I watched Melih’s video about how Comodo is different from other security software. He states that an unknown file will be sandboxed and then sent to Comodo labs where it will be analysed, the result is then sent back, if it’s malware it’s deleted, if it’s good then it is released from the sandbox. I have had a file in the sandbox for 3 weeks and nothing - whats the point, if it takes that long???
Where is the video?
This is the theory.
Now, imagine when you get 100 000 individual unknown files each day, no one can classify all the files as fast.
That’s the reason why there is a topic for reporting unknown apps you believe are safe in order to satisfy users requests. They also white list new update from non signed software everyday…for individual file white listing, it’s much harder.
Regarding blacklist, automated systems are doing great.
I kinda prefer this one ;D >:-D