Older Type Malware

Hello Comodo and Forum members.

First of all i would like to comment on comodo for their nice free services and their great community.
Iam using Comodo services for sometime now and i must say the firewall and dns service is great and does provide a way of protection.
However the antivirus module seems to struggle at some malwaretypes.

Win32.FraudLoad.edt and Virtumonde.sdn where found on one of my laptops.
Everytime Comodo fails in detecting various malwaretypes wich should be not happening.
As Comodo parts like the firewall is performing reasonable well, but somehow i got the feeling that the internet security package of Comodo does not perfrom that well as it seriously fails in detecting varios malwaretypes.
Also various known internet webpages seem to confirm that the latest detection by Comodo and its actuall removal does not do a good job.

So i was wondering are there any settings within Comodo Internet Security that would enable better detection and a more solid realtime monitoring?
Exept putting the whole suit into paranoide mode wich is NOT recommended.
Atm iam runninjg CIS (Latest version) with the given basic settings.
The high end laptop is running a totally new and fresh Vista fully patched.
The infection took place by a webpage that used some http script wich bypassed both the browser security (IE) and bypassed Comodo like it was not even there.

Just for testing reasons i asked one of our admins to test CIS by deleberate infecting a CIS protected system to see what CIS would do, and my problem is confirmed CIS does have some serious problems with standard malware like Virtuemonde it does not detect it and does not remove it, however accoording to online comodo sources CIS should detect those and remove them.
Also the proactive defence should take actions to secure CIS and the system but fails time after time, as it does alarms by standard windows programs and files but it stays 100% passive by live known dangers.

Because Comodo has such a good reputation and offers a serious good package for free i was thinking that this info should be noted as i got no reason to believe that comodo antivirus is bad or problematic (Judging from the previous versions wich all performed very well) only this latest build and update simply does cripple the program.

Even after re-installing comodo shows the same problems.
So i was wondering what could be done to ensure that this does not happen again and if other people encounter the same problem?

Kind Regards Nico

Did you get any popups?
Which version of CIS do you have installed?
What is your configuration?

For improved cleaning and detection Comodo will soon be releasing a Beta for Comodo Cleaning Solutions. It’s probably what your looking for, but can you please answer the questions above. The prevention portions of CIS should have been able to protect you from any malware that wasn’t detected.

CIS Version: 5.0.163652.1142
Latest version of Vista Proffesional SP2 (Fresh install & Fully patched)
2x Centrino 2.8GHZ Duocores (Multi cpu mobo)
12 GB Ram (DDR 3)

CIS did not mention anything, no popup’s no warnings nothing and the CIS package was not corrupted.
On our test pc CIS did not detect the mentioned malwares.
Our admin even visited a known live malware site where you can download a whole package with over 5k live virusses and out of the 5k Comodo did only detect 2976 and cleaned only 1535 of them.

While the funny thing is that he has a laptop of his own with a older distro of CIS (It has not been updated for weeks and CIS did nail 80% of the 5k with typical malware.

So he already said that it might be a problem with 1 of the update files that might have corrupted the whole “detection libary of the installed CIS”

It could be. No AV can detect all, at least not at first.

I’d recommend reinstalling it using the methods I suggest here. Just remember you’re reinstalling and not updating.

CIS really should be able to protect you against almost all malware, even without the AV installed. The only malware, in the wild, that I know that can currently bypass CIS, in default conditions, is described here.

Please let me know if a reinstall fixes the problem. If not then there may be a bug that you just discovered. Hopefully not, but who knows. :wink:

Well i did severaL times and ourt admin seems to be right…a older version of CIS does detect the files, but the moment CIS updates it goes totally blind…so the theory about a busted update patch might be correct.
Atm the malware has been removed using a other program wich allowes me to put them in a “savebox” so i can send them to Comodo so they can run some tests them selfs.
I asked some friends to download CIS and test it…they come up with the same thing the version you can download from the comodo webpage does detect and remove the malware…but after the first update the detection is gone…no detection no removal, so this supports the idea that the update released by comodo seems to be corrupt.

If there anyway I could get my hands on that malware pack so I can test it personally?

Without posting it publicly of course. :wink:

Just sended you a PM.