Comodo Advanced Endpoint Protection
Strengths: Powerful functionality, feature-rich with lots of options.
Weaknesses: Documentation is weak and deployment can be quite challenging.
Verdict: This is a strong product under the covers but with a few warts for users. None of those are show-stoppers, though, and you would do well to take a close look at it.
Comodo Advanced Endpoint Protection provides a wealth of functionality, including auto-containment, whitelisting, host intrusion prevention, firewall, web filtering, file reputation, behavior analysis, anti-malware, cloud-based sandboxing, device control, jailing protection and DLP. With all of this functionality you would expect a complicated deployment, configuration and a somewhat confusing landing page. You'd be right. We found deployment challenging and we found the documentation average at best.
Comodo, in our experience, is the champion of breadth and depth of functionality. That's the good news and it never has disappointed us. However, when we dropped into the landing page it took us a few minutes to figure out what we were looking at. On the surface, it is very well-organized. If you have a question about deployment, there is a whole section boxed off that says, "Help Actions." So far, so good. In there we saw an icon for help guides and that is where our disappointment began. The documentation is a round-robin of circular instructions that often takes you back to where you started without answering your questions.
This became obvious when we deployed an agent to our test virtual machine and, while the machine was recognized, our test attempts were futile. Nothing showed up in the console and nothing was stopped, not even our most virulent malware. After futilely searching the docs, we called on support and found that we also had to download and install another agent as well. When we did that everything started to work fine. Our advice here: To avoid frustration, get a walkthrough from Comodo before you attempt to deploy.
Once we had everything working we were back to the Comodo experience we recall - with tons of features, all of which provided useful data and response. For our first test, we dropped a sample of Locky on the endpoint and executed it. No go. Comodo caught it, stopped it and dutifully logged the results. We thought that Locky was pretty well-known, so let's try a zero-day. We reverted the virtual machine and dropped a copy of Satan RaaS that we built and never submitted to VirusTotal. We executed and got the same results. Malware is not likely to make it through the sandboxing in the Comodo cloud or the Comodo anti-malware. We were able to query Valkyrie - the Comodo sandbox - and see that it had seen an unknown file, analyzed it and found it malicious.
The IT and Security Manager covers just about all of the other Comodo functions. We selected our test endpoint, a Windows 7 VM, and sorted through everything Comodo knew about it. We found all of the usual configuration details but when we got to patch management it was very clear to us that this machine needed a lot of patches. The level of detail was excellent and we could research individual patches if we were concerned about conflicts.
Next stop was the anti-malware history and there we found all of the details about our unknown malware - the Satan RaaS file - and what Comodo did about it. We took a bit deeper dive into the Device Control subsystem and saw everything that had been done to our VM in terms of such things as access. Finally, we went to the various dashboards - there are several - and looked at notifications. There we found that our Apple Push Notification Service was misconfigured. Since we don't use any Apple devices, that was interesting, but no show-stopper for daily operations. One dashboard we liked especially was the compliance dashboard. This gave us, at a glance, the types of information we need to ensure that we are meeting regulatory requirements.
This product is priced in the middle of the expected range and the website is comprehensive, if a bit heavy on marketing. Support is at no cost for the first 30 days and after that there are fee-based options. We think that is a bit limited. No cost support at some level should be available for the first year at least.