Now, this may go against the grain since I believe the idea of the Comodo One platform is to integrate, manage and deploy the Comodo Antivirus. However, can the communication agent report on the status of a 3rd party antivirus programs and report/alert if not up to date? I have found a script that will report what antivirus is installed but this is a procedure and doesn’t report if up to date. It would be really useful to have a columns such as patch management which highlights what AV is installed and if up to date.
Hello @dbettens
We thank you for presenting to us this request with the detection of a third-party antivirus’s status. There is already an existing request about detecting third-party antivirus software but nothing about the AV’s version, virus db, etc. We will see if we can include this to the existing feature request.
Comodo is committed to your satisfaction and we, in C1 Support, will work with our product development team to ensure the best possible response. After the team has reviewed your request, we will pass along any additional updates.
An RMM should know when an active AV product is installed and at a minimum provide product name and version number as well as check it’s operational status. Sometimes IT support providers inherit existing security product licensing or have to live with it for a period of time before replacing it. The RMM should make that easier. Going beyond that Comodo’s RMM should not only detect but be able to remove those products (where possible) for easy replacement with CCS when they are ready. I believe that Comodo RMM would be better accepted by shops that are direct licensing products like Webroot, Malwarebytes, etc. as part of their current offerings if it would play nicely with them. Even if they preferred to stay with the competitor’s product you would add the opportunity to provide Comodo’s cDome and Acronis backup related services.
No offense, but that is subjective. I agree that Comodo’s AV is powerful, but not without issues (see other threads about performance issues, I have my own about false positive’s). I can easily see someone wanting to use another AV solution. ESET is one that comes to mind. Used it for years at probably hundreds of clients and never had major issues or outbreaks. It has kind of gone downhill IMO since its earlier days (and thats only my opinion) but still a solid product.
A more likely scenario is this. Lets say your taking over a customer and they are already half-way in a 3 year subscription to ESET. They are likely not going to throw that away and buy another license for Comodo AV. So you still need ITSM/C1 to manage them but you have to manage another AV at least until the subscription runs out or if by some sales voodoo you convince them to pay twice for AV. I wouldn’t trust a business that did that. Being able to be honest and flexible to the clients situation creates trust with the customer as they see your not trying to push your product down their throats and wasting money they already spend on a good product. Which isnt Comodo’s motto about creating trust??? If you really believe CCS is “the best” you can pitch it, and tell them (in the contract) that if they get an outbreak you cant be held responsible because they are sticking with a solution that you dont approve. This is normal practice in the industry. But good luck to you if there is an issue with CCS after making them switch. Its not just about security, its about user experience. A ton of performance issues or more can be just as costly to a business as an outbreak. Recently, CCS was the reason a line-of-business application upgrade went terribly wrong with a customer of mine. Exclusions didnt work, literally had to uninstall CCS to get it to work. Granted this software is a PIA, but other AV’s didnt have issue with it.
With that said I’m not bashing CCS, I do like the product. But in my 15+ years in IT I’ve learned that anyone that calls a product “the best” has either limited exposure to other products or is just drinking to much of the sales coo-laid. If C1 showed in its portal another AV and somehow classified it as “less secure”, that would be a very unethical thing to do IMO. Thats not to say you can’t still offer a suggestion in some manner to check out CCS and highlight WHY you think its better. But dont just call it the best. That is an opinion.
I hope this doesnt offend anyone, not my goal. Just another way to look at it In other words I am in favor of 3rd party AV detection. And I’m in favor of Comodo and promoting its products anyway I can. But I choose to adapt to customer needs because in the end isnt it what is best for them?
I agree it was subjective, but from a Comodo point of view theirs is the best (yes it has issues but getting better).
I agree Comodo should gove base stats on other AVs as this is available in Windows Action Centre etc, but should be a difference between proper protection (Comodo) and others.
So here is world view:
1)Other AVs: try to find a bad behaviour in an executable file, and if they can’t they let the file execute…disaster because AV companies wouldn’t know the behaviour of zero day…thats why they are called zero day…that’s why infection happens…because AV does NOT detect/recognize the bad behaviour…the method of “default allow” which is only looking for “bad behaviour” is a really bad security posture if you want to protect your computer.
2)with Comodo AV any and every unknown is first allowed to run in “virtualized/contained” environment while behind the scene we analyse and give it a verdict of good or bad…we do NOT assume its good because we can’t find a bad behaviour (like other AVs do). We actually make sure its good before we mark it good…So we create a “default deny security posture with default allow usability”.
So technically speaking the risk you are taking with Comodo compared to running other AVs is negligible. Other AVs will let a brand new malware they don’t recognize to execute hence cause infection.
This still leaves the other commentators question kind of hanging out there. If Comodo only lets “good” programs run then why do you technically need the A/V component, sounds like just additional overhead without any real benefit (though I certainly have customers that want or require that A/V “checkbox” to be checked).
Totally agree, but for companies that have not made the switch etc having the information as much as simple parts like AV up-to-date, AV turned on, AV name would be good as it allows you to know what is in your environments easier and target them better for migrations and so on.
AV component is there so that any “known bad” files can be killed before they even go into virtualization (containment).
From security posture point of view, it does not add any material incremental security, but more like usability (known bad files are killed vs run in safe containment). But AV is used not only for “Security” but for also “Compliance”.
@melih You’re trying to make a point about your product’s capabilities and it’s a valid one in principle. However, please read my earlier post in this thread. An MSP’s RMM needs to remain agnostic and get along with other security and backup platforms. Changing systems is not always possible or easy. Contractual obligations, license expiration timelines, or just the effort required to switch security software may preclude an MSP considering the C1 RMM and other services if it can’t provide solid information about their currently deployed products.
I also think CCS/CIS has a long way to go on effective reporting, stability and usability before you can expect MSPs with existing security products they are happy with to change. You can get them into other products/services such as Dome Shield, Dome Standard, and the Acronis backup that they may not be providing to their clients while they get comfortable with the end-point protection.
In other words I am in favor of 3rd party AV detection. And I’m in favor of Comodo and promoting its products anyway I can. But I choose to adapt to customer needs because in the end isnt it what is best for them?