Comodo AEP - Anyone Using It?

Hi Everyone,

Is anyone using Comodo Advanced Endpoint Protection? It looks like a pretty solid product, the file system and registry virtualization/containment looks really interesting. I have not done a POC yet, but I am curious as to whether or not others are using this or if they have looked at it within the past 3 months or so.

Yes, I am have been using it in my production environment. I’m a one man IT department in a company with 4 branch offices and 35 workstations + 15 servers. I’ve deployed the Endpoint Client to all machines in my domain and Comodo Client Security on all of our non-Windows 10/2016+ machines with great success. I’m still kinda uneasy about the company in general but I find the product to be very well made and intuitive. I had some issues with one of our business applications being containerized preventing it from accessing files it needed to and network connections, but I was able to change exclusions in the web interface and push it out to every client just by updating the profile. The main reason I use the platform is for a solid antivirus on those older Windows systems, patch management from the web interface (mostly to initiate Windows Updates), and Remote Control which works REALLY well. It also has some nice tools like Unknown File Hunter which will search PCs on your network for potentially malicious files, and a deployment tool that makes installing the Endpoint Client easy.

I’m not a MSP so if you are ymmv.

Maybe that answers your question.

Just to be clear we are using this product through Comodo 1. We have roughly 200 desktops/laptops/servers in two offices with it installed, we have a 3 person IT staff.

The virtualization/containment is a neat feature, helps if something does get through although it take some time to get our corporate apps setup so they would run properly. We have also run into issues where users get applications from our clients that have to be run but because they are not setup as whitelisted (since they are coming from other parties) they run in the container and don’t work properly. The issue is that every time we get one of these it is different so there is not way to whitelist them and while they may go through the Valkyrie system and be found okay it can take 24 hours for them to be approved which is to long. This meant that we either had to turn off the container feature or allow users to bypass it by popping up a warning, we went with the latter option which isn’t really ideal but better then disabling it completely.

We have a number of security appliances and softwares in place so the endpoint protection is kind of a last resort, therefore I can’t really say how good of a job it does since most stuff doesn’t make it that far to begin with.

One thing that really bothers me about this product though is the lack of email scanning. We’ve used Kaspersky and I’ve used Eset in the past and in both cases if emails come through (via exchange into outlook) with malicious content then they are filtered, moved into an infected-items folder type of thing and/or the attachment is removed. For example an email with a malicious macro-enabled document will be moved and/or the document will be deleted. Comodo does none of this, as far as I can tell it doesn’t look at emails at all. Even if you save the malicious document to your computer and manually scan it with Comodo it does not pop. I asked them about this once and their response was that it was fine because if the Macro downloaded anything that tried to run it would be run in a container, that’s great but I would rather the document not be opened in the first place. We are exploring other options to help prevent this but coming from Kaspersky which did this it was a disappointment.

The cloud based console and the patch management, and all the other features are great, and seem to work well.

We originally purchased this product because we needed a new endpoint protection software and Comodo at the time stated that they had a Data Loss Prevention module that could be integrated into it. After we purchased the Endpoint Protection we found out that the DLP module was more in development then actually ready and then then late last year we were told it had been pulled and was being completely re-designed so there was no idea when it would be available.

As well we did a POC, however when we did so they sat down with us and setup a security profile they set it up with the minimum amount of security enabled on it, we didn’t know this at the time. So we tested it and everything went great, all our apps worked, everything was good. Then we purchased the product and they sat down with us to get it setup and told us that we had basically been running the thing in default allow mode, well no wonder everything worked. So now we setup a new security profile with the proper setting and of course most of our apps broke, as to be expected. We ended up getting everything working again but it took a bit and all the testing that we had done during the POC was basically a waste of time and had to be re-done.

Bottom line, the product works and there are lots of extras with it but in my opinion is missing some key components (email scanning). My dealings with them as a company are not great but I’ve had worse. Admittedly once our current subscription is up we will likely take it back to market and see what else is available but I feel the protection is good enough that there is not a pressing need to replace it.

1 Like

@jpom18 ,

We thank you for sharing your outputs on our forums. We will definitely get in touch with our Product Development Team and raise your thoughts about email scanning functionality on the platform. In regards to DLP you can review some features we have introduced with our last releases. January Release notes as well are available on your portal (Please see attached image)
https://forum.itarian.com/forum/products/other-comodo-products/comodo-device-management/39699-january-what-s-new-on-endpoint-manager
https://forum.itarian.com/forum/products/preview-section/40259-release-candidate-of-itarian-it-operating-platform-for-14th-of-march-2020 and for March sprint.

You can visit our other forum community @ https://forum.itarian.com/ for additional info.

Yes, I have reviewed january released updates for DLP features. These are amazing and really worked. Thank you for sharing

The sandbox is junk. It breaks so many things. For instance. First day it was installed, I got a complaint that Adobe Reader couldn’t print. The culprit was Comodo. Their support was useless.

This was a non-profit that I was doing a favor for about 4 months ago. They wanted their $40 a year or whatever non-profit Comodo subscription. I just decided to eat it and give them what I give everyone else.

1 Like