Is Comodo Antivirus really free?

The majority of free antivirus software is created by businesses that also support and update paid versions. Although Comodo Antivirus does have a paid version, there hasn’t been a significant update in many years. Comodo only has one score, and it failed our hands-on tests, in contrast to the finest free antivirus programs, which consistently perform well in numerous independent lab tests. Yes, it has a ton of extra functions, but many of them require more technical knowledge than the ordinary user has. There are more effective free antivirus options.
Comodo Antivirus is fully functional and costless. The Advanced edition, which costs $29.99 a year, however, improves your security by granting you access to a customized version of Comodo’s GeekBuddy tech help service. You receive assistance with operating the application and removing malware. The entire GeekBuddy service, which has an annual price of $199.99, gives assistance with all forms of tech support, including system optimization, device and software setup, troubleshooting, and more. It also includes Comodo’s complete security suite.
Comparing side-by-side the free and premium packages, the support improvement is the only distinction I could make. The table on Comodo’s website, which ostensibly compares functionality between the free and paid antivirus software, only adds to the confusion. It appears that the paid column refers to Comodo’s complete security suite rather than the paid antivirus. Comodo Antivirus Advanced does not truly include with features like a firewall, VPN, or online backup.
No Significant Changes
Since my previous evaluation, this product’s appearance hasn’t altered much and hasn’t changed much at all in the past five or six years. The main change I saw was that pop-up alerts for defensive actions now use the regular dark-mode look. I noticed that version number hasn’t changed; it’s still version 12 after looking at the About page.

The main window’s left side is still dominated by a sizable status panel that often shows a tranquil green. If there is a problem, it changes color to yellow or red and provides a button to correct configuration issues. You can start a scan, unblock a blocked application, check for updates, or run a program inside the sandbox confinement system by pressing one of four sizable buttons.

Limited Lab Results
Finding a lot of lab findings for a product I’m reviewing always makes me happy. The independent labs are well-equipped to investigate which items are the best. I keep track of four such labs, and the reports from all four contain quite a few products, including free ones.
Comodo has been mentioned frequently in test reports from AV-Test Institute for many years. The maximum score from this lab is 18, with six points allotted to performance, usability, and protection. Comodo typically scored below average, with scores as low as 12.5 and an average of 15 points. In any event, Comodo hasn’t been mentioned in reports from 2020 until the present.
Only SE Labs, situated in London, has recently published a report on Comodo. The researchers in this lab employ a capture-and-replay method to launch exact replicas of real-world malware attacks against a selection of antivirus programs. Five levels of certification are available for products: AAA, AA, A, B, and C. When you consider that all but one of the other tested products achieved the highest AAA rating, Comodo’s achievement of AA certification doesn’t seem all that impressive.
I run the figures through an algorithm that produces an overall score when I obtain findings from at least two labs. However, about 30% of the things I’ve rated have zero or one score, and another 25% have only one. Comodo, which only receives a single score, falls into the last group and does not receive an overall score.
Kaspersky received the highest rating of the technologies examined by all four laboratories, earning 9.9 out of a potential 10 points. With 9.7, Avast and Norton are not far behind. Although the results from only three labs were used to calculate the score, AVG AntiVirus Free received a perfect 10. Microsoft Defender Antivirus received 9.2 marks as well. A product can still receive praise from the laboratory even if it is offered free of charge.

Search Options
As soon as Comodo is installed, it runs a comprehensive scan and refreshes its antivirus definitions. That is reasonable. You need to remove any malware that settled down before your antivirus software was installed. In order to time a full scan under controlled circumstances on a malware-free test PC, I canceled the on-install scan.
Comodo’s complete scan took approximately two hours when I last tested it, which is a long time but not as long as Bitdefender Antivirus Free for Windows’ full scan. The most recent version of Comodo completed a full scan in 85 minutes, which is faster but still longer than the current standard of slightly over an hour. Many antivirus programs employ that initial, time-consuming scan to prepare for subsequent, quicker scans. In fact, a second Comodo scan took 20 minutes to complete, while a second Bitdefender scan took 10 minutes. Like the majority of antivirus programs, Comodo also provides a fast scan that just looks at memory and system places where malware frequently resides. The 30-second fast scan by Comodo was complete.

