Potentially dangerous design flaw

Since 4.1 the sandbox has a realtime “cloud” request. That’s a nice thing (would be even nicer if there would be a notification but that’s not the issue here…).
However, it seems to be used just for whitelisting. If a program is known to be malicious to the Comodo server and not detected by the AV component yet Comodo doesn’t show this in the sandbox pop ups:

http://www.ld-host.de/uploads/thumbnails/68779d2b19f8c2a9ec181c16c912fa83.png

It’s a waste of detection and probably even protection.

When Comodo is doing a server lookup, why doesn’t it do a little check to see if the program is on the blacklist?

That’s a great (and scary) point.

It is my understanding that ‘Daisy’ will be employed for in-the-cloud malware analysis sooner rather than later.However as always with my memory,I might be wrong. :-\

The AV will do a cloud look up. So, if the file is known malware it will be stopped by the AV before it even will get handled by D+/Sandbox.