Comodo Advanced Endpoint Protection Review

Effective heuristics make for better ransomware protection


What is our primary use case?

We use Comodo because it has containerization. 

What is most valuable?

If you open up an application or a web browser, it runs within a container (sandbox). So if there's some malicious code, it' will be contained within the sandbox. Ransomware prevention and zero-day exploits were a driver for adopting Comodo. From our research lab results working with live ransomware, Comodo has been very effective in preventing infection. We've done a lot of tests with numerous types of live malware, and it works really well.

What needs improvement?

We do a lot of tests and we also work with some really malicious environments and our team would like to see better communication from Comodo on what it is doing. People that are new to the product can have a problem telling if the container is currently active or not (we have a lot of post graduate interns and the majority have all given us feedback on this issue). Uncertainty on the status of the container and quarantine process can unsettle people.

Comodo is pretty quiet and I would like to get more reports from what's happening and then get status reports. For end-users, being quiet is good but for IT security teams we need more information when testing suspect software and attachments. Having an option to allow more information would be good. The logs and reports do not have the level of detail that we would like, so improvements in this area would be good. We have other products and services that help with malware identification - if Comodo picked this up, we could eliminate some other products and save money. Some competing products outperform Comodo in this area. Sometimes we've had some of the newer people looking at it and they're not used to it, and they're not sure whether it's actually running or not, and what it's doing (there are controls that people need to know how to use). From an end user standpoint, quiet operation is good, but for a systems admin or a security person who's trying to examine something, they may want to see more feedback. So that's some of the commentary that we've gotten back internally. The guys that are used to it don't have this issue, but the people that are new to it have given this feedback to us.

The other thing is the quarantine. It would be good to have a better understanding of what it is that you've got in the quarantine, especially on the false negatives. Because sometimes it picks up something that is an okay file, but you're not really given a good explanation about why it was quarantined. 

For how long have I used the solution?

We added the solution to our operations about a year ago.

What do I think about the stability of the solution?

It's very stable. We have many different systems and different versions. Because we do testing and research, and we haven't had any problems across any of them.

What do I think about the scalability of the solution?

Scaling is no problem.

How are customer service and technical support?

We very rarely have to use technical support, but when we've had to call them it's not been an issue. It's pretty quick.

How was the initial setup?

The setup was straightforward. None of the products we've had with an antivirus had ever taken more than a day and Comodo was no different.

What about the implementation team?

Our in-house team did the implementation.

What's my experience with pricing, setup cost, and licensing?

We do licensing by country. Here in Sweden, we've got 40 licenses.

What other advice do I have?

We have three companies here in our group and all three companies are using it. We have a professional business services firm that provides law, accounting, financial, and payromm services; a company that does specialized engineering and IT consulting; and we have a global company that handles enterprise ICT architecture, management, and security. All three of these companies are using the product in Sweden. They also use them in North America and Europe.

We also use a Comodo for pushing out updates/patches and to keep asset inventories of our systems and software. We're also using it for network monitoring. I'd say we use it in a more active role with Symantec because Symantec does not provide the same types of services that Comodo does regarding  network asset management.

I think it's a good product and it supplements and works well with Symantec - using both products together provides two layers of protection. You do have to manage the antiviral capability because they can have conflicts with each other (we have not had any lock-up issues as we do with other product combinations but you can get false alerts). Comodo doesn't seem to have a problem running within the Symantec environment or vice versa. We haven't really run into any issues running both of them together. In fact, it's one of the reasons why we liked this combination. We have experimented with other combinations but found the Comodo-Symantec combination most stable.

I would give it a 9 out of 10. I don't think anything's perfect, so it'd be really hard for me to give a ten - especially given the areas of improvement that I mentioned above. I give weight to the cost - Comodo licenses are a good value for what you get. It gives you a really good balanced portfolio to work with for your machines, not just on the malware protection and the firewall protection, but the virtual container, the ability to manage endpoints, the ability to manage patches. In our case, Comodo replaces several products that we used to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email