You are always welcome to write your opinion 
Not sure where you get the figure of hundreds of Mb as updates over a few days should only be a odd few.
Detection in CIS has always been for usability.
I am afraid detection will always fail you when you need it the most, if you what to rely on it as a form of protection, in the past a AV was good enough.
Dennis
:-TU :-TU :-TU
AV-Test seems to think detection is pretty up to the standards: Test Comodo Internet Security Premium 8.2 for Windows 10 (161421) | AV-TEST .
Value 0.1%
Is that bad ?
Given the interaction between Firewall <> HIPS <> CAV
CIS provides an analysis of 3 parameters
In another configuration ?
[attachment deleted by admin]
average is just a number.
if i eat a whole chicken and you dont eat anything, we both have eaten half chicken on average, but you wont be happy to know that 
the best av can reach 99,9% and as i said, improving detection can reduce the number of sandboxed apps
Comodo Autosandbox no doubt provides excellent protection. And no doubt they have improved usability. But still I find it not easy enough to use for average users.
For ex - With one of previous CCAV version, I had installed Adguard Desktop & got no popup so it was whitelisted but during install something called Adguard WFP driver or something got sandboxed & error was there.
With the latest CCAV, I tried IPinator VPN & got popup & I selected run outside sandbox & during install I got 7-8 popups.
These are the things that makes Comodo Autosandbox/Default Deny not easy to use for average users.
I mean things like -
So when they see whitelisted programs getting sandboxed & failing install, programs they know are safe & decide to run outside sandbox but still getting 7-8 popups, etc, this gets annoying for them & they dont like the product.
Bottom line is that the package as a whole does itâs job and does it â â â â well. I have always viewed the AV as a extra layer of security. The real protection as already discussed is the HIPS and Sandbox. Default deny and preventing unknown applications from altering the OS is what CIS is founded on. As far as the AV is concerned it is on par with many other top vendors. Even if the AV had a perfect 100% detection rate it would not stop the sandbox from isolating unknown non-malicious applications. So I donât see your point.
When installing new apps it is crucial to monitor the sandbox for unrecognized files. Even if a digitally signed application is on the trusted vendor list. One or more files may not be digitally signed inside the program itself. Therefore it will not be trusted just because the installer was. With this level of protection comes some diligence. CIS in not a set it and forget it security suite. With great protections comes a bit of a learning curve. So yes itâs not the most friendly protection choice for average users.
1. Whitelisted program but still during install a file or 2 gets sandboxed & then install error/install fails.
Never seen or experienced this behavior. Could you point out a white listed file that demonstrates this? Are you trying to install an .MSI installer package? Because that requires access to the system the sandbox will not allow.
2. Users get popup & they know the program is safe & decide to run outside sandbox but still they get few more popups & this annoys the average users & they dont like the product.
Even if the user knows itâs safe the files still must be added to the trusted file list. Then the popups stop. That simple.
Itâs perfectly clear that an average user who is neither willing or concerned with the Comodo Internet Security learning curve (which is not that hard unless you get into advanced rules) should look elsewhere.
One thing I would recommend to Comodo is to have the status pane enabled by default on the widget. Not sure why it is not. That makes it easier to see when something is being isolated and the unrecognized file count.
The security works and to dumb down the software to accommodate a few users would also dumb down the protection.
99.9% detection of what?
answer: Malware
Which malware?
answer:malware that testing organization have in its database. Whats in the real world is a different question.
You would be kidding yourself thinking AV products can detect 99.9% of real world malware in the wild.
True, thatâs why I said average is just a number and detection rate is just a number too
Nevertheless, the higher the detection, the fewer the sandbox alerts
I give you an exemple. Chromium âchrome.exeâ file is not digitally signed, thus CIS will sandbox it (or at least, CIS did sandbox it)
The chicken ?
Moreover they also have their virus (alas).
The viral contamination mechanism can be stopped by an architecture having a specific profile type Comodo CIS 8.2
Chrome is digitally signed, but once installed some files may be unrecognized or not digitally signed as the main executable (.dll or other) and ran isolated. Even when Chrome is a trusted application. I experience this with many files. Adobe and Corel products, media encoders, and more.
Try this yourself with LibreOffice. All files will be allowed to run without interference but when Office.bin is executed it will automatically be sandboxed even when itâs part of the package. Itâs safe but unknown. Even when itâs executed by a trusted application. Letâs say LibreOffice Writer. Office.bin has to be added to the trusted files list.
These matters are hard to discuss in a straightforward manner because what configuration and rules each person is running will deeply determine the circumstances and behavior.
[attachment deleted by admin]
i said chromium, not google chrome
Apologizes, but none the less alters the point I was trying to clarify about sandbox behavior. With signed and unsigned files.
Complement the concept âsafe, unknown and malwareâ as follows:
Malware can be unknown files
Unknowns can explore secure applications (these may be malware)
Safe when executed without any restriction, may not be as safe as well âŚ
It affects the major security suites
[s]https://forums.comodo.com/bug-reports-cis/spyshelter-test-t115145.0.html;msg837475#msg837475[/s]
Warning!!! Comodo containment is not working as expected in Windows 10 and fixing the bug is not worthâŚ
If you set a rule for an app to âRun Virtuallyâ or âRun Restrictedâ, that app will be sandboxed as âPartially Limitedâ, no matter what âRestriction Levelâ you have chosen.
And this can lead to bypass the sandbox and affect the real system
Containment does cause troubles quite often without a global rule that allows all trusted content to run outside of the sandbox, Comodo does not have that rule pr. default.
On the other hand it is safer for the average user not to have such a rule, but it probably leaves much frustration and provokes a turn towards the competition.
Personally I prefer to allow what is flagged as trusted but yet have the rest of CIS set stricter than what the warranty requires.
Thx for your statements. I often wondered about the bad opinions on comodo. For example also google, which classified Dragon as dangerous. Now I use firefox and only now I am trying Dragon and Ice-dragon. Comodo is my shield since the last millennium in connection with avira, later avast, then Qihoo and since a few weeks only comodo. Testing is done with malware bytes, adware, tdsskilller from Kaspersky. No finds.
Itâs not easy to really see through comodo, many users complain about that and prefer to have it easier. Getting more involved with comodo is hard work and has avoided it so far. Satisfied with the settings thanks to the help of an IT expert.
So - I can agree with your opinion more than just.
I made changes in line with cruelsisterâs proposal and feel even better protected.
I use secure shopping for sensitive transactions.
Translated with DeepL Translate: The world's most accurate translator
I wrote it in my mother tongue and a useful and rather a good translater did the job.
Hmmh! Cruelsister (I linked her video) shows in her video how to protect and shows it with a malicious program! So you really can block or allow such a programm as a strong restricted.
it is deleted can someone reupload?