runtime packers scan

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
#1

I am surprised to see that comodo does not have a runtime packers scan option in antivirus settings.
I cross checked to see that the “Do not scan files larger than is 20MB”.

I checked with few known malware samples, and it actually does not seem to have runtime packers detection at all.

Is it really true? or am I missing something…

For example, it lets mgy.exe(size 16.7 MB (autorun.autoit.db.worm according to eset4), which is a known malware to almost all antivirus products (checked from virustotal.com). It could execute itself without any problem (only flagged by defense + as partially trusted), and has infected my pendrive too with in seconds of execution along with all my other drives. (43 replications of itself with in 5 seconds) and

Comodo antivirus says it is clean (does not actually scan it at all as it is taking no time to say this)

I checked this with some other known malware samples and surprised to see the same results.

Someone please look in to this, tell me if I am missing any settings in my antivirus component.

#2

yes, comodo cant detect runtime packers, i saw this 1week ago.

#3

Hi gvvsss,
If you can find the FP file,you can submit through this
link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.
Thanks and Regards,
Lin mengze

#4

So are we protected since Comodo can’t detect runtime packer? Thanks for the information…

#5

Comodo have some difficult for detect encryption malware, like rc4 , x0r, hoffman, but can detect !

#6

I have already submitted the sample to comodo one month ago along with eset and kaspersky, which too failed to detect it earlier. But both ESET and Kaspersky added the detection just within 2 days, and later I checked virustotal.com and found that the sample is now detected by almost 36 antivirus engines, surprisingly not comodo.

Besides, not just this single sample, I checked comodo engine with many other runtime packers, (13 varieties that I have in my collection, almost all( atleast one month old) are detected now by most other AVs) and found that comodo does not scan them deep at all, it instantaneusly says that the sample is clean. That is why I doubt the engine’s capability of handling runtime packers. I could not figure out an option to select runtime packet detection in comodo settings too…

#7

Then should I dump comodo antivirus and install avast or mircosoft security essentials to replace comodo antivirus?

#8

I am not really much positive with AVAST or AVG.

I am trying to find a way to improve Comodo, only CIS seems to be more promising in approach to me.

By the way, AVAST is good, you can use it along with Comodo, just do not install Comodo AV component or disable AV after installation and you can use the rest of CIS. Do not forget to exclude AVAST folders and executables in CIS and Comodo files and folders in AVAST, otherwise your system will slow down and may hang occassionally.

Still, I hope comodo adds more detections and improves it’s AV scanning engine, So my votes for CIS again.

#9

I am glad to see that Comodo picked my samples today, all of them. I did not observe, which component exactly picked them, I wiill follow anyway, but it did pick them and stopped them from executing.

Cheers.