CAV and CIS detection rate

Majority of people can’t test the products themselves. Majority of users i.e Average Users therefore before installing any security products look in the so called famous testing organization to check which security software is rated good & they go for that.

I have read here & many places users mentioning that they changed there security coz on Matousec website they found out that CIS performed excellent so they are trying CIS. They also paste the Matousec link there for other users to check out. Everyone knows the tests performed by Matousec, many users will never face many types of malware attacks (Tests) performed by Matousec. But the fact is these so called famous testing organisation is good for a products publicity & even well if the products performance is mentioned good there. Its kind of publicity, advertising & recognition for the products & excellent publicity, advertising & recognition for the products if it performed good.

So the fact is such tests are useless but useful too.

Not everybody think alike, the world would be so boring. So if you want to educate majority, you may not be able to do so with your sophisticated skills but may be the way they want to be educated i.e using their own skills. So first give them the way they want, later they will automatically try to learn new things i.e the way you want.

So if users want to see CAV’s performance in the so called tesing organization website before trying it, I think you should go for it. Many Users saw CIS’s performance in Matousec & they are running CFW+D+, they will see CAV’s performance in AV-Comparative & will run CFW+D++CAV, I am 100% sure, are you??


in your scenerio are you suggesting you use some legacy AV with Comodo Firewall with D+ enabled?

It is strange according for the website CAV is detecting now a Total of 7900468 malwares, but comodo miss a lot that Avira, ESET, Kaspersky and until the junk Avast is detecting easy, Why no improve CAV definitely for be really competitive? maybe no has money?

Maybe comodo has problems with detecting 0 day malware very well, but old one is detecting pretty good.
If you have any undetected virus you can submit it to analysis.



There’s much being said regarding the inadequacies of the AV-C on-demand tests with regards to real-world protection (with some justification).

No mention of the pro-active/dynamic tests though;which very few deem to be irrelevant within the wider community.

Comodo Internet Security may have a rootkit scanner but it doesn’t mean it can remove rootkits. I recently had a rootkit that Comodo Internet Security found but when I tried to use Comodo to remove it it wasn’t able to do so. A message came up saying nothing was removed. The rootkit was somehow a part of my keyboard don’t ask me witch rootkit it was don’t know. I tried 3 times with Comodo 5.3 to remove this rootkit and even though it found it all three times it couldn’t remove it. I then went to Malwarebytes Anti-Malware the free version. It found the registry keys that the rootkit made and removed them but it couldn’t remove the rootkit program itself. So I finally had to do a system restore to get rid of it. My opperating system is Windows 7 64 bit. My question is what good is a rootkit scanner in Comodo that can find rootkits but can’t remove them. I think Comodo need to overhaul it’s scanner in a big way. At least the removal part of it. And soon.

rootkits are very very difficult to get rid off, but my big question to you is : how did you get infected in the first place, what was your protection ? CIS is for protection not for cleaning. if you have tried the CCE and it failed then I will call it a “failure” < because it failed in doing it’s job which is cleaning the infection :slight_smile:

the only true way to remove a root kit is from a bootable CD, and that will be coming to CCE soon enough.

Personally, I couldn’t care less about virus detection.
About 2 months ago, as an experiment, I disabled the AV in Comodo, D+ is set to
Safe and Execution Control is set to Block.
Now I just run all my internet facing apps in Sandboxie, and scan my
Windows folder with CCE everyday, and a full scan once a week.

Also, when I was researching AVs last summer, I would visit several
AV forums, and Comodo had/has very few posts from people
asking for help after being infected, while all the others have
several posts a day. I realize this was hardly scientific, but to
me, that indicated that CIS was doing a much better job of
protecting their customers.

I am wondering what good is it to have Comodo tell you you have a rootkit but not able to get rid of it and I was using CIS. I would say the rootkit scanner is useless unless it can cure it as well.

I’m still waiting for an answer to my question :-\

it doesnt do that much good in my opinion but it gives u a diagnostic of the problem so that other measures of cleaning can be taken. once cce becomes bootable it should be able to clean the rootkit infections that are found. idk why they added this feature to cis esepcially when Melih keeps stating that cis is for prevention and cce is for cleaning. the rootkit scanner in cis gives a lot of FP. i think it should be removed since we now have CCE

Excuse me, but r u MJR1 ?

And regarding your post , which has nothing to do with my question, I remember melih once said something like " I don’t think we need it here but people want it so here you go , you have it !"

waiting for MJR1 to answer my question ;D

well my bad. i just thought it was a general question

I am suggesting replacing CAV with another AV that has better detection rate than CAV while using exactly the same Comodo Firewall, Defence+, and Sandbox settings. I have not specified which AV or how the better detection rate would be determined.

You have stated that replacing CAV with another AV would increase D+ alerts. I cannot see why this would occur if the replacement AV detects more malware than CAV, therefore I am asking you to explain.

if you will use the Automatic sandboxing, then the alerts are taken care of anyway…I was under impression that you were saying: don’t use CAV/Automatic Sandboxing and just use firewall with another AV.

So what extra security will u gain by using another AV if you are using Automatic Sandboxing with Comodo?

Well, We would have less popups, since we use (Just in case) an AV with high detection rate, we may not need to sandbox more items as they are primarily detected and taken care of by the AV itself.

It may not give moreprotection than what we have now, but it can certainly increase the usability.

For those who use the standard config. Probably a somewhat ok protection from “baddies” in the whitelist.

how would it increase usability?