First of all, you need to understand that and AV is a detection layer. This is not nor should ever be used as the first line of defense in any system.
Prevention is the method CIS uses, with Detection the last layer. A virus, or a rogue/unknown program cannot do any damage to your system if it cannot access your system resources.
The Sandbox, HIPS, even the firewall, are each a layer that will prevent anything unknown or dangerous app/program from causing harm to your system.
There are other layers with CIS (before even considering the AV layer) that add to this Prevention.
Yes, you may think the AV is weak by comparison, but Detection will never stop 0-day viruses (they first have to be detected (discovered), analyzed, and some form of signature created and sent to the AV scanner before the virus can even be detected on another computer.
Prevention, on the other hand, will always stop anything unknown (0-day).
Thank you for your response and your explanations.
It goes without saying that the first protection is the user himself, me. That is why I limit my Web site navigations I know or recognized even if nothing is infallible.
I’m aware that a virus is not the only protection is for this reason that I have set the Comodo Firewall with the sandbox and HIPS.
But I was surprised at the failure to detect these files as they must be, I think, be known.
I don’t know how they are generated.
Hello krist52. There is no ineffective protection In CIS. The test you posted the link to is useless. Wrapping the Eicar test file in layers of compressed files. The only thing that matters is when the final file is extracted. Even if malware was deployed on a system using the technique with CIS it would never get passed the HIPS and Sandbox even if the AV failed to detect it.
What John Buchanan is correct and very well spoken. The AV is a layer of the software, and not the most important one from the standpoint of blocking malware.
AV-Test bases it’s scores of signature detection only. The protection from the HIPS and Sandbox are not included in the overall score even if the system is protected from the samples. In this method of testing it does not provide an overall view of the defense capabilities of CIS, and puts it at somewhat of a disadvantage.
“During July and August 2015 we continuously evaluated 21 home user security products using their default settings”. - AV-Test
CIS come with it’s default configuration for inexperienced users so they are not overwhelmed with the software. An experienced user who truly understands the functions and settings can harden the security to a whole new level. Comodo Internet Security is the best protection either free or paid that is available. I would personally challenge any vendor. Lets take one hundred true 0-day samples and run them against their respective security suites. I will do the same with the exact samples with CIS and lets see what is what with each system after a reboot. 88)