The videos show that if a file is bad it does not run and so does not need cleaning, and if it is unknown file then it runs in it’s own little ‘virtual’ computer, making no changes to your real physical machine, and so if found to be bad the ‘virtual’ machine is deleted, completely forgotten about, so no changes to your physical machine and so nothing left to clean.
Do you understand now?
@Dolphin66 clearly understands and trying to explain to you what you are asking for does NOT make sense, (not only to me but to others who know how our technology work).
2 Likes
Ok that clarifies and explains things much better, but what about those malwares/exploits or viruses that aren’t even detected by the containment technology in that scenario if the antivirus engine & signatures are good & powerful enough then that threat or malware can be eliminated at 1st point only and also for any other single pieces of malwares if antivirus engine can detect and eliminate it at 1st point then it will be more effective for all, thanks.
It doesn’t happen as Comodo has default deny technology which means basically if in doubt keep it out. So unknowns will be put into confinement. Confinement means a virtual machine inside your own computer, so the virus or unknown software can open and do exactly what it would it if it wasn’t contained.
The difference is once it is known to do something bad it will be labeled as a virus which means you’ll never see it again. In case it’s a brand new software or CIS is unsure you’ll be told via pop up hey this looks like software that will do your computer harm we suggest you delete it but if you really want to run it you may. If you do run it there a huge chance you’ll get a firewall alert then after that an anti virus alert. Security in layers.
Or it’s good as will be added to your safe files list and you can interact with the software normally.
3 Likes
Exactly as @patrice58 explains…
what we do is the Opposite of “Detection”…whatever is “NOT Detected” which means we don’t know if its good or not (which we call is the “Unknown”) is automatically put into that virtual mode…so just in case they turn out to be malware they can’t cause damage…
We don’t take risks by allowing an unknown executable run on your computer willy nilly. We always put these unknown executables into a virtual environment.
we use “GUILTY UNTIL PROVEN INNOCENT” security posture. (please do watch the videos to better understand how it exactly works)
4 Likes
Ok understood, let’s see how well Comodo does in all kinds of antivirus tests results everywhere once the final version is released.
The anti virus tests are not the be all and end all. My goodness you still don’t get it…
2 Likes
It’s useless and pointless conversation to discuss this here any further , lets wait for the final release and tests will prove it all that’s that.
You’re in a security software community and you obviously don’t know anything about anything regarding how the software works, even worse is all you seem to be doing is spreading FUD. Be very careful as you might not be here much longer…
3 Likes
Signatures can detect 99% but who protects you from 1% of Unknown malware?
The answer is Auto-Containment.Auto-Containment will virtualize every unknown file until Xcitium decides its either good or bad file.Good files are runned outside the sandbox.Bad files are blocked
Thats it how Xcitium works.Prevention first then Detection.
CIS does a great job protecting against zero day attackss. Check out this Comodo Tech Talk article about Comodo’s Kernel Mode Virtualization which states it protects against zero day attacks:
The link to this article was posted by Melih at August 22 2023.
If you know a malware capable of circumventing the sandbox or have a proof of concept of an attack vector that circumvents the sandbox Comodo is always interested.
Luckily CIS also has a recognizer in the behavior blocker which is capable of detecting malware like behavior and a dedicated recognizer to look for cryptolocker activity in particular
What you are trying to say is that you want to have guarantee that detection will pick up a failure of the sandbox. That is a problematic proposition given the limitations of detection based solutions.
2 Likes
Xcitium has VirusScope(Static and Dynamic Analysis with machine learning) and when an unknown file is sandboxed VirusScope will do the static and behavioral analysis of the file
LOL…this statement above says you still don’t get it 
I give up!
4 Likes
Stolen signatures can be an issue though…
1 Like
You actually know nothing yourself that’s that, Comodo’s antivirus is more than pathetic and everyone knows that how much improvement is required on the same, so stop giving this & that explanations and focus on improving the antivirus which will be of ultimate benefit for all users & the product itself.
Xcitium is the best av in the world.FIRST PREVENTION THEN DETECTION
1 Like
If you believed our antivirus is that bad, then you couldn’t be a user using our product and taking part here. Just admit, you are a competitor and simply here to bash the product. Again you outed yourself!
Its very clear you just registered in this forum to bash our product.
3 Likes
He is banned by Staff
Reason: No constructive purpose to their actions other than creating dissent within the community
1 Like
And also 100% is impossible no AV vendor can score 100% Detection rate only 99%
2 Likes
even that is based on the “malware library the tester has” and NOT whats out in the wild…
All these tests are based on the malware library the testers have…they measure how many of the malware (they have) is detected…
Malware authors are extremely resourceful, well funded and this is a multi billion $$ business, to put it simply, Malware/Ransamware authors are NOT stupid, they will not release their new malware unless they are sure its not detected by all these detection based products out there.
2 Likes