Comodo should really block exploits if this is somehow possible...

My personal opinion is that Comodo should block exploits like Kaespersky does, because if I remember it correctly only Kaspersky and Norton block exploits (I saw this in PC Mag), but not Comodo:

“To test Comodo’s exploit protection I attacked the test system using 30 exploits generated by the Core IMPACT penetration tool. Like ZoneAlarm Free Firewall 2012, Comodo didn’t actively block any of these at the network level and also didn’t block their attempts to drop files on the test system. Only the fact that the test system was fully patched prevented it from being compromised. Norton, by contrast, detected every exploit at the network level and identified most by name.”

Comodo should also block exploits on the network level.

I’m not an expert on anything, so I’ll leave the answer to experts.
Big thanks for your time and patience.

And could you give your review about this:

It would be interesting if CIS had something like EMET or Malwarebytes Anti-Exploit to help provide additional protection against these kinds of attacks, guess we will have to wait and see what v7 brings to the table as that might be more then enough protection :slight_smile:

Very interesting to hear from developers.

We don’t usually comment on discussions on other forums. A quick read showed that there were questions what methodology was followed. The tester uses a big testing package with which I am not familiar. For any questions you have about how to interpret the results I refer you to the topic at Wilders.

On a side note a few comments on parts of that article.

High-end firewalls like what you get in Norton Internet Security (2013)$20.49 at Amazon or Kaspersky Internet Security (2013)$79.95 at Kaspersky Lab North America | United Kingdom handle program control internally, with no reliance on user decisions. When a firewall does involve the user in trust decisions, it's important that the firewall catch every attempt at access. Leak test programs try to connect with the Internet "under the radar," undetected by program control.
The Comodo Firewall can be set to not alert the user and then either block or allow unknown programs. Leaktests, and malware, would be unknown programs and when setting CIS to block internet access for them you get the same protection. You don't need to pay money for that. ;)
Comodo doesn't expose any significant settings in the Registry; a malicious program couldn't disable it by setting protection to "OFF" in the Registry. However, I had no trouble killing off its processes using Task Manager. That's surprising, because with the previous edition such an attempt yielded "Access Denied." I also managed to set its essential services to be disabled. After reboot it re-enabled some, but not all, of them. This firewall could do with a little toughening up. The same attacks on ZoneAlarm bounced off harmlessly.
With v5 it was not possible for both users and unknown programs to terminate CIS processes from Task Manager. In v6, to meet popular demand, the end user is now allowed to terminate CIS processes. CIS processes are still protected against termination from unknown applications. CIS is the nanny of program behaviour not the nanny of user behaviour.

This particular test of PC Mag does not qualify to properly reflect CIS self protection capabilities.

Many modern malware attacks slip into victim systems by exploiting unpatched vulnerabilities in the operating system, the browser, or essential applications. To test Comodo's exploit protection I attacked the test system using 30 exploits generated by the Core IMPACT penetration tool. Like ZoneAlarm Free Firewall 2012, Comodo didn't actively block any of these at the network level and also didn't block their attempts to drop files on the test system.
The exploits were of a kind that is not detected by the Buffer Overflow detection of CIS.