After installation, a slow complete scan shouldn’t cause too much concern, especially if future scans go more quickly. Theoretically, once you’ve exterminated any skulking horrors, all that’s left to stop further infestations is real-time protection. However, you should plan routine scans if you want more extensive security. Comodo automatically sets up a complete scan for twice a week. Full, fast, or bespoke scans can be scheduled to run on a monthly, weekly, daily, or every few hours basis.
Comodo has an online database that tracks file reputation, just like Norton AntiVirus Plus does. The Rating Scan examines your system’s programs and reports on their rating status. In addition to information from Comodo’s database, the reputation rating of a file takes into account details like its age and whether it launches automatically. Even if the antivirus doesn’t mark it as known malware, you should probably avoid running any files with a truly negative reputation.
After a thorough scan, the Rating Scan tested in less than 30 seconds and only discovered trusted files. I performed the same scan after rolling back the test virtual machine to a state just after installation to get a different perspective. I questioned the scan’s value because it had not yet eliminated any of the malware samples and had still only turned up trusted files.
Bring out the big weapons if the malware scan doesn’t seem to be able to completely eliminate the issues it discovered. Click Tasks, then select Advanced Tasks, then select Clean Endpoint. This starts Comodo Cleaning Essentials, a powerful cleanup-only application that occasionally performs better than the default antivirus.

Sometimes a chronic malware infection prohibits you from starting Windows, conducting a scan, or even installing antivirus software. Using Comodo’s bootable Rescue Disk, you can remove such persistent infection. Create a CD or USB to act as your rescue disk by selecting Tasks, Advanced Tasks, and Create Rescue Disk on a clean system. The infected system runs its own operating system when it is booted from this disk, preventing the malware from having a chance to retaliate.
Many antivirus providers offer a similar recovery DVD that may be downloaded from the provider’s website or made from the antivirus software itself. With no need to create a disk, Bitdefender Antivirus Plus ups the ante on usability. Simply restart the computer in Rescue Mode, then begin eliminating malware. Keep in mind that Rescue Mode is not available in Bitdefender’s free edition.
Bad malware protection outcomes
My hands-on testing results are particularly significant because there is just one lab test score available. I open a folder containing malware samples that I’ve personally gathered and examined to begin my testing of malware prevention. Comodo started eradicating the samples it detected right away, quickly getting rid of 42% of them. That is inadequate for on-site detection. When tested using the identical samples, Norton immediately removed 95% of them, whereas Bitdefender captured 88%.

I launched every sample that had survived the initial culling as I continued the test. It had three options for unknown programs: block all execution, run the application in the sandbox container system (more on that system below). I went with the container option because it didn’t label those apps as harmful, simply unrecognized. Running in the container without being asked, preventing programs from starting, identifying malware activity after the initial startup, and completely missing malware detection were some more responses.
Comodo has the lowest detection rate among current algorithms, detecting 76% of the samples in one manner or another. It could have earned 7.6 out of a potential 10 points if it had successfully prevented the installation of all threats that were discovered. However, I discovered that the malware that was discovered frequently left some executable files on the system, some of which were even active. Due to those mistakes, it only received a pitiful 6.9 points.
Norton tested with the same set of samples and detected all of them, earning an almost perfect 9.9. Detection rates of 98% and 9.7 for McAfee and Webroot. None of the products tested with earlier malware collections, including Comodo, performed worse in this test.

I have ten actual examples of encrypting ransomware in my collection. All the other products I’ve recently tested either destroyed these right away or got rid of them before they ever got started. I was shocked to see that only three of those were immediately eliminated by Comodo. The good news is that I now had seven ransomware strains to test.
All but one of those were stopped by Comodo at launch or shortly thereafter, and the one it missed turned out to be a catastrophic failure. This malicious application encrypted hundreds of files and left its ransom message as a calling card without any of Comodo’s security layers kicking in.
I can only gather a set of malware for testing once or twice a year because the process takes so long. I test an antivirus program with a selection of malware-hosting websites in order to gauge its capacity to identify and stop the most recent malware outbreaks. Despite the fact that Comodo Online Security is a free browser extension for Internet Explorer, Firefox, and Chrome, Comodo Antivirus does not by itself provide web-based security. Yes, Comodo still doesn’t support Edge despite Internet Explorer’s looming extinction. I downloaded Comodo Online Security for Chrome to continue my tests.
Malware protection can take numerous forms, but the simplest kind of protection is just avoiding visiting websites that host malware. The next line of security is to remove the malware payload if antivirus is unable to stop the site itself. My test to prevent dangerous URLs works both defense layers.
I begin with a feed of brand-new malware hosting URLs from MRG-Effitas, which are typically only a few days old. I start them all, observing which antivirus moves the browser away from the malicious page, blocks the malware payload, or just sits there doing nothing to defend the test PC. Every test uses a different set of URLs, but they are always the most recent, and I try to collect 100 data points to get a good representation of the population.
In spite of the claim that Comodo Online Security “instantly filters harmful and fraudulent websites,” none of the 100 verified URLs carrying malware were blocked. While Comodo did remove some malware right away after download, it still missed nearly twice as many threats. Comodo and Bitdefender Free both successfully blocked 36% of malware downloads in their most recent test. The distinction is that Bitdefender completely barred access to an additional 62% of the risky URLs, making a total of 98%. Comodo’s overall score of 36% is same to IObit Malware Fighter Pro’s pitiful result. Only one recent product has received a lower rating than this static pair.
On the other extreme, McAfee, Norton, and Sophos Home Premium all achieved a score of 100 percent.
inadequate phishing defense
Comodo Online Security is advertised as offering protection from harmful websites as well as phishing sites, which are false web pages that pose as important websites in an effort to deceive users into disclosing their login information. The browser extension “instantly prevents harmful and fraudulent websites,” as stated, it states. This component performed better than when tested with risky malware-hosting URLs, but it was useless when tested with actual phishing pages.

