Guys you need to stack up your game and improve the signatures

Signatures are regularly updated Comodo Signature Database the criticisms that have been prevalent recently are about Comodo’s AV Detection Engine but as @Melih has pointed out over and over again and I’ve explained here and there even to @New_Style_xd what do you do when just relying on signatures or behaviour for detection? Case in point this

MT - Self Made Fortran Malware topic where Comodo detected it first before Kaspersky, Eset or Checkpoint and therefore allowed to run wild on systems with that malware whereas even with the subsequent rehash of it, Comodo initially labelled it as Unknown and therefore Sandboxed but eventually detected it. Comodo protects you from any unknown or malicious file whether there is a signature for it or not.

There has been recent discussions about detecting dlls of trusted files but perhaps @Melih can provide the answer to that but as some have said, detecting dlls from trusted applications is practically impossible but that executable file would have to contain those dlls within the package in the first place so it’s likely to still be blocked/contained.

Yes Xcitiums AV Detection Engine only detected 34/111 and thats a bad detection ratio
the point here is to improve the AV Detection Engine

However Xcitiums VirusScope is really good and amazing

Well VirusScope is cloud based analysis. CIS us shipped with a light version of the database to improve performance. You can use the Full Signature Database if you wish (under Updates).It’s just 700+ mb vs 250 mb

I’ve not see one single test of CIS where they install the full signature base if they are testing for signature detection.

Yes VirusScope is amazing it uses Static Analysis(Machine Learning) and Dynamic Analysis

Exactly that I agree with you, just improve the detection, it will simply get even better.

That’s right, XCITIUM and CIS, we want improvements in detection, which will always be welcome.

Exactly that, we need to improve the numbers, and that way we customers would be more satisfied.

As Comodo CIS users, we’ve been locked in a one-track mind for some time now.

Coming to the forum doesn’t make us decision-makers.

Nobody listens to our needs: there will be no improvement in the viral base.

There’s no point in hoping.

There’s no point in insisting. We didn’t work for Comodo. It’s not up to us to make decisions.

There are people who are paid at Comodo to decide while we waste our precious time for free.

It’s time to get out and see the sun and nature!

@Melih Im sorry to say this but one thing is for sure if you dont imrpove your detection(AV Engine) alot of users will leave Xcitium and you will loose money too because they want also detection not prevention(Auto-Containment)

if they leave and go somewhere else, they won’t detect the latest and get infected.
Because Detection based systems will always miss.

If someone leaves because of “detection ratio” that means they don’t understand how ours work!

Imagine this Nick123: (true story)

You install Amazon Music on your Professional PC, because you like working with music and you can, because you’re your own boss…

Then, a few days later, Amazon Music updates itself, but, horror, misfortune, it’s true, but it’s not signed!

Comodo CIS goes into warning mode.
You’re a small business owner in the building trade, not a computer scientist. You’re familiar with Amazon and Amazon Music, which you take seriously, so you unblock everything, and you were right to do so (if you want to listen to the latest Elvis).

A few more days and you suffer a real attack and unfortunately for you, the malware is called “Amazon Music” too… More alerts in Comodo CIS!

You know you have no choice: if you want to use it, like last time, you have to authorize everything in each Comodo CIS alert…

And now… There… Now what?

You get an elaborate super-infection that bouzzes all your professional documents! (you only realized afterwards that it wasn’t the real Amazon Music the third time)

Thanks to whom?

Thank you Comodo CIS!

You come and tell us about it here (on this forum), and we’ll either ignore you or tell you it can’t be true! (this is for neophytes, in fact).

Conclusion: A Professional PC compromised, just because the malware wasn’t in the (increasingly) meagre Comodo CIS antivirus database. (like so many others).

Soon, they’ll be telling you it’s Amazon’s fault for not signing off on one of their applications…

The only thing that could have prevented this person’s PC from being bozzed is if Comodo CIS had a real antivirus base. Which it doesn’t.

There’s no substitute for a real antivirus base!

Now go and explain to the little craftsman that he doesn’t understand how it works

Really, all that remains for me is to wish the best wishes for 2025, hoping that this year 2025 will be the complete opposite of the year 2024, that is to say a great year for COMODO CIS.

