This marks a important question. If you have Comodo Firewall, counting Defense+ and Sandbox, why would you need the Comodo AV then? Or any AV for that matter.
Anyway, my real question is: When AV Updates occur, does the whitelist/safe list also get updated? (Example, you will get less D+ pop ups from good installers). If the whitelist, Trusted Vendors etc only get update via program updates… I will drop the AV.
An AV is still necessary for a few reasons. One is to clean any infections off of a system that was not protected by CIS from the moment it was formatted. A more pertinent reason is that it is still possible for the user to make a mistake and install a malicious program that they believe is safe.
As an example let’s say a user installs a game from online. In reality this is a trojan. The user will allow every defense+ popup because they believe that they are installing a game. The only way to prevent this scenario is if there is some sort of signature or heuristic that will catch this malware.
In my opinion a good AV will always be necessary because a user cannot always make the correct decision for every popup.