I search phishing analysis websites for URLs that have been identified as fraudulent to make sure my collection includes both verified frauds and pages that are too new for the blacklists as I get ready for my phishing protection test. I simultaneously run Chrome, Firefox, and Edge instances that are just protected by the browser’s built-in antiphishing and a browser protected by the antivirus being tested. Any URLs that don’t load properly in all four browsers are discarded, along with any that don’t exhibit all the signs of a phishing scam, like an attempt to steal login information.
I tried thousands of test URLs until Comodo Online Security finally responded. A big red warning page with buttons to return to safety, disregard the warning, or report a false positive was displayed when it detected a scam. Only 15% of the validated phishing frauds had been discovered and stopped by Comodo by the time I had concluded the test. Even though it performed better than the 10% score it received in the last test, both results are among the lowest I have ever seen.
By combining blacklisting with heuristic page analysis, Bitdefender, F-Secure, McAfee AntiVirus Plus, and Norton achieved 100% detection at the other end of the detection spectrum. Webroot and Avast One Essential both achieved 99% detection, which was close. I suggest that Comodo customers leave their browser’s phishing protection enabled and get comfortable spotting phishing frauds on your own.
View Our Security Software Testing Process
View Our Security Software Testing Process
Maintaining Program Containment
Comodo’s main window’s default basic view can be changed to the Advanced view with just one click. A status panel for Auto-Containment, HIPS (Host Intrusion Prevention System), and Viruscope behavior-based protection are among the features of this mode.
The containment mechanism used by Comodo isolates the programs that execute there. System changes are virtualized, which means they appear genuine to the process but are temporary. To end confined programs and undo their modifications, empty the container. The Auto-Containment system manages shows with a bad reputation or none at all. Comodo popped up a question asking whether to use the container for rare but lawful programs (and several of my malware samples), I discovered. Without any user input, further malware samples, including files with a poor reputation, were thrown into the container.
Most users would simply choose not to open an application if they suspected it would be hazardous. If you’re the type of person who would run the suspicious program anyhow, you may safeguard yourself by running it in Comodo’s confinement system virtualized. It is unable to alter things permanently in this manner. Programs running in this mode are marked by Comodo by having a green border.
Although Bitdefender Antivirus Free for Windows does not feature SafePay, you can also access Comodo’s fully functional virtual desktop, which is comparable to the SafePay desktop provided by Bitdefender. The apps running on the conventional desktop cannot interact with those in the virtual desktop, but you can switch back and forth between them.

Programs are not only isolated in the containment system by Comodo, but they are also examined by its VirusScope behavioral analysis tool. By default, VirusScope only monitors software that is currently running inside a container.
I installed around 20 outdated Soft360 applications that weren’t digitally signed in order to see how containment functions. They were also significantly modified so they couldn’t be identified from any earlier tests. In each instance, Comodo indicated that the installer was not recognized and suggested executing it in a container; I followed this recommendation.
The green border that denotes a virtualized software was present in all of the installers and the installed programs. I proved to myself that the programs could not alter things permanently, despite the fact that they appeared to function. For instance, I encrypted some files with one tool and then checked to be sure they were still the same in the actual Documents folder. I added several keys and values using a registry management tool, but none of them showed up when I checked using the Windows Registry Editor program. All those installs disappeared as I filled the container.
0 of the 3 minutes and 29 seconds
0% volume
00:00\s03:29

