Why Comodo's Antivirus security is different


It’s been a while. Good to see you back in town. :-TU 8)

PS. Thanks to you and your team for the new release 7036.

Welcome back to the forum lol.

Melih, this message is really astonishing.
Your statement goes completely against the concept of containment… containment is like placing a virus into a cage (so, like the lockdown in your picture) so that it can’t harm the PC, while traditional AVs are like killing an already spread virus (you can make a vaccine only after you discover something unknown is a virus)… but now you said Comodo is like a vaccine… ???

Hello Melih,
Happy with your return
Very good demonstration on containment :-TU
Have a good day

I think you’re being too literal. :slight_smile:

What Melih is rightly saying is that a vaccine is better than a lockdown because if you’re vaccinated you don’t care if you’re exposed to the virus because it can’t hurt you, but lockdown can fail letting the virus in - and then it can hurt you. The analogy Melih is using is that containment is better than detection; here containment is the vaccine so you don’t care if you’re exposed to the virus because containment won’t let it hurt you, and detection is the lockdown, which can fail letting the virus in - and then it can hurt you.

This is what Comodo has been advertising for years:

[b]Default Deny with Auto-sandboxing The Jail House Method of Containment[/b]
So lockdown = jail house = containment

At least it’s a misleading message… that’s just my opinion

In fact, Melih’s demo confirms what’s going on with the Covid-19
We must isolate the time to find a vaccine
Only containment prevents the spread of an unknown virus
Method cannot be ignored

Exactly, so I would have understood if Melih had advertised Comodo containment as the lockdown, not as the vaccine…

Put this way it is clearer … :wink:
The virus is put into containment, so it does no harm, waiting to find the vaccine to defeat it.
It is the concept that Comodo uses against computer viruses for systems that do not already have the vaccine and are therefore vulnerable. :smiley:

An excellent summary of the strength of Comodo’s containment.

1). I’m glad that fileless malware was highlighted as Comodo provides lockdown protection against Scriptors of various types (wscript, vbs, powershell, python, etc) by means of the Script Analysis function (which works hand in hand with Containment). Most (all) other security solutions do not provide such a blanket protection.

(For any that would like to verify for themselves, let’s consider a (very) simple loop script- one which will do nothing but open up a cascading series of Calculators:

ECHO off
START %SystemRoot%\system32\calc.exe
GOTO top

Paste the above into notepad, and save as calc.bat

You can run it safely and see what gets plopped into Containment- flush Containment, and all is back to normal. You can try this also with your regular AV and see what happens).

2). In addition to fileless malware, Comodo will also protect quite well against things that malware authors use as replacements for Scripts- certutil, MpCmdRun, and BTSAdmin. Also it will stop very nasty things like malware utilizing Schtasks. I did a number of videos using malware coded around this to show how inadequate popular security products were at providing Boot Time protection.

In short, if you would like to be confident about being protected for malware, use Comodo. If you would rather worry, use something else.


Hey Guys,

Yep, been busy building few other companies :slight_smile:

Its a marketing message…
I explain it full detail with how we virtualize the “write privileges” in the video in the post. So we have the video if you want to get more technical or a banner thingy for more of a marketing spiel with relevant context for whats happening in the world today.

btw: if you guys are into Home Automation and want a free home automation controller go ahead and sign up there and tell them I sent you guys there :wink:

Glad you return to the official forum.
Are you planning to introduce Valkyrie in the CIS, or at least in the CCE?

Hi cruelsister,
I tried to run the calc.bat script:
On a PC with Kaspersky Security Cloud Free and on a PC with Norton Security, in both cases the antiviruses seem to do nothing with any popup and only the DOS prompt screen appears with the script running but only a screen opens. explore resources. To stop it I manually close the DOS prompt.
On a PC with CIS the DOS screen opens with the script running and the CIS containment pop-up appears and repeated screens of resource explorers continue to open, bordered in green as they are in the container. Only with the zeroing of the container from the CIS console it stops and restores everything.

Why is the behavior different and in other cases always being less annoying but perhaps more dangerous (in the case of real malware) as it is not contained?

Thanks. :wink:

comodo internet security protected with containment
Comodo internet security 12 - YouTube (if malware exploit cmd, poweshell…)

Nunzio- Just noticed that the symbol @ (for “at”) does not show up for messages. You can instead just have the first line be: ECHO off

Sorry for that!!!


Hello cruelsister,

I tried your trick with notepad and included:
ECHO off
START %SystemRoot%\system32\calc.exe
GOTO top
Saved as a .bat file on desktop.
When I ran it I got a warning. I clicked allow, then it ran contained. However, reset the container does not work. There are currently 581 contained apps in the container and it seems to be holding at that. Also interesting is that I cannot find the VTRoot folder in the C drive. I have show hidden folders on. Then I turn on show protected folders on and still not there. Also on the desktop are two (hidden or protected) desktop.ini files that contain:


3D Vision Photo Viewer.lnk=[at]%ProgramFiles(x86)%\NVIDIA Corporation\3D Vision\nvstlink.exe,-2003

I’m wondering if there is a bug or did I over look something or do something wrong?

PS- I am using standard proactive mode in CIS

The VTRoot directory is only visible (it will be created) when a contained application makes any changes to the file system.
Calc.exe does not make any changes so VTRoot will not be there.
When you Reset the Container VTRoot will be removed from the C drive.

Try below in a bat file and VTRoot wiil be created because explorer.exe makes some changes to the file system.

ECHO off
START %SystemRoot%\explorer.exe

This is normal behavior when you have show hidden folders and show protected folders on.
They are both on my desktop too.

OK, so the VTROOT folder is not always there. After running the bat file, it did open explorer one time contained. Going through the contained explorer, I was not allowed access to the VTROOT folder, but I did find it through the uncontained explorer.

Strangely, When I reset the container this time, the number of contained apps on the advanced view of CIS went back down to what it was after running cruelsisters batch file (581). But, the VTROOT folder is still showing up in explorer with the same 5 icon and thumb cache files. Also, after closing CIS GUI, the taskbar icon disappeared and would not return after reopening CIS. (normally it’s always there)This seems like buggy behavior. So I 'm wondering if the container is actually empty, even though the GUI shows it to contain 581 contained apps. Because if they were there, they’d be in the VTROOT folder, correct?

EDIT: Only after unblocking the cruelsister test files did the VTROOT folder disappear.
EDIT 2: Everything seems to be sorted out after a reboot. If a mod sees this and wants a log file, let me know.