What exactly is Comodo BOClean?

Hey everyone, I want to start off by saying how pleased I am with all the Comodo products. I am elated that they are all free, that there is a full security suite for free, forever! To my question, I installed the AntiViruSpyware, the firewall and BOClean. I know what the firewall does and I’m presuming that I know what the AntiViruSpyware does by it’s name, but what is the BOClean? If AntiViruSpyware is spyware as well, then what use is BOClean? As far as I know, it doesn’t even scan on demand… It’s not like I don’t like the product, but I’m a security nerd and I’ve gone through a million products trying to find the best of the best, and I just like to know as much as I can about all the products I have running. Thanks a lot, have a great week!

Matt Segstro

Hi SEGMAT :slight_smile:

I think you can find an answer to your question on the Comodo website :


Read it first, and than if you still have questions feel free to ask them here :slight_smile:

Greetz, Red.

What is BOClean?
One of the oldest & respected names in the business.

Melih pulled a coup on the industry when he picked it up. ;D

thanks to both of you for the replies. according to the two links that you posted, it can do pretty much anything, but is it able to do an on demand scan for all the things it can find, or does it have to detect them in real time?

thanks again

Matt Segstro

No, CBO is not a scanner in the way you are thinking of.
CBO “scans” in real time as a memory resident, this is part of the beauty of it’s design.
Malware tends to cloak/hide it’s self from file scanners, in memory it is exposed for what it really is.
Cheep, cheesy repacks don’t fool CBO. If they want to try to get past CBO they have to spend the time and money to write completely new code… which is often still recognized by CBO. :wink:

once again, thank-you for your replies. I’m quite excited that Comodo is able to make products that are free and that can do things like this. I’m sold on all the Comodo products. I just wanted to try them because I had some freetime and had seen a good review for the CAVS. I’m now totally sold on all the products, the firewall, CAVS and this one, BOClean. (L) (M) (R)!

Matt Segstro

SEGMAT, you can compare it with the clasic story of Troy. The Trojan people only saw the wooden horse the Greeks left behind, they couldn’t see the solders hiding in it. And that is the same with a lot of malware. Very often it is packed in a way that tradional AV’s can’t regognise it, but BOClean watches carefuly if something bad comes out and destroys it :slight_smile:

Greetz, Red.

You are certainly most welcome!
Keep an eye on Comodo, they’re changing the face of the industry.

Im a little confused to as what Comodo BOClean : Anti-Malware Version 4.24 actually does. Can someone help me out! Would it be usfull for the PC?


From Comodo’s site…

The Best to stop and remove *rootkits* in real time. Stop spambots, hijackers & keyloggers. Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack[i][ed][/i] malware in total.

More information.

Willas, I merged your thread here. There is no need to start multiple threads on the same question.

a Virus authors writes a code that does nasty stuff then takes it and uses one of the over 600 commercially available packers to pack this nasty code and waves it good bye as it leashes it on the unsuspecting internet population. now the way the AV codes have been designed is that the have unpackers and emulators. the issue with that is, they have to have all the unpackers for every packer available. There simply is no AV out there that covers every single packer! What this means is: Virii author packs is with something that AV vendors don't yet know.. and unleashes it.. and none of these nasties are detected, cos the AVs can't unpack the code, hence can't see whats inside. I hear you say, yeah but what about the Emulators.. well, any decent virii writer will know the basic mechanisms to detect that they are being run under emulator and behave Smiley.

The further away your are from an execution point, the better you can cover yourself hence make it difficult for AVs to detect you. However, the closer you get to execution point, you have to get undresses and show yourself Smiley Otherwise CPU won’t recognise you and won’t execute your instructions. And thats where BOClean sits and waits!

You can go ahead and try it if you like… take a nasty and pack it with some unknown packer and you will see that AVs wont’ catch it… and try it with BOClean… the same malware will be caught by BOC…

Why is that? Cos BOC takes a picture of the Naked Lady Smiley (a BOClean signature) not the dressed up one (An AV Signature from another vendor)! After all, these can be dressed as one of many forms or disguises… but when they are naked… we know what they look like…
and they have to be naked to get a CPU time! That’s where BOClean catches them… cos BOClean sits and waits for any code to get naked first.

Has there been advances in the AV market and try to replicate what BOClean has done… some has tried, and this shows that Kevin’s vision was the right one in the first place. Now that Kevin has time to play, we can expect more shiny toys from him Smiley