It’s crucial to keep that in mind. You should unblock a program and, if necessary, reinstall it if you decide to keep it after running it in the container. Otherwise, whenever you empty the container, it would go poof.
system for preventing host intrusion
Unless you actively switch on the Host Intrusion Prevention System (HIPS), it is not activated. It operates in Safe Mode by default, which permits all actions taken by programs with a good reputation and prompts you for handling unknowns. By placing it in learning mode for a while, you can reduce the amount of pop-up queries. In this mode, your programs’ activities are noted, and rules are set up to always permit those activities. It asks you how to handle every program’s activities in Paranoid mode, which is the opposite of Learning mode, only permitting those you’ve personally accepted. This includes actions that Comodo considers safe.
I restored the test virtual system to a point in my malware protection test right before I started all of the samples that Comodo didn’t immediately remove in order to witness this capability in action. I ran the test again after activating HIPS. The outcomes were…live. The majority of the samples resulted in at least one HIPS notification. Some alerts are straightforward, such as “program.exe is attempting to execute otherprogram.exe.” Others, like “…trying to access a protected COM interface” or “…trying to access the screen directly,” might leave you perplexed.

Regarding each of these notifications, Comodo prompts you with a question. If you’re certain there won’t be a problem, you can approve the activity or select one of several predefined safe kinds to apply to the app. If not, you have the option to stop the activity, stop the program, or stop the program and stop all further action as well.
I always preferred to just block the activity during testing. Some samples thus produced two, three, or even four warnings. The software in question is not labeled as harmful in the HIPS alerts. Comodo’s results would increase to 95% detection and 9.2 points out of a possible 10 if I counted them as malware detections.
HIPS, however, doesn’t judge if a program is effective or ineffective. The likelihood of the HIPS system catching an unusual but entirely legitimate program is equal. When I attempted again after releasing the outdated Soft360 programs from the container, I discovered that every installation failed as a result of preventing the reported actions. Oh, and that one determined ransomware malware still managed to get past all of Comodo’s safeguards despite the fact that I blocked four different HIPS alerts.
HIPS is a phrase that may have come up in prior evaluations to refer to a security feature that defends against exploit attempts. I skipped my time-consuming test that makes use of real-world exploits produced by the Core Impact penetration tool because I’ve confirmed that Comodo doesn’t attempt that kind of defense.
IceDragon and Comodo Dragon
The safe browser from Comodo is an added bonus with all Comodo products. Comodo Dragon is a Chromium-based browser for Chrome users that has all the functionality you would expect in addition to some odd treats on the toolbar. Is Firefox a regular use? Then select Comodo IceDragon, a Firefox-based browser.
Comodo Dragon is the focal point of the Virtual Desktop, as was already mentioned. Naturally, Comodo Online Security is pre-installed on this browser. To view all installed extensions and, if desired, to make some of them persistently accessible, pin them, click the Extensions icon.

The extra functionality will appeal to the geek audience in some cases. For instance, you can instruct either browser to always demand a secure HTTPS connection for the current site. You can highlight text in Dragon and drag it to the left to share it on social media or to the right to search for it. Want to share the entire page rather than just some text? To share a page on Facebook, LinkedIn, or Twitter, click the Share Page Service button.
Although IceDragon does provide Media Grabber, it doesn’t appear to offer the Drag & Drop Service or Share Page. You should be able to select Media Grabber when watching a video to save a local copy. During testing, however, I was unable to locate a method of activating this extension.
Processes of Viewing and Killing
Most Windows users are aware that Task Manager can be opened to view all currently active processes or to terminate a blocked task. For those who possess the technical know-how to use them, Comodo offers functions that go beyond those of the Windows Task Manager.
Click Tasks, Containment Tasks, and View Active Processes to get started. Comodo lists them, identifying each one by their filename, process ID, firm, and user account that controls it. Programs that are fully or partially virtualized are identified in the Restriction column; the majority of processes will display Disabled in this column. The reputation score for each process is displayed in the last column.

You can download and run Comodo KillSwitch by selecting the More button. This tool displays a list of all currently running Windows services as well as all active processes, together with information about each one and its CPU and memory utilization. Graphs display real-time CPU, I/O, memory, and network activity.
KillSwitch includes further tools of its own. It can be used to examine startup programs, swiftly fix settings frequently harmed by malware, and monitor program usage. However, KillSwitch is overkill for the majority of users, even those who are a little more tech aware.
Not Suitable for All
Techies may find Comodo Antivirus appealing due to features like KillSwitch, HIPS, and the sandbox confinement system, but those same techies will be turned off by its low performance in testing and its continuing lack of improvement over time. Although it received favorable ratings from one independent lab, its performance in our hands-on testing was generally subpar.
Why open your wallet when you may do better without it by avoiding the overly complicated, unreliable product? Avast One Essential, a condensed version of the company’s complete protection package, is our Editors’ Choice pick for the best free antivirus software. All four of the laboratories we use gave Avast great marks, and it also did well in our practical tests. You can, of course, test as many free antivirus programs as you like before deciding which one you like most.