I am surprised to see that comodo does not have a runtime packers scan option in antivirus settings.
I cross checked to see that the “Do not scan files larger than is 20MB”.
I checked with few known malware samples, and it actually does not seem to have runtime packers detection at all.
Is it really true? or am I missing something…
For example, it lets mgy.exe(size 16.7 MB(autorun.autoit.db.worm according to eset4), which is a known malware to almost all antivirus products (checked from virustotal.com). It could execute itself without any problem (only flagged by defense + as partially trusted), and has infected my pendrive too with in seconds of execution along with all my other drives. (43 replications of itself with in 5 seconds) and
Comodo antivirus says it is clean (does not actually scan it at all as it is taking no time to say this)
I checked this with some other known malware samples and surprised to see the same results.
Someone please look in to this, tell me if I am missing any settings in my antivirus component.
I have already submitted the sample to comodo one month ago along with eset and kaspersky, which too failed to detect it earlier. But both ESET and Kaspersky added the detection just within 2 days, and later I checked virustotal.com and found that the sample is now detected by almost 36 antivirus engines, surprisingly not comodo.
Besides, not just this single sample, I checked comodo engine with many other runtime packers, (13 varieties that I have in my collection, almost all( atleast one month old) are detected now by most other AVs) and found that comodo does not scan them deep at all, it instantaneusly says that the sample is clean. That is why I doubt the engine’s capability of handling runtime packers. I could not figure out an option to select runtime packet detection in comodo settings too…
I am trying to find a way to improve Comodo, only CIS seems to be more promising in approach to me.
By the way, AVAST is good, you can use it along with Comodo, just do not install Comodo AV component or disable AV after installation and you can use the rest of CIS. Do not forget to exclude AVAST folders and executables in CIS and Comodo files and folders in AVAST, otherwise your system will slow down and may hang occassionally.
Still, I hope comodo adds more detections and improves it’s AV scanning engine, So my votes for CIS again.