interesting reading/contest about how to defeat traditional AVs...

yep… it is easy to defeat traditional AVs… thats why we have CFP v3!!


CFP is really superior software and I cant wait for TC to come out from beta.

Melih please could you tell us about progress in developing new features for our beloved software, are you satisfied with Re-design of CFP Alerts thread and what you think about suggestion there, will some of it be implemented in new build?

here is something i wrote about this … yep i do have strong views :slight_smile:

the cpf alerts page gave us good ideas, we are now working on new re-design and still digesting all the info that Threatcast is providing to us. Expect good things :slight_smile:


Thanks for info. Melih (V)

yep, but how many people really understand that it’s not just a fanatic attitude to claim that comodo is the best solution to protect systems?
here is a fact that the AV i use failed on some file detection, and that i detected by using defense+
it’s an email i received from kaspersky after i found a virus with defense+ as my av kaspersky didnt detect the malware :

De: newvirus[ at ]
Envoyé: dimanche 20 avril 2008 14:47
À: ailef[ at ]
Objet: RE: password : kaspersky [KLAB-4738179]


packed.exe_ - Trojan-Proxy.Win32.Agent.ahg

New malicious software was found in this file. It’s detection will be included
in the next update. Thank you for your help.

Please quote all when answering.

Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus[ at ] - free online virus scanner. - technical support.

Attachment: packed.rar


that’s just a fact and this is clear enough to get that even a good AV as kaspersky failed cause it works with virus list and find no virus if it’s not listed by the team.

and this is 1 example of AV failure, but how many files are not listed and dangerous?

and don’t think that it’s cause kaspersky is not a good AV, most of AV failed to detect this virus.
and i’m not sure that all AV are updated now and all detect this virus.
nod32 was unable to detect it this week, i sent it to some friend and he found no malware.
i told him to send the file to nod32.

i will not post the file but P2P networks are full of files like that so even if your AV says nothing when u scan what u DL, be carefull cause it’s easy to bypass the AV.

u’d better take very seriously Melih advices, cause on the internet, u can become a victim in no time and your machine can be just a tool for some people to commit bad things, and u just don’t know that your machine is used by someone else and u help him to attack servers, people, or spaming, and malicious people cant just be found, but u can be detected as some user that did those bad activities as u’re just a victim of those people…

So, how CPF +defense do its job? I know virus checklist is part of any AV mechanism. From CPF installation, I’m sure CPF also use that kind of checklist. If CPF dev. referring about algorithm check, does any (good) AV do that too?


Comodo Firewall Pro is an Antimalware/spyware/adware/virus/trojan/keylogger product. It is NOT based on detection, but instead, CFP 3 uses Defense+ (HIPS), One of, If not, The strongest Host Intrusion Prevention System in the world. You still need an AV though for detection. A good AV+CFP 3 is only thing you need for on-access protection.


no it doesnt detect virus or trojans etc, defense+ alerts u about the file activity and that’s how u know that the file is trying to do bad things. if u allow a file to modify protected regkeys ,create dlls or acces high privileges to control the system as there’s no reason that it has to do that, it’s a malware, so u have to block that kind of activities. except if u sure u run a safe app but with an unknown file trying to modify your system to take control of it, defense+ alerts u about all those dangerous activities so u cant allow that kind of file to run on your system, even if your AV said it found no bad code. AVs work with update list of known virus but defense+ doesnt need a virus list, it controls the file before it can access the memory and u can block it before it atttacks your system.