The biggest advantage of the product, as I see it as a reseller, is its security and reporting. The automated incident response feature in Comodo MDR works fantastic. When customers install custom tailor-made software which is not recognized by Comodo MDR endpoint detection response tool, it runs in an isolated environment, virtual environment, sandbox environment. If it determines that this software is not secure, not verified, or not approved by system admin, it blocks the software immediately. The software will not run, and it sends a report to the admin email instantly. If there is any issue with the software or if any incident such as a malware attack or ransomware attack is happening, or something is trying to make changes to the system files, it immediately blocks the software tool and reports back to the admin. As a reseller partner and secondary admin for the customers, my team and I directly receive a mail, and we take control of that machine. It even blocks complete network access to that machine. On the hardware side, if there is a hard disk full or RAM 90% usage or CPU 90% usage or any of these incidents, we set up an alert notification option for it. The moment these incidents occur, it sends an alert so we can recommend customers upgrade their hardware or check if there is any malfunctioning software consuming too much RAM and CPU. This incident response use case helps us keep customer machines' performance to the maximum. The 24/7 monitoring capability supports a lot in contributing to our cybersecurity strategy. It is very much compatible with our goal.