2024 Comodo year to be forgotten as quickly as possible please!

Happy New Year to All

@Melih I know but alot of people who use Xcitium they expect the unknown to get detected fast if it gets sandboxed…

All unknown files get sandboxed whether there’s a signature for it or not. The File has to be trusted in Comodo’s own database before it’s allowed which makes it unique in that legitimately signed malware ignored by other vendors initially was already blocked by Comodo before anyone else. Comodo can blacklist all i wants and it does but more importantly, as @Melih has detailed and explained in Xcitium Patented API Virtualization it decided whether a file is safe malware or unknown and the malware and unknown are run in the sandbox therefore keeping the system free of infection. In reality you should check any file with multiple online analysis before running it int he first place but not everyone is going to download a file and then uploade it to VT or Valkyrie or various other sites before trying to run it. You know how Comodo / Xcitiium works

Why?
whether it gets a “verdict” 2 min or 2 hours later, it does NOT affect security. User is already protected at time Zero…
Unknown is already detected and user is already protected against it “at execution”…

𝐀𝐧𝐨𝐭𝐡𝐞𝐫 𝐘𝐞𝐚𝐫 𝐨𝐟 𝐔𝐧𝐦𝐚𝐭𝐜𝐡𝐞𝐝 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧: 𝐗𝐜𝐢𝐭𝐢𝐮𝐦’𝐬 𝟏𝟎𝟎% 𝐂𝐥𝐞𝐚𝐧 𝐒𝐡𝐞𝐞𝐭 𝐢𝐧 𝟐𝟎𝟐𝟒!
As we step into 2025, we reflect on an incredible year of protecting millions of endpoints with 𝐙𝐄𝐑𝐎 𝐛𝐫𝐞𝐚𝐜𝐡𝐞𝐬—our perfect record remains unbroken. While no one can promise 100% security in the future, our historical performance stands as a testament to the strength of 𝐗𝐜𝐢𝐭𝐢𝐮𝐦’𝐬 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 𝐚𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞.

𝐊𝐞𝐲 𝟐𝟎𝟐𝟒 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐂𝐨𝐦𝐩𝐚𝐫𝐞𝐝 𝐭𝐨 𝟐𝟎𝟐𝟑:
𝐌𝐨𝐫𝐞 𝐞𝐧𝐝𝐩𝐨𝐢𝐧𝐭𝐬 𝐭𝐚𝐫𝐠𝐞𝐭𝐞𝐝: In 2024, 𝟏𝟏.𝟓𝟗% 𝐨𝐟 𝐞𝐧𝐝𝐩𝐨𝐢𝐧𝐭𝐬 𝐞𝐧𝐜𝐨𝐮𝐧𝐭𝐞𝐫𝐞𝐝 𝐩𝐨𝐭𝐞𝐧𝐭𝐢𝐚𝐥 𝐭𝐡𝐫𝐞𝐚𝐭𝐬, up from 𝟖.𝟖𝟕% 𝐢𝐧 𝟐𝟎𝟐𝟑—a 𝟑𝟎% 𝐢𝐧𝐜𝐫𝐞𝐚𝐬𝐞 𝐢𝐧 𝐚𝐭𝐭𝐚𝐜𝐤𝐬.
𝐌𝐨𝐫𝐞 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 𝐮𝐬𝐢𝐧𝐠 𝐞𝐱𝐢𝐬𝐭𝐢𝐧𝐠 𝐭𝐡𝐫𝐞𝐚𝐭𝐬: The percentage of 𝐛𝐫𝐚𝐧𝐝 𝐧𝐞𝐰 𝐮𝐧𝐤𝐧𝐨𝐰𝐧 𝐟𝐢𝐥𝐞𝐬 that turned out to be malware 𝐝𝐫𝐨𝐩𝐩𝐞𝐝 𝐭𝐨 𝟑.𝟓% 𝐢𝐧 𝟐𝟎𝟐𝟒 𝐟𝐫𝐨𝐦 𝟑.𝟖% 𝐢𝐧 𝟐𝟎𝟐𝟑. This shift highlights an increase in attacks leveraging existing threats.
Despite the rising threat landscape, 𝐗𝐜𝐢𝐭𝐢𝐮𝐦 𝐜𝐨𝐧𝐭𝐢𝐧𝐮𝐞𝐝 𝐭𝐨 𝐥𝐞𝐚𝐝 𝐭𝐡𝐞 𝐰𝐚𝐲 𝐢𝐧 𝐩𝐫𝐨𝐚𝐜𝐭𝐢𝐯𝐞 𝐜𝐨𝐧𝐭𝐚𝐢𝐧𝐦𝐞𝐧𝐭, 𝐞𝐧𝐬𝐮𝐫𝐢𝐧𝐠 𝐙𝐄𝐑𝐎 𝐛𝐫𝐞𝐚𝐜𝐡𝐞𝐬 𝐚𝐜𝐫𝐨𝐬𝐬 𝐦𝐢𝐥𝐥𝐢𝐨𝐧𝐬 𝐨𝐟 𝐞𝐧𝐝𝐩𝐨𝐢𝐧𝐭𝐬.

