Why did you uninstall CIS? Please help us improve by telling us why.

[Guest]

[Lazlo]

Thanks captainsticks, this will make some interesting reading and study, looking forward to it.

[sivos]

New COMODO ISP twice froze comp when antivirus test photo .JPG - WHY?

[captainsticks]

Thanks captainsticks, this will make some interesting reading and study, looking forward to it.

Happy reading,
Version update for PDF help files V5.9,
Please note: The following is a direct PDF 12.7MB download link,
Comodo Internet Security 2012 V5.9 User Guide pdf.

[chennemann]

I was getting to many pop ups and the wife clicks yes.  This allowed a virus through.

I will re install when the next version is released.

[barry1976]

First of all : I really , really love Cis , but I have uninstalled , because it made my laptop SLOW AS A SNAIL!!!
also I got really bored , that finalizing the virus database takes FOREVER!!
wanted to add , that when I had cis installed , I did not run any other security software next to this....
as soon as you guys manage to fix these two major agrivations , I will reconsider , to install cis again

[EricJH]

Please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. And left over applications, drivers or services can cause all sort of "interesting effects".

Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: http://kb.eset.com/esetkb/index?page=content&id=SOLN146 .

[barry1976]

erich , thnx for replying , as you can see in my signature I also use comodo programs manager , when uninstalling things , so there will be no leftovers.....but the good news is : I just updated to the newest version of cis , and there are no more problems at all.....just the finalizing of the virus database , that could be a lot quicker!!!!

[McCovican]

I have uninstalled the firewall due to one major issue, though others swayed my decision also.

Mainly, the fact that global rules are not, in fact, global. I wished to set global rules to give all applications unrestricted access to several computers on my LAN. I found out, however, that global rules will not work on their own; traffic may be cleared by them, but if they are not also cleared by a specific rule in the application filter, then it will continue to ask. This means that, for each and every application that I wish to allow access to the multiple select PCs on my LAN, I have to still create individual application rules (a pretty freaking long and arduous process at that). This seems to completely defy the entire point of having a global rules section. Even if Comodo created the global rules section with the intention to fulfil another purpose, the fact that the functionality to create truly global rules that do not rely on application filters does not exist, is enough for me to move on from this. It really does seem pretty basic functionality. Eset's ESS allows simply creating rules without setting an application for it to be related to; thus instantly creating a global rule (unfortunately, one cannot use their firewall without also using the entire bulky suite - I do appreciate Comodo making their firewall a separate product). Many other firewalls allow the same. Quite simply, your global rules aren't global.

I'd also suggest that the "source" and "destination" tabs for ports and IP be renamed to "Local" and "Remote". Source & destination are, in relation to traffic direction, relative. For incoming traffic, source is remote and destination is local - vice versa for outgoing traffic. If local and remote are used, that relation is absolute and no longer changes when the direction of traffic flow does.

[kail]

Hi McCovican, thanks for your feedback.

The Global Rules are in fact global. But the behavior of the Application Rules (if they prompt or not) depends on which Firewall Security Level has been selected. Anyway, here's some more information if you're interested: Global Rules, Application Rules & Firewall General Settings.

PS There is probably something that I forgot to mention with regards to allowing unfettered LAN access.. CIS fully supports wildcards. So if you actually wanted to use