After a lot of usage on a system protected by a comodo product. A lot of vendors will end up in the trusted vendor list and remain there after they’re no longer trusted.
CIS,CFW & CAV should automatically run a check of all of the vendors listed in the locally stored list of vendors to check for any vendors that need to be removed or at the very least, labeled as “malicious” or “unrecognized” Perhaps this could be done by taking the time to check the signatures themselves of every application started in addition to what comodo products already do.
This would help prevent signed malware from being allowed to continue running on a system protected by CIS,CAV or CFW