Dynamic Analysis Test With Comodo

I tested my malware analysis aganist Comodo at dynamic analysis. Except false positives (Although false positives also got flagged by other antviruses) it performed clearly better than Comodo surpsingly at dynamic and static analysis. At advanced static analysis my malware analyzer have better signatures obviously and can comparable with Kaspersky signatures. At advanced dynamic analysis it’s detects some stuff with his dynamic analysis features. So this open source actually detects unknown stuff. If you don’t believe me let me explain it. The malware analyzer focuses on only one sample. So no real-time protection etc. But detects a lot of stuff. It has 30+ million line signatures. 21.6+ non IDS website signatures. 2+ million YARA signatures. 8 million ClamAV signatures. 50k+ machine learning signatures to detect known PE file malwares and whitelist it. It’s fully localized and handling them is hard task. So scanning time is slow. There no protection but good detection rate compared to Comodo. I don’t using hash. Comodo is still pretty good product but I think they should own that project.

1 Like

Hi @XylentAntivirus

Thank you sharing your feedback. Could you please provide us further details which exact product you have tested our dynamic analysis along with sample sha1 details to investigate further

1 Like

They are Malwarebazaar daiy 26.06.2024 samples.

The open source name is malware bazaar

Could you also share us screenshots of the analysis results of both malware bazaar and our comodo dynamic analysis for us to investigate

1 Like

No I tested with that tool which is still under high development. It just analyze a one file deeply. HydraDragonAntivirus/HydraDragonAntivirus: Dynamic and Static Analysis with Sandboxie for Windows with ClamAV, YARA-X and my machine learning AI module also Snort (github.com)

thank you for sharing the details @XylentAntivirus

1 Like

Anti-VM Anti-Debug Malware vs Hydra Dragon Antivirus (Undetected by Xcitium and ClamAV) (youtube.com)

1 Like

This looks like VT results rather than actual product results. VirusTotal just uses basic signature scan an not full features of CIS/Xcitium and in your other test against unknown samples https://www.youtube.com/watch?v=vFZUEmpI01I both Containment and hips disabled. Did you even enable Full Signature base for the signature?

Interesting tests but no reflection on CIS’s full capabilities.

1 Like

I also looked verdict of Comodo. Xcitium Cloud Verdict It’s first undetected after human analysis it’s got detected.

The containment disabled because Hydra always does analysis under containment. HIPS is more aggressive than my product. That’s why it’s disabled.

Comodo’s containment will block 100% unknown and therefore 100% malware and in a similar fashion to Hydra, analyzes files in it’s own containment. While it’s AV scanner could do with improvement, containment protects the system fully. See this recent test: Comodo Internet Security 2025 Test

1 Like

The truth is this: Comodo will generally always best at protection due to sandboxing and having best firewall. But at detection part it’s not best actually, even if he has good detection rate against unknowns open source Hydra is best. Because it focus on one file (which I did in past in Hydra first version with checking is destructive malwares touching common system32 files. I didn’t readded yet.) and dynamically analysis it, I already posted static analysis results, It can detect a lot of stuff with maximum aggressiveness but I removed a lot of stuff due to aggressive detections. I need create drivers for better real-time protection but now I focusing on detection at dynamic and static analysis. My main goal is improve Comodo or other products detection rates. Some people think Comodo is bad due to they focus on which antivirus has a best detection and they generally see Bitdefender or Kaspersky at detection tests. Hydra is actually have good detection rate and protection based on sandboxing. You can use for deeply analyze one sample. Which you can use at Xcitium verdict. But it’s not should decide main conclusion. Because even if Hydra is less aggressive day by day and more stable. It’s still pretty aggressive but you can show why it’s flagged with details because it’s open source. Open source malware analysis software biggest advantage is this: You can see why it’s flagged with clear conclusion but at closed source you must hide source code to earn more money. The motivation is money generally but there is a paradox. You can train your module with open source and you can do that with less money. But of course it’s not enough to make open source good solution. Open source malware analysis software biggest disadvantage (at least according to most people) is actually you can see the code to find zero day and bypass it. But if we have good open source community then it will change scenario Everyday malware analysis software become more powerful and malware developers have less space. It’s so complex topic but that’s my opinion.


Actually I now realised there must be a settings about HIPS aggressiveness which I can make more less aggressive. Sorry for that. Edit: Even if you using old year old Comodo it should perform very goodly like Avast did. But most important thing is zero-day detections. (Experiment) Can an almost 10 year old Avast Premier defeat modern 0-day malware? (youtube.com)

HydraDragonAntivirus Open Source Dynamic Malware Analyzer With Machine Learning vs Zero Day Malware (youtube.com) I think Comodo should use Machine Learning module of this project because so powerful.