First of all, it is hard to prove that you have a negitive detection, however this was a recent experiance.
Although the firewall had been keeping malware out for months I am getting lock ups and super poor internet responce. I have felt the need to reimage about every week and I am getting real tired of this. I have the best security I can get with out spending thousands for a deep packet inspection.
After I Reimage c: all is well. After I reimage the first thing I do is run firewall tests all test show perfect stealth for all the ports I can find tests for. I only connect to to the network to browse through a limited user account. However, on 2 occasions with reimaged systems I was asked if I wanted to let in some outside traffic as I plugged in the internet cable. I guess I had not set up rules beforer I imaged the drive. I install/reimage unplugged from the network and internet. If I am in stealth mode how does someone know the instant I plug in a cable? Are there other ports that can be opened that are not tested or protected?
The other possibility is could my copy of Comodo CIS have been tainted with malware when I downloaded it? In the one system only the OS and CIS were on the computer before it had been plugged in to the internet. I burn copies of malware to a CD when I get them for easy reinstalls.
I have never gotten a report against any malware even though the computer performance has gotten so bad I have had to reimage several times. Instead of using your browser sandbox I browse using Sandboxie because I am familiar with it. I often review what is in the sandbox. If I find a DLL or exe I scan them for malware and they appear clean. Mind you I didn’t install them so they are malware. How did they get installed with so many layers of protection?
I am hoping there are some other ports that are not protected and the hackers are using them to place malware on my computer. Oh I almost forgot. In one case I was asked for the admin passwrod to install something I didn’t install at the same time I got the warning from CIS. It would apper it stopped one attack but let a second through. This is also going right through a router with both NAT and packet inspection.