I said OFFICIAL WEBPAGE, not forum post that keeps getting replaced by other one. A page you can direct casuals users at, not some obscure forum post.
The website page https://www.comodo.com/antivirus-internet-security/#cis will only install the Pro version. See download link at bottom of screenshot. The website hasn’t been right for a couple of years now. The top of this release post has the same download link but “cispremium_installer”
You can’t get it from the website although you used to be able to a few years ago. The issue has been raised dozens of times but it’s outsourced and seemingly never fixed. There is a current topic regarding the website issue here: https://forums.comodo.com/t/this-website-is-way-out-of-date/363913
@SystemShock You can always download the Pro version and it’ll nag you ever so often for the trial period and then offer you to continue with the free version but that doesn’t always work.
Just received a program update for CIS 2025 and the “What’s new” button linked to changelog from 2024… Anyone knows what’s new?
What version did you upgrade to? If you enabled Killswitch, there is a small update for updating digital signatures for that product but nothing else.
Yeah, I did use Killswitch. I guess it was just that.
1 Like
Dear EricCryptid and cruel sister, watch the link to the video " https://www.youtube.com/watch?v=kdxEgt_V-fI&t=3s "
And comments : Poweruser
4 days. back
To get straight to the main point: how ransomware tries to encrypt files.
The juiciest is after 10:40. There’s pure DLL hijacking through substitution version.dll in a tricky way (like _E:\H_C\D\DLL\ComodoBypassAAABBB…). Ransomware is custom, Microsoft sees it as a Trojan:Win32/Bearfoos.B!ml.
What the author himself wrote (full translation of his posts from malwaretips.com/threads/comodo-internet-security-vs-targeted-ransomware-attack.139853 /):
"The most interesting part starts after 10 minutes and 40 seconds. The attack vector is specific to machines with Comodo. Although the techniques used here are well known, the attacker needs to avoid many of the popular LOLBins that Comodo’s Script Analysis covers. Such highly targeted attacks mainly affect businesses.
The part related to the delivery method (ClickFix, phishing, SEO poisoning, netballs, etc.) was skipped to make the video shorter."
And more from post #19 (literal translation): "Before this video, I analyzed several real DLL hijacking attacks in the wild. Almost all of them also used scripts and LOLBins in the infection chain, which are covered by Script Analysis or Comodo Auto-Containment. Therefore, if the attacker does NOT know that the victim has Comodo, his attacks mostly fail, even if such attacks can be effective against popular AVS.
However, the attack shown in the video was easily detected by Microsoft Defender (I did not send the DLL for analysis).
[here is the full Defender log from 02/22/2026 09:16:42 — Trojan:Win32/Bearfoos.B!ml, the path to version.dll , Severity: Severe, Detection Type: FastPath]
This is why attackers avoid this method in the wild. They use other vectors optimized to bypass popular antiviruses."
Analysis (with facts and without water): Comodo in Proactive mode really nails 95% of the usual home threats and cruelsister tests. But once an attacker knows about your protection, he simply does not touch his favorite LOLBins (powershell, regsvr32, etc.), but goes through a rare DLL digest. The technology is old (Microsoft warned back in 2008), but it is still alive in Black Basta/ALPHV campaigns against companies.
Video summary: Comodo containment didn’t work 100%, ransomware started working… but Defender calmly killed it. That is, the “elite” AV has almost passed, and the free built—in Windows has finished it off.
From real life:
On malwaretips, a bunch of users confirm: “even without containment, the PC crawls like a turtle.”
Targeted attacks on businesses (where Comodo is the same everywhere) are no longer a “torrent virus”, but 70-80% of modern ransomware.
Similar DLL hijacks bypassed other AVS, if the configuration is known.
EricCryptid and the cruel sister what do you think about it
Another Comodo flaw, we need a fix because this program is getting complicated with all the bugs.
I hope the new version comes with the promised fixes. Because if it doesn’t, unfortunately they’ll fall far behind antivirus programs, even behind ClamWin.
@nik.luckin I look forward to when a real world example is available. @cruelsister has asked that author for samples many of times but to no avail. A file has to execute those commands and that test file on the desktop has to get onto the system somehow and then be determined safe by Comodo.
DLL Hijacking proctection was removed years ago because of false positives: Almost 300 Windows 10 executables vulnerable to DLL hijacking - #3 by DecimaTech
You can always do what @cruelsister recommends and only install the Firewall so it’s your first line of defense and then let Microsoft Defender augmented with ConfigureDefender handle the AV element.
2 Likes
Dear EricCryptid, I’m sorry, I was just confused by this video. And (I’m looking forward to seeing a real-life example. @cruelsister has asked the author for examples many times, but to no avail. The file must execute these commands, and the test file on the desktop must somehow get into the system for Comodo to recognize it as safe. ) I totally agree with you. And once again, I apologize for my weakness.
1 Like
“Hopefully, the new version will have the promised fixes.” I agree!!!
1 Like
You’re in the same boat I was for a long time. One uncertainty led to another.
I’ve broken free from that. Security is a chain of factors, not just dependent on one program, even though it’s certainly important. With comodo and even Dragon, I’ve been spared from attacks so far. Ignorance, and even knowledge, can easily throw you off balance, ignorance even more so.
I use @cruelsister’s settings, but also quite a few of my own rules, further increased the security settings in CIS, prefer to block by lowering the trust level, and even uninstall purchased programs when necessary, such as an Adobe program. Every time I started it, CIS notified me that it was blocking access attempts to my PC to protect my data. I’ve also recently started using Cyberlock, HitmanPro Alert, and a VPN. Apparently, it’s impossible to open websites without JavaScript. Nevertheless, I’ve disabled it and only enable it sporadically.
Needless to say, I avoid clicking on any dubious links. I don’t receive any dangerous emails. Windows crashed through my own fault (I was tinkering with the registry – the PC wouldn’t start anymore). Recovery using Kaspersky’s rescue CD followed by a deep scan revealed: 0 threats.
I was recently on the verge of switching to Bitdefender. However, I’ll switch immediately if a dangerous vulnerability in Comodo CIS should be discovered, and in that case, I’m relying primarily on @cruelsister and @Andy Ful. There are also several people here in the forum who can help provide a clearer perspective.
And again: After more than a decade and a half, no attacks, no malware, etc. Is it luck, am I uninteresting, is Comodo not worth the effort, etc., or have I simply been cautious? Probably all of the above – it’s a chain reaction, not just one program alone, even if it seems to be the strongest link in the chain.
2 Likes
[quote=“prodex, post:728, topic:362887”]
В этом случае я полагаюсь в первую очередь на @cruelsister и @Andy Фул.
[/quote] prodex I totally agree with you
A fun video, but is not actually what it seems to be.One might think that this is just a simple PE32 file (.exe), but it really isn’t- (note the text message at ~3:26).
I’m not gonna give anything away, but just understand that (although pretty) this is not a singular self contained malicious file.
5 Likes
Interesting. Maybe I need to re-watch it to understand it fully.
Dear cruel sister. Thank you for your explanation. I really didn’t understand much in this video!!!
Dear EricCryptid. Can you tell me if the installation and updating of COMODO is blocked in Russia or not?
And the same question to C.O.M.O.D.O_RT, can you tell me if the installation and updating of COMODO is blocked in Russia or not?