I have a couple of questions. My first question relates to the AV of Comodo. I have seen videos of Comodo AV in action and where it detects viruses and malware, however, every time some malware or virus is attempted to be removed by someone, an addition message pops up saying that some of the virus and malware cannot be removed and therein lies my question.
What good is the AV if it can attempt to remove infections, but yet it always leaves traces behind? I mean, isn’t the point of an AV to get rid of the entire infection?
My other question also has to do with AV. We know the AV has two options you can choose from, On access and stateful.
Is it better to have the AV on stateful or on access? When I was at my grandmas and I installed Comodo for them, I put the AV on access instead of stateful, but it seemed that the computer froze up a lot when it was on access. Does that option cause the computer to freeze up a lot. I want to set my AV up like that for the most protection, but I don’t want my computer freezing up.
My 3rd question is about Malware white listing.
Why would you white list malware? Why would you purposely let something damage your computer, or am I missing something?
I think these are very good questions. I’ll do my best to answer them.
Actually, for the newest versions of the AV component I have seen them be relatively effective at removing malware. However, a popup will initially come up offering to have comodo employees clean the system remotely for you. Of course this is a paid service. Is this the popup you are referring to? If so there is a box to never ask again when you dismiss it.
Stateful means that a file will not be scanned again until either the file is changed or there is a new database downloaded. Thus both settings actually offer the same protection, it’s just that you will see more of a performance hit if you set it to on-access. Thus, I’d advise that you always set it to stateful.
This is an interesting question. What you are really seeing is malware that is signed with digital signatures. The idea is that if a vendor is trustworthy you should trust anything signed by them. Thus, these whitelisted malware come from vendors who used to produce trustworthy products but have now crossed the line into producing other types of software. By the way, the vast majority of these incidents are about software that is now considered to be adware, which is really just barely considered malware. Thus, the danger isn’t really as bad as it seems.
That said, I wish there was a way to automatically have Comodo check for these itself. Perhaps it does, but if so then that capability needs to be improved. If you like you can check out a wish I made about this. It is posted here.
Please let me know if you have any other questions.
Actually, for the newest versions of the AV component I have seen them be relatively effective at removing malware. However, a popup will initially come up offering to have comodo employees clean the system remotely for you. Of course this is a paid service. Is this the popup you are referring to? If so there is a box to never ask again when you dismiss it.
Yes that is the popup I am reffering to. If the Comodo AV gets better at cleaning up the infection, but sometimes still comes up with that popup. I mean, is it really necessary? I mean, other AVs for example like Avast will clean the virus and malware, but they don’t have a popup that tells you to call in ther tech support to make sure the malware is all gone; btw, I am not dissing Comodo when they do this, maybe they do this for some reason, but I myself don’t think that it is necessary. Is this just to get you to buy Geekbuddy or is there another purpose behind this?
Also, I have another question. If I were to set the AV heretics on high, is it possible not to get any false positives? I mean, everyone works so ■■■■■■■ Comodo to make it the best that it can be, so the number of false positives should diminish rapidly, correct?
Also on the point of whitelisted malware, if the fw, av, or defense plus detects some white listed malware, should you resubmit it to Comodo since it is technically still considered malware and so they can put it on the blacklist?
Essentially, that’s the impression I get as well. I don’t like it but I don’t see it as a huge problem.
The higher you set the heuristics the more false positives you will get. However, bear in mind that anything in the whitelist will not be flagged. Thus, you don’t need to worry about getting false positives for really important files. Also, if you do run into any false positives please report them on this page so that the analysts can fix them.
If you run into any files which are whitelisted, but you don’t believe should be, please post them in this topic. Comodo analysts will examine them and, if necessary, remove them from the whitelist.
That said, whitelisted malware really isn’t a huge problem. In terms of the effect it would have on ordinary users I would say that it is very small. I wouldn’t lose too much sleep over it.
Thanks again. One more question, when running the full scan of Comodo AV for the first time, should I change anything or should I change the AV settings after the full scan completes itself?
However, if the purpose behind your scan is to make sure that your computer is clean of malware then please see this article I wrote about How to Know If Your Computer Is Infected.
