Comodo Antivirus Engine

Who is the provider of the anti virus engine?

It’s Comodo’s proprietary engine. They have not licensed an engine from anyone else.

Ewen :slight_smile:

It would be useful if it would get ranked by AV-Comparatives.

It has been ranked by several AV sites and, according to their test methodologies, it ranked poorly. Many have said that is proof that it is no good, but there is more to it than just that.

Traditional AVs rely on a two pronged detection-removal architecture, and AV sites test accordingly. Where CAVS differs is that it has a third outer layer - prevention. If the malware can’t get in, the necessity for detection is greatly reduced, and AV testing sites don’t cater for this. As more security software “gets it” regarding HIPS-style security, the focus will swing to prevention being a measurable aspect of efficiency.

This is not to say that Comodo are not working hard to raise their detection rate. They believe that all three layers must be continually improved and are working towards becoming the best. It won’t happen overnight, but that’s not to say it won’t happen.

Ewen :slight_smile:

If it is not ranked by the most important ones, then it does not exist.

Well CAVS isn’t even released yet, so in that sense it doesn’t exist either.
It’s still beta software…

I’d like to pick up this thread as it has suitable topic for a question I have: How does the scanning engine of CAVS 2.0 beta actually work? I’m curious from three points of view.

  1. Speed. It takes only 12 minutes to perform a full system scan on my machine, scanning all kinds of files, archives and so on. The time is about the same with Avira Antivir. Avast on the other hand, takes up to two hours (on my system) to do such a scan. So what is the key? Does the speed compromise on the effectiveness or is it, like Antivir, very smart?

  2. Detection. I recall that CAVS performed slightly above 40% malware detection in the latest test, somewhere. Does anyone has an idea if this is improving now, as we see definition updates every day? Or does these updates only keep the same speed as the bad guys, the virus makers, causing CAVS to still be on a 40-50% detection level?

  3. BOClean. I think I saw a post from Melih, stating that CAVS will detect 90% or more in its next version. Is this thanks to including BOClean in the program? Otherwise I suppose it would be a very, very tough job to make such a dramatic improvement in terms of detection.

I’m thankful for any replies here. And I certainly look forward to what Comodo are up to with the next version of CAVS!!!


If that is true…what does CAVS users use then? A ghost program? :wink:

Hi LA,

I’m not 100% sure on question 1. It may be that CAVS uses it’s safelist to bypass files which are safe. These are incrementally scanned, so overall speed of scanning is reduced.

CAVS is updated daily with about 100 or so signatures, which is to improve overall detection as well as keeping up with the latest malware.

Comodo have been working ■■■■■■■ the detections for the next version of CAVS. All malware samples submitted have been put into this version, but not all have been put into the current release. With the additon of BOClean the detection is improved even further. It is the combination of BOClean and these signatures which will bring detection to 90%+. This version will also have the full safelist, so HIPS alerts should be massively reduced, making it even easier to prevent unknown malware and submit the samples to Comodo.


Thank you Mike, that’s a good answer. Looking forward to the next version, it will surely be a great improvement from 2.0 - something for Comodo to be really proud of, like the firewall.


You’re welcome LA. :wink: From what Melih has stated of v.3, it is going to be awesome and a real contender against other malware products.