Stateful or on-access.

Just wondering what is the more preferable setting for the av…?
I run mine on stateful.

What are the differences as the comodo online help page doesnt explain a lot in this regard.


CIS on-access scanning checks files in real time when they are created, opened or copied. (as soon as you interact with a file, Comodo Antivirus checks it). It also scans the system memory upon start-up. If a program or file is launched which creates destructive anomalies, then the scanner blocks it and alerts you immediately.

When CIS is configured with the ‘Stateful’ option only files that have not been scanned since the last virus update are scanned.

Thank you. :-TU ;D

You’re welcome.

So the takeaway is that in on-access mode, everytime you launch an app from start menu, it’ll get scanned (including all the process spawned and files created). There may be some latency in performance there.

In stateful mode, that only happens initially after AV defs are updated. Quite frankly that’s only going to fail on zero-day malware with timer. Although HIPS in paranoid mode should backstop on that quite well, default security settings may allow some of that to fall through the cracks.

I think leaving HIPS at the default disabled and bumping up the auto-sandbox (Behavior Blocker) to Restricted or Untrusted should also work well and be a lot more silent.

when I use Comodo Antivirus free for Windows (both XP Rus 32bit and Windows 7 Rus 64bit at two machines) - when I set antivirus to stateful mode (also named CUMULATIVE, also named OPTIMIZE OF SCANNING PROCESS (RECOMMENDED)) - after that I create, for example, an empty file named and open it by text editor and copy the content of eicar test file into it, save and close text editor - COMODO ANTIVIRUS DOES NOT DETECT THAT EICAR TEST FILE WROTE ONTO MY HARD DISK (Comodo’s help about stateful mode is wrong? If I will trust the Comodo’s help - Comodo antivirus must check this file because it is the new file just created and wrote into disk - BUT COMODO DOESN’T CHECK IT!)

I use the latest version of Comodo free antivirus with updated databases, and it reports that all protection is ok (big green cicrcle in main window)

After that, I try to open this file by any program, (for example, text editor) - COMODO ANTIVIRUS DETECTS IT AND DELETES (MOVE TO QUARANTINE) (suspitios files scanning is on in settings from the beginning)

When I switch to on access mode - and tries to create file again (with contents of eicar test file) - comodo antivirus detects it correctly, in the moment when I try to save contents of this file into disk.

When I use Comodo Antivirus for Linux - it works CORRECTLY, NOT LIKE THE ANTIVIRUS FOR WINDOWS - antivirus for Linux detects this file correctly and deletes it when I try to save it on disk the first time when the file was created and saved - even I use On access mode, even I use Stateful mode!

It looks like you found a bug. If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will certainly be seen by Comodo staff.

For stateful mode you say: “When CIS is configured with the ‘Stateful’ option only files that have not been scanned since the last virus update are scanned.”
What I want to ask is if after database update all files are scanned on access etc in the manner they are scanned if the setting was in access mode.