The most missing features

  1. Aanti-exploit
  2. Ransomware shield
  3. Data shredder
  4. When CIS firewall enabled, it must disable Windows defender firewall to avoid conflicts.
  5. The scan exclusions applies to all scans (real-time, manual and scheduled) while it should have options to enable exclusions separately for each scan profile.

Comodo should imitate from Avast internet security because of its usability and features.

Hi nati_davar,

For following items, you are protected by default due to default-deny with Comodo:

Following can be considered, you might want to add as wish list item and we can see interest in it:

Typically, as per Microsoft guidelines, you are supposed to register with Security Center and not suggested to mess around it’s settings:

Thanks
-umesh

Where does Comodo fail against Ransomware to warrant this “Ransomware Shield”?

A lot of people fall for hype of other providers who have to create a different technique to “detect” malware and they package these as if they are a different product or feature.
With Comodo its simple, an Unknown is the enemy and will be contained. You can call it Ransomware, worm, rootkit, virus or whatever you want…the fact doesn’t change…its an “Unknown executable”.

Time to see beyond marketing fluff the Antivirus industry has been feeding you!

The whole nature of the discussion reminds me of this post here . >>> https://forums.comodo.com/news-announcements-feedback-cis/mergedcomodo-vs-avast-vs-avira-vs-10-000-malwareondemand-scan-test-t66531.60.html

A kind of hidden advertisement for Avast ? Is the questioner maybe even the same person ? Maybe , Maybe … ?! :wink:

  • Linux boot time environment for scan and disaster rescue. Like, if malware is allowed by accident, a boot time scan has no exclusions and should pick it up and delete/quarantine it.
  • Windows OS damaged system files repair/restore from Cloud. From XP to 10. If windows system file is damaged, boot time environment would restore windows damaged file.
  • Sandbox to have log windows for sandboxed exe. For example:
  • unknown.exe is dropping file downloader.js to C:\Windows\Temp
  • downloader.js requests access to the internet
  • downloader.js is downloading payload.exe
  • payload.exe is executing with administrator privileges, not signed, usual malware location
  • payload.exe checks for virtual/sandbox environment
  • payload.exe wants access to documents, images
  • payload.exe wants to delete/overwrite/replace documents, images
  • payload.exe wants access to wallpaper/screen/fullscreen privileges
  • payload.exe wants to create readme.txt at every folder

Sometimes malware is written so good that at first glance nothing is suspicious.
Above example should give [toggable advanced feature] an overview of what is going on.

If above is not clear, check out Cuckoo Sandbox, or Buster Sandbox[ie] Analyzer.

Comodo rescue disk allows you to scan your PC outside of Windows and in a Linux environment.
Windows system restore can be added as protected but simply having your windows CD or backup disk can replace these files
Any unknown files are automatically contained so wouldn’t be allowed to access other programs and firewall prevents internet access for Unknown files. Cloud behaviour analysis would detect most of this suspicious so your already covered for all of these because of autocontainment. Most viruses try and appear and behave like safe files.

If you have evidence or video example of vulnerability, please share.

Eric

Sure, but sometimes CD’s and DVD’s are not always available and sometimes when someone works at sea, finding that something becomes challenging.

  1. Sure, but a solution without requiring a cd/dvd would be ideal. Look at Bitdefender or Avast. Both have boot time scan.
  2. Protecting sys files wouldn’t interfere with Windows Update? And what if the system is already damaged before installing CIS?
  3. Sure, but unless activating D+ HIPS, I wouldn’t know what happens behind the scenes. And, if I want to run a particular program because I like what it does, I wouldn’t know if it wants to do something extra until it’s too late, until I grant it access outside of Sandbox. So, the history log of some kind [I think Geswall had a scrolling log of actions] is something that would make vetting unknown files faster than cloud analysis or Comodo team.

Here’s the vid:

Watch from 9:10

CCE has boot time scanning and can be installed either as a standalone or running clean endpoint task. You shouldn’t be installing CIS on an already infected or damaged system. And finally had everyone who request these features actually took the time to either read the help or used the product would know that CIS does have a process activity monitor in virusscope. All you have to do is run an application in containment then view the active process list task, then right-click on the contained process and click show activities.

SFC /scannow will replace any damaged Windows system files, this comes with every Windows install

What I meant by boot scanning is not restarting windows, loading windows and continuing scanning, but pre-Windows environment, usually Linux. CCE boot DVD comes as exact thing, it loads before windows. The one installed with CIS, loads Windows and continues scanning. I am not saying CCE is not super effective, just that this could be improved upon.

Which is not always successful. Hence cloud files restoration in pre-boot environment.

Geswall and CIS 3.xx protect PC;
CIS 10.xx protect PC of applications unknow or malwares.

I was probably not very clear.

I asked for Geswall feature [scrolling notification of actions by the executable], not comparing restriction protection between versions.

It won’t because Windows binaries are signed.

And what if the system is already damaged before installing CIS?
You need to clean the system first. You can use CCE or various other scanners for just that purpose. Running them in Safe Mode would be another option. You can also run CIS with Block all unknown requests when the application is not running enabled.

What product delivers cloud file restoration of Windows system files? When Windows is compromised you can always run sfc /scannow from a Windows installation medium (DVD or USB).

1: Qihoo 360 Total Security [360totalsecurity.com]
2: Reimage [http://www.reimageplus.com/]

SFC has been known not being able to repair/replace files under exceptional circumstances…

I would just like to also point out, Windows Firewall may be further required to be left turned on in cases that require Authentication via the Windows Firewall. The Xbox App for example requires this to work correctly with group chat.

Furthermore I have had no obvious signs of conflict leaving both turned on.