I did some testing in a virtual machine (Win 7) using malicious URL’s from the Comodo siteinspector recent detections and other malware urls found on the net (malwaredomainlist.com etc). When using Internet explorer, Comodo detected the malware (it could detect) immediately in most cases and warned me.
What’s strange is that when testing same urls using Google Chrome, CIS never reported anything on all malicious sites I visited (except in one case that CIS “woke up” and created one or two warnings). After that, If I scan via context menu the whole chrome cache folder, CIS will detect the malware inside the files. Why this? Shouldn’t Comodo detect them when visiting the malicious pages?
It’s not a big deal for me as Comodo is supposed to detect them if they run and also I 've created an automatic scan to check the cache every some days. But it would be better if Comodo detected them on visit.
“Enable scanning optimizations – On selecting this option, the antivirus will employ various optimization techniques like running the scan in the background in order to reduce consumption of system resources and speed-up the scanning process (Default = Enabled)”
Also with this option enabled the AV won’t scan/detect files on access in some cases. Only once you execute them or do on-demand scan.
Oh yeah sure… Nobody talked about the reduced protection you still protected with CAV. If CAV didn’t detect something on access and did so on-demand that’s prob down to scanning optimization setting in order to save system resources.
What I 've done is to create a scheduled custom scan that scans every two-three days the chrome & explorer caches. I 'm ok with this. Despite having a two years license of Avast IS 8 (won by recommending to others) I realized that Comodo is far better on total when did some tests.
A difference can be caused when the browser uses a temporary folder where it will download a file to before moving it to the destination folder. The detection then takes place when the file is written to the destination folder.
What’s the difference. If malware is going to be caught regardless, why does it matter if it’s caught as it’s downloaded or just before it’s able to run? Don’t forget that it takes more resources to do the first.