A few week back i tested a couple of malwares when CIS 5.8 was in beta and they could bypass defence+ easily and even crashed CIS and Windows
It was a BUG So i uploaded the bug report here https://forums.comodo.com/bug-reports-cis/cis-58-bug-that-crashed-cis-and-windows-t77531.0.html
i since it was beta i thought it would be fixed in the full version but Dev’s could only fix CIS crash and the malware’s still bypasses Defence+ easily without alerts and modifies a lot f system files as well
I really believe COMODO should put their main effort on fixing all this Sandbox and Def+ bypasses, rather than cloud AV.
We all know that Sandbox and Def+ are the main line of defense of CIS.
Wether its good to try to catch more viruses with traditional AV, that shouldnt be priority since it will make CIS similar to other Vendors Products.
Any word from COMODO on how this bypasses are being taking into consideration for next releases gives peace of mind.
i dont think comodo is putting their main effort into the AV. they are always improving all aspects of cis. im sure you know with v6 there will be full virtualization with the sandbox, with 5.8 they made the hips as strong as 32 bit. now they are improving av by making a cloud component (im sure it will be more of a complete cloud av then now) which will have valkyrie
Most people rely on defence+ and sandbox rather than antivirus
Antivirus is not always capable of detecting new viruses if it doesnt have a signature for it
Anyway its always been a comodo policy of prevention that is defence+ and if a malware can bypass that then it makes defence+ useless
whats the use of viruses getting detected by antivirus weeks later when the damage has already been done that defence+ could prevent
Its always been know that antivirus which is the first line of defence and defence+ second line of defence and if both dont react to new malwares which can pass them then how will users be protected
A user wont even know for weeks or months that he is infected unless the antivirus update has a signature for the virus and detects it which will be too late since all the damage will be done
we all say we will have this and we will have that in CIS v6 but what about now ?
we always think of the future ignoring the fact that our present is in danger !
Right now seems they are working on the cloud AV. Fanny said it, integrating Valk into it.
But no one has said something about the various bypasses (this post in example).
loveboy_lion its right. This threats are “todays” problem. which need to be fixed in 5.8 and not v6.0, which is still not in beta stage yet.
I have the same problem. I got it “fixed” when i u ntickedthe Sandbox option to automatically detect installers and updaters. Try it while waiting Comodo to fix this.
D+ seems to stop work silently without any warnings, then it will pass all executables including malware through. This seems to be a Win7 64-bit problem.
Or it seems to work, but it treats unknown executables as installers and that is why they are not blocked. Maybe a bug i definitions how an installer is defined.
No offence languy99 but i have seen your reviews on youtube and i think i should upload a video for the conformation
I tested it on windows 7 x64 with enhanced protection on but i guess u should test with these settings
the viruses that bypass defenc+ and sandbox test them with follolwing settings http://www.techsupportalert.com/content/how-install-comodo-firewall.htm except antivirus and cloud scanner in defence+ off and you will be amazed est the files with 2-3 hard disk partitions
since one of them deletes all the partition
the other one copies itself and other files and loads files from temp folder into the memory which are digitally signed
they are conformed malwares you can check them by virustotal as well
Well loveboy_lion I followed the settings you gave in that link… with AV and cloud off… and to be honest nothing happen.
Did it all in a Virtual machine… gave it 2 partitions… and nothing happen CPU usage remained low, and Memory usage stayed at 24%… So I cant say that they bypass CIS with those settings. Weirdly enough… Only Clipper and Winprefs where able to run.