How does Comodo ensure the unknown files are benign? By running them in a separate container without allowing them to impact PC(s). It allows the unknown (or unidentified) files to operate only after they prove themselves to be benign.
But Comodo's Default-Deny takes a different approach. Normally antiviruses allow unknown (or unidentified) files to operate on PC(s) once they are confirmed Default-Deny Approach: This is a defense technique which is unique to and developed by Comodo.