Comodo Internet Security 2025 Beta / Final / Infos Thread

According to SE LABS test, it works 6th gen intel or better cpus, even on amd ryzen. But, detection rate is better on intel vpro cpus. I think ESET does use it, Microsoft defender for endpoint and crowdstrike falcon also uses it.

 

OK I see, then I was partly wrong. I read it could detect 93% of the ransomware attacks without any security software. But why couldn't it spot the other 7%, that's the question. Also, does it improve AV/EDR protection, that's another question. I mean otherwise, what's the point.

 

@Rasheed187
If it adds another security layer, of course, why not using it? It does not "consume" cpu usage or slow the system down. When your favorite security solution fails to prevent ransomware infection, and TDT prevents it, you are protected. Even 1% can be crucial.

 

I guess this is true. But is Intel vPro also built into consumer CPU's, or what? My Intel Core i5 (10th gen) isn't listed in this list:

https://www.intel.com/content/www/us/en/products/details/processors/vpro/products.html

 

My old i5-8400 real 6 core(no hyper-threading "fake cores") works with TDT.
I tried many ransomware samples to get that Intel TDT detection triggered, but Comodo contains all the samples lol.
Also tried with OSArmor, and OSArmor only "block execution of suspicious processes" enabled, it was a double block.
OSArmor "block execution of suspicious processes" is very powerfull.

And for software based firewalls, one example, when updating vlc media player:
-Comodo firewall asks, it sends "stop/pause" to a program that wants to connect to internet
-WFC autoblocks aka "no internet", so you have to run vlc twice to get a pop up window
-Fort Firewall, while in "ask mode" allows vlc to connect to internet, while waiting for user input(very bad, replace vlc.exe something like lummastealer), information sent to server before user block.

 

Intel TDT processing is supported on Intel 6th+ generation processors. You don't need a vPro supported processor for Intel TDT to work. However, maximum protection against ransomware is had on systems employing vPro capable processor w/TDT.

Ref.: https://selabs.uk/reports/enterpris...re-intel-threat-detection-technology-2023-02/

Also, let's clear up current Intel TDT use.

A while back, Intel created a TDT interface, assumed to be UEFI based, to allow AV vendors to interface with it to assist in their ransomware detection activities. Eset has been using this interface for some time.

How AV vendors use this TDT interface is strictly under their control. Whether it actually improves their product detection of ransomware is unknown. To date, only one AV lab test in this regard has been performed. It was a commissioned test by Cloudstrike done by SE Labs. The test was performed on a vPro processor system and Cloudstrike scored 100%.

-EDIT- Forgot to mention you need a 13 gen. processor to get maximum vPro TDT protection;

https://www.anandtech.com/show/18787/intel-unveils-vpro-for-13th-gen-core-series-

 

Thanks for the info and I suppose Intel TDT can not stop ransomware on its own? I mean surely it needs to run some type of app that supports it? And I still don't understand why my CPU isn't supported. And I also wonder if certain apps like HMPA and AppCheck use the TDT interface in the first place, I guess not.

 

Interesting discovery with a statistical real world result as always @itman

 

This Microsoft article reference shows that TDT is evolutionary technology. Each new Intel processor generation adds additional protection. For example, you need an 8th gen.+ processor for ransomware protection;

https://learn.microsoft.com/en-us/defender-endpoint/hardware-acceleration-and-mdav

Of note in the Microsoft article is it does not state that WD TDT use will detect/prevent ransomware behavior.

 

If you would have read the SE Labs test linked article, the first couple of pages would have answered your question. Again, these results are for a newer Intel vPro processor with supporting TDT Intel software installed;


Note that w/o any EDR AV software installed, Intel TDT detected 93% of test 0-day ransomware samples.

 

Is there a list of Intel CPUs out there that support TDT? I just tried enabling it, and got a messaging something something about TDT start failed. Being used by another PMU processes or something. The message disappeared to fast.
Edit: Never mind, I looked up 1135g7, and it does not support it.

 

The only thing I can find is;

As far as Core processor's go, I assume that means I3 - I9 processors.

However, AV software being used many not support all the above. You will have to contact the AV vendor as to what processors it currently supports.

 

What I meant is that apparantly there is no special Intel TDT software that is installed, so I wonder if those ransomware samples get blocked without any warning. And if it's so good, why on earth doesn't Intel offer software where you can manage this stuff. And again, I really don't think my CPU is supported, which is weird.

 

Well, I'm very skeptical, just look at how many companies still get infected with ransomware. Also, take a look at this thread, what do you think of Morphisec's Moving Target Defense?

https://www.wilderssecurity.com/thr...nse-thats-easy-to-bypass.447186/#post-3199883

 

And BTW, back on topic. I see that Cruelsister has released a couple of videos on YouTube, haven't looked at them yet, but I suppose Comodo is still good at isolating malware. But I rather choose myself whether I sandbox some app or not, that's why I still prefer Sandboxie. Although in certain cases auto-sandboxing would be nice to have.

 

Installed Trend Micro AV Plus, then Comodo 2025 without Comodo AV component.
It does not work, Comodo partially running and complaining...cannot connect to its service...funny.
No TM popups, TM silently blocked, many of the Comodo .sys drivers, one of them was notorious guard64.sys. TM blocked without any popups.
Kinda impressive Trend Micro...

 

Would comodo FW be redundant if I already have what I have?

See signature

 

My beta still has not updated to the final versions. Wondering it I will have to do a full reinstall.

 

I think you may have to do a new install. Waiting for them I think you'll be waiting while lol. They seem to do everything slow unfortunately.

 

Sometimes it's good to do a full re-install anyway, they changed a lot of stuff inside of CIS from what I understand