Why Comodo's Antivirus security is different

CISfan · April 30, 2020, 9:15pm

Correct.

Also correct, I think it’s by design that VTRoot cannot be accessed through containment.

The VTRoot directory only keeps track of the files system changes made by any application run in contaiment. As such Containment does not store the contained application itself in VTRoot and does not run it from there.

cruelsister · April 30, 2020, 10:31pm

And also notice that the Script Analysis function (which is on by default-with the Recommended notation) MUST ALWAYS BE LEFT ON!!! If it is disabled Scriptors will not be automatically shunted to containment, and thus will be allowed to run. Once again, you can try this for yourself with the above listed loop batch( but be prepared to manually reboot your system).

So NEVER EVER (never, ever) uncheck the “Perform Script Analysis” setting in Advanced Protection!!!

CISfan · April 30, 2020, 10:45pm

That should be chiselled in stone and put above one’s bed.

CommodoUser2019 · May 1, 2020, 1:11am

Agreed about Script Analysis. Mine is at default settings. If anything, I would activate more protection there but at this time I not familiar with the settings.

NDABBRU · May 8, 2020, 7:22am

I tried with another antivirus and it was enough for me to close the DOS prompt without restarting the PC.
Instead with Comodo opened many screens and with difficulty with zeroing the container I blocked everything.

NDABBRU · May 13, 2020, 12:15pm

However, in my opinion it was really a shame to abandon the Comodo Cloud Antivirus project.

In my opinion it was an excellent product both in terms of graphics, functionality, lightness and protection.

It was enough to improve it on some aspects such as the detection rate, integrate a web protection with heuristics and blacklist and it would have been the TOP.
For sure he would have beaten many other free and paid cloud antivirus.

A cloud brother and lighter than Comodo Antivirus would have accompanied him great also for users looking for a simple and effective solution.

porkpiehat · August 5, 2020, 2:09pm

cruelsister post:11:

An excellent summary of the strength of Comodo’s containment.

1). I’m glad that fileless malware was highlighted as Comodo provides lockdown protection against Scriptors of various types (wscript, vbs, powershell, python, etc) by means of the Script Analysis function (which works hand in hand with Containment). Most (all) other security solutions do not provide such a blanket protection.

(For any that would like to verify for themselves, let’s consider a (very) simple loop script- one which will do nothing but open up a cascading series of Calculators:

ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top

Paste the above into notepad, and save as calc.bat

You can run it safely and see what gets plopped into Containment- flush Containment, and all is back to normal. You can try this also with your regular AV and see what happens).

2). In addition to fileless malware, Comodo will also protect quite well against things that malware authors use as replacements for Scripts- certutil, MpCmdRun, and BTSAdmin. Also it will stop very nasty things like malware utilizing Schtasks. I did a number of videos using malware coded around this to show how inadequate popular security products were at providing Boot Time protection.

In short, if you would like to be confident about being protected for malware, use Comodo. If you would rather worry, use something else.

M

so cool… after disabling my AV (which stopped it in its tracks) it ran in containment, and was flushed to clear… simple demo, which worked a treat. :-TU

porkpiehat · August 5, 2020, 4:29pm

likewise… if someone would be so kind as to offer up an optimum setting for this, it would be greatly appreciated by many of us… :-TU

porkpiehat · August 5, 2020, 6:02pm

so, the default ‘runtime detection’ settings are to be left ‘as is’? What about *\acrord32.exe? that is off in both columns…

CommodoUser2019 · August 5, 2020, 7:45pm

I have enabled everything except *\cmd.exe embedded code detection under the runtime detection tab. See image. Here is a more comprehensive list of what can be added: Comodo Forum
The only problem setting for me was the cmd.exe, so I disabled it (which I believe was the default setting). There are 54 entries in list shown at link above and 21 entries in default settings.

porkpiehat · August 5, 2020, 8:26pm

aah, so enable everything, but leave *\cmd.exe at default… cheers. :-TU