was possible then it could be used an a way to complement existing AV code signature based approach (creating a chance for researchers to add such BO signature to new full disclosure advisories).