I was searching over some test results and came across this. I was wondering what the failure could be linked to and whether this would be something of bigger concern?
2 Likes
Hello kchtim1, I am also very surprised, COMODO has become infected (FAILURE: Error, that is, the virus was not blocked and infected the system.) question: what about the sandbox?
1 Like
This took a while to appear in the reports, because the CIS has been riddled with security flaws for a long time.
I’m curious to see what the comments here on the forum will be after this.
I’m curious what mental gymnastics they’ll do to say it’s nothing, that CIS still protects, but we’re seeing that’s not quite the case.
A serious CIS flaw.
As I said, you need to update your antivirus.
The sandbox couldn’t handle it because they need to update it. There are several exploits in the sandbox.
It’s already been reported here for people to fix, but nothing has been done yet.
Now here’s the result, and look out for more.
Dear New_Style_xd, I don’t think there will be any comments from the COMODO team.
1 Like
Can you tell me what specific vulnerabilities
I would not trust those tests too much. They probably use old malware (even avast or eset score 100%, the second is particularly known for its weak zero-day components).
So yes, COMODO was bypassed once, but the rest of AVs tested is not better than COMODO in any way
1 Like
I have to disagree. The difference between one failure and zero is pretty significant. The default deny architecture shouldn’t allow any infection regardless of the age of the malware. If this were a normal anti-virus company that released regular updates, one failure wouldn’t be a big deal. They’d release an update that mitigates the issue, but this is Comodo. There hasn’t been an update in months and there’s no indication that’s going to change. This is now a known exploit that will remain unpatched.
2 Likes
There’s no point anymore, CIS has just been discontinued, that’s official, according to the XCITIUM forum.
Yes, I also read about it on the XCITIUM forum.
What??? So we will no longer have a free comodo firewall?
From the post I saw on there, CIS has been “discontinued”. Presumably no more updates for CIS free or paid.
Hi New_Style_xd,
Can you post a link to that post on the Xcitium forum please ?
They are referencing this post: https://forum.xcitium.com/t/comodo-internet-security-is-low-priority-while-xcitium-is-high/20027/5
What people aren’t taking into account here is the context I believe the dev in that conversation is referring to when Comodo was an enterprise product before it was rebranded. All we have to go on is a screenshot of a discussion, nothing official and no topic posted by the development team. Yes, Comodo is way way behind in any sort of development and nearly 3/4 the way through the year, no update so it’s anyone’s guess because of lack of communication from the development team. CFW will be here and downloadable as long as those links are active so save yourself the worry and save the offline installer file.
Anyway, much backend updating needs to happen and at the very least current sandbox technologies but it work well at containing unknowns on the whole. The mentioned mimicking of safe files has to get onto the system in the first place and although I lack knowledge in that department, I doubt it’s easy to replace a file including it’s SHA and then be activated as malware. False negatives are few and far between. I’ve been using CFW since version 2.0 and I can only think I’ve seen an actual false negative for quite a few years.
Use what works for you. I don’t have CFW on my production machine at the moment as still working out a workaround for CFW blocking oem software powershell scripts but it’s default deny approach has always worked well. This current result is the first time in CIS history with avlab to have less than 100%.
4 Likes
Analysis Of System Protection Against Active Online Malware – July 2025 » AVLab Cybersecurity Foundation this explains somewhat in detail what caused the failure.
Is that how I understood it (The results of Comodo and Xcitium are also surprising, since both solutions failed to block the only (identical) threat that was previously classified as false negative by the developer: incorrectly labeled as safe in the developer’s cloud, which may have affected the global reaction of workstations.) ?
Although AVLab should be commended for their transparency, I find that there may be an issue with their results for the malicious file in question (a stealer).
First off, the file is somewhat environmentally aware and will not run in Containment (at any level) as the Remote Procedure Call to the server in Moscow will be prevented, and once blocked the malware will shut down.
Also, if the file is run outside of Containment there still will be a Firewall alert- even better is that with Containment disabled, Firewall enabled and CF in Silent Mode multiple server calls to Moscow are blocked automatically and the file dies.
4 Likes
But they had default settings, so the sandbox was working, and they had an infection in their test. I’m sorry or I don’t understand anything.
1 Like
No idea what they did incorrectly, but the malware was blocked from working. I even gave the malware the benefit of being “zero day” by turning off both File Rating and VirusScope (VirusScope detects it now, so that would have been no fun).But the malware was stopped as I noted previously…
For any that would like to play, the file is is:
SHA-256 76ACC48BDB39734F5ACB1FF7903F09D7B7B804C52F4EC731655A68796AE6CD3E
or even better just search for: 80.78.242.83
that’s the IP that the file (build.exe) attempts to contact and what all the AV’s are basing their detections on.
3 Likes
Cruel sister, with your explanations you bring comfort and confidence to those of little faith like me.