App Review Comodo's killer.

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
@Andy Ful
Nikola Milanovic said:
If u disable Cloud then how will Xcitium rate the files as Malicious or Safe?
Click to expand...

The signature detection still works, so malicious files are detected. All other files will be Unrecognized for Comodo, except files Trusted by the user or Trusted Vendor.
Such a setup is common in Enterprises where AppLocker or Windows Defender Application Control is applied.

Nikola Milanovic said:
Will it be Unknown forever?
Click to expand...

Yes, except when the user adds the vendor to the Trusted Vendors or Trusted files.
Of course, the user can enable Cloud Lookup from time to time if necessary.
 
  • +Reputation
  • Hundred Points
Reactions: simmerskool and Halp2001
  • Hundred Points
Reactions: simmerskool and Halp2001
Andy Ful said:
The signature detection still works, so malicious files are detected. All other files will be Unrecognized for Comodo, except files Trusted by the user or Trusted Vendor.
Such a setup is common in Enterprises where AppLocker or Windows Defender Application Control is applied.



Yes, except when the user adds the vendor to the Trusted Vendors or Trusted files.
Of course, the user can enable Cloud Lookup from time to time if necessary.
Click to expand...
i keep Cloud on everytime because i like Xcitium to rate files as Malicious or Trusted
 
Andy Ful said:
- using the 7-Zip trick for disk images and archives,
- disabling execution from flash drives,
- disabling macros in office applications,
Click to expand...
These should be used by default on Windows no matter what AV is used.

Enterprises and governments are 99% of the office macro users in the world today; consumers do not need macro capabilities built-in to Office and Microsoft should remove them and make macros a separate application plug-in or module. But it won't because even Microsoft has admitted the office code is one crap layer on top of another. Security has been bandaided onto Office.

Andy Ful said:
Of course, Administrators in organizations, should not forget about Microsoft Administrative Templates to adjust more restrictions.
Click to expand...
Once the current batch of Administrators dies off, there will not be anyone around to know what Microsoft Administrative Templates are.

Microsoft CoPilot will run peoples' online lives (and security).
 
  • Like
Reactions: simmerskool and Andy Ful
Andy Ful said:
This can take some time. :)
Click to expand...
The last real Administrator was born on December 31st, 1999.

By 2075 either AI runs the world's IT infrastructure or else there won't be enough Admins to even figure out how to connect the power chord into the power socket.

Heck, people will not even have to go to school anymore. When someone asks them a question they can just have that person ask their personal phone - which the AI on it will provide the correct answer to the person asking the question.

AI will talk to AI and just cut-out the real nuisance - the people.

I really do think people (the world, humanity, whatever you want to call them) are stupid enough that this is the sort of future dystopia the world is headed towards. That's if the hoomans don't kill each other first.
 
  • Like
Reactions: simmerskool
rashmi said:
Comodo Cloud Antivirus detection relies on Cloud Lookup, if I remember well.
Click to expand...

If local signatures do not detect the file, it is checked against the cloud backend (cloud lookup). To maximize the detection with disabled cloud lookup, it might be necessary to use the full signatures locally.
 
  • +Reputation
Reactions: simmerskool
bazang said:
The last real Administrator was born on December 31st, 1999.

By 2075 either AI runs the world's IT infrastructure or else there won't be enough Admins to even figure out how to connect the power chord into the power socket.

Heck, people will not even have to go to school anymore. When someone asks them a question they can just have that person ask their personal phone - which the AI on it will provide the correct answer to the person asking the question.

AI will talk to AI and just cut-out the real nuisance - the people.

I really do think people (the world, humanity, whatever you want to call them) are stupid enough that this is the sort of future dystopia the world is headed towards. That's if the hoomans don't kill each other first.
Click to expand...

Predicting the future for the next 50 years is virtually impossible. :)
One cannot be certain that there will be any future after 40 years. Let's hope for the opposite.
 
Last edited:
  • Hundred Points
  • Like
Reactions: simmerskool and Vitali Ortzi
1737290018740.png

Static Analysis: Malware
Behaviour
Kill Chain Report(Red circle right up)
Link: Valkyrie Verdict
 
@Nikola Milanovic,

It is not necessary to post examples of malware detected by Comodo. We already know that it can detect many malware.
By the way, your example cannot convince anyone that Comodo has a good singnature detection.

We can see the detection from 7 hours ago (3 days after the sample was first seen in the wild ).

1737293319574.png

(.....) skipped AVs that detected the sample. The below AVs missed the sample:

1737293382934.png

1737298447991.png
 
Last edited by a moderator:
  • +Reputation
  • Like
Reactions: simmerskool and Nikola Milanovic
Andy Ful said:
@Nikola Milanovic,

It is not necessary to post examples of malware detected by Comodo. We already know that it can detect many malware.
By the way, your example cannot convince anyone that Comodo has a good singnature detection.

We can see the detection from 7 hours ago (3 days after the sample was first seen in the wild ).

View attachment 287223
(.....) skipped AVs that detected the sample. The below AVs missed the sample:
View attachment 287224
Click to expand...
Still Xcitium 95% of the time returns a verdict in under 45 seconds
 
  • Like
Reactions: simmerskool and Andy Ful
Andy Ful said:
Predicting the future for the next 50 years is virtually impossible. :)
One cannot be certain that there will be any future after 40 years. Let's hope for the opposite.
Click to expand...
The future will be worse than today. It is not very difficult to make that determination.
 
  • Sad
Reactions: Vitali Ortzi
Andy Ful said:
If local signatures do not detect the file, it is checked against the cloud backend (cloud lookup). To maximize the detection with disabled cloud lookup, it might be necessary to use the full signatures locally.
Click to expand...
but this will not bring any difference in detection, as anybody can see here:



Edit.: If somebody need, please, say so and I can create subtitles for this video, instead of you guys using the automatic ones...
 
  • Like
Reactions: Andy Ful
vitao said:
but this will not bring any difference in detection, as anybody can see here:



Edit.: If somebody need, please, say so and I can create subtitles for this video, instead of you guys using the automatic ones...
Click to expand...


In your video, you showed, that for a few-day-old malware samples, the difference can be small. But, that is how the reduced set of signatures is selected. It probably does not contain less than few-hour-old and more than few-month-old malware.
 
Last edited:
  • Like
Reactions: simmerskool
Andy Ful said:
In your video, you showed, that for a few-day-old malware samples, the difference can be small. But, that is how the reduced set of signatures is selected. It probably does not contain less than few-hour-old and more than few-month-old malware.
Click to expand...
well, if 500 malwares are just "a few"...

anyway, with these 500 malwares cis manual scan detected exacly the same malwares by using its full signature database and the lite database. this proves that there is no difference between the full or the lite signature databases.

maybe another lie from comodo? or just another bug? i dont know. what i know is that there is no point using the full database. this will just use more hd space for no gains...

you said that the difference can be small but youre wrong. there is no difference.
 
vitao said:
anyway, with these 500 malwares cis manual scan detected exacly the same malwares by using its full signature database and the lite database. this proves that there is no difference between the full or the lite signature databases.
Click to expand...

Your test strongly suggests that older samples are mainly not reused in the attacks (I believe that this is true).
If you want to see the difference you must test one-year-old samples or few-hours-old samples. :)
A few days-old samples are useless for that.
 
Last edited:
  • Like
  • +Reputation
Reactions: roger_m and simmerskool

You may also like...