𝐇𝐨𝐰 𝐝𝐨 𝐰𝐞 𝐝𝐨 𝐢𝐭? 𝐖𝐞 𝐩𝐫𝐨𝐚𝐜𝐭𝐢𝐯𝐞𝐥𝐲 𝐧𝐞𝐮𝐭𝐫𝐚𝐥𝐢𝐳𝐞 𝐮𝐧𝐤𝐧𝐨𝐰𝐧 𝐭𝐡𝐫𝐞𝐚𝐭𝐬 𝐛𝐲 𝐯𝐢𝐫𝐭𝐮𝐚𝐥𝐢𝐳𝐢𝐧𝐠 𝐭𝐡𝐞𝐢𝐫 𝐚𝐭𝐭𝐚𝐜𝐤 𝐯𝐞𝐜𝐭𝐨𝐫𝐬, ensuring they cannot harm your business while maintaining seamless operations.
As we gear up for 2025, our mission remains steadfast: 𝐭𝐨 𝐩𝐫𝐨𝐭𝐞𝐜𝐭, 𝐞𝐦𝐩𝐨𝐰𝐞𝐫, 𝐚𝐧𝐝 𝐞𝐧𝐚𝐛𝐥𝐞 𝐢𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧 𝐢𝐧 𝐭𝐡𝐞 𝐟𝐚𝐜𝐞 𝐨𝐟 𝐞𝐯𝐨𝐥𝐯𝐢𝐧𝐠 𝐜𝐲𝐛𝐞𝐫 𝐭𝐡𝐫𝐞𝐚𝐭𝐬.
𝐇𝐞𝐫𝐞’𝐬 𝐭𝐨 𝐚𝐧𝐨𝐭𝐡𝐞𝐫 𝐲𝐞𝐚𝐫 𝐨𝐟 𝐭𝐫𝐮𝐬𝐭, 𝐫𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞, 𝐚𝐧𝐝 𝐢𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧!

I think the future may be ZERO Trust, but I see it more as a problem of education at the moment. How do you get the word out in an industry dominated by groupthink? Comodo’s influence can only do so much.

All these institutions who keep getting hacked tell us our data is safe so we will maintain trust in the system. But they will eventually get hacked again & again if they continue to rely on detection because even with the best database and detection technology, there will always be 0-day threats, which AFAIK according to mathematicians cannot be theoretically detected 100% of the time. I see that part of the user base wants to be placated. Perhaps in time.

If Comodo become more aggressive people’s opinions will be different and they think it’s better, but they are just more aggressive. Also, low detection rate doesn’t mean low false positive rate so why not become more aggressive? Almost every malware reported to Comodo but most of them still didn’t get detected. Comodo can use, my databases of course and it would be great (Even if some signatures have GPLv2 it’s not directly violation if you mentioned somewhere which is not important). They generally focusing on prevent malware not detection. If they want, they can become one of the best antiviruses ever at detection.

I don’t think Comodo is really interested in their AV product as they only developed their AV product because people were complaining about CIS not having a AV component. So it was added so the security suite looked more complete, so I wouldn’t expect best in class actually I wouldn’t expect best in class anything as far as the AV is concerned.