V6 v/s V5

AV & Autosandbox Test Default Settings

XP SP3 32 Bits Real System Eng


AV Database - 14021

73 Zero-Day Malware

Local Detection - 38

Cloud Detection - 7

Total Detection - 45


All 73 malware were executed, AV & Cloud disabled, Elevated Rights popup were sandboxed, system restarted, Comodo System Utilities - Disk Cleaner was run.

Attached is the MBAM & HitmanPro Screenshot (SCR1, 2, 3 , 4, 5, 6)


AV Database - 14021

73 Zero-Day Malware

Local Detection - 39

Cloud Detection - 8

Total Detection - 47


All 73 malware were executed, AV & Cloud disabled, Elevated Rights popup were sandboxed, D+ popups were blocked, system restarted, Comodo System Utilities - Disk Cleaner was run.

Attached is the MBAM & HitmanPro Screenshot (SCR7, 8, 9, 10, 11, 12)

[attachment deleted by admin]

Thanks amazing test naren (:CLP)

V6 dont give D+ popups. I dont know if the D+ popups with autosandbox like COM & Protected Things, etc… which were there in V5 are by default now allowed, blocked or based on some analysis or security enhancement allowed & blocked. I really would like to know about this. Can any one give info about this?

Hi, do you have setting default autosandbox on partially limited on both,right?

Good test!!!

Yes, correct.

with autosandbox on unthrusted and cloud enabled (with av disabled) surely nothing left trace of malware on system…
i have testing it with 40 malware zero-day and i am very happy!!
so i think i will use only firewall with sandbox on unthrusted without av…(now we have quarantine for cloud detection!!).


No AV installed, there is quarantine now but no exclusions.

If I am not wrong, if you exclude anything through Cloud AV alert, the only way to remove the exclusion is through editing the registry, in case of no CAV installed. Or instead of exclusion you can choose add to safe files through Cloud AV alert.

yes…we don’t have exclusion but cloud detection without av installed is very effective and amazing…so it’s as i have a real-time antivirus on files execution,which that is important to not infect pc…without cav and less resource and usage disk…

Have you got something else while you are offline ?

hi,excuse me i didn’t understand…

Internet connection … As you have CFW you rely on cloud so you must be connected to internet to be protected by latest signs. But once you are offline do you have something else ?

ah ok…yes i have hitmanpro with scan every day,malwaresbyte sometimes…
every file that i download i scan it and for browsing use browser virtualised…
i’m always connected online.

CIS is very light on system but if you have a clean pc with comodo firewall 6 (cloud enabled) it will remain clean without need scanning every file on-access although every AV optimitation (caching thrusted files…etc…)
i think so…

You should test it again once CIS 6 RC will come out.

Are you referring to me?

I will try to test.

Refering to the Hitmanpro’s results. There are 4 threats remain in v6. while there are only 1 threat remain in v5.

Am I missing something as it seems that v6 is weaker than v5.

The number of dropped files is not indicative of protection, or lack thereof.

To quote from a section of the next version of How to Install Comodo Internet Security (which will not be released until V6 is officially released):

I would quickly like to mention the way in which Comodo's behavioral blocker works. If a piece of malware is not yet detected as dangerous by Comodo it will automatically be sandboxed. When in the sandbox it may be able to run, drop files in certain folders, display windows, and other actions which may seem alarming. However, do not worry. The sandbox is watching every action the application tries to make and will not allow it to do anything which will actually harm the computer. Also, the application will not be able to automatically start itself. Thus, once you restart your computer, regardless of how dangerous the malware might be, the malware will be rendered completely inert upon restart.

However, those files dropped by it may still be sitting on your computer. Other malware scanners may flag these and thus it would appear that Comodo Internet Security allowed the computer to be infected. This is not true. In truth, malware is only dangerous if it is active and able to harm your computer or steal information. Thus, you can see that the approach Comodo Internet Security takes towards protecting your computer actually does protect it from all types of malware. Just because there are some leftover files on your computer does not mean that your computer is infected.

Am looking forward to reading complete guide :-TU

So the results screenshots are missleading and we cannot conclude strength of the auto sandboxes are the same based on the results.

Moreover, v6 only has 45 detections while v5 has 47 detections. Very strange that v6 has lower malware detection rate. There should be some problem either in the test or in v6.

You can conclude the strengths of the sandboxes by noting how infected the system was. In terms of active malware it was not infected for either case. Thus, it appears that there is no reduction in protection.

If I’m not wrong V6 was tested first. Thus, since the internet was active it makes sense that V5, which was tested second, would show a slightly higher detection rate. Those files scanned by V6 were uploaded and likely added to the detection before V5 was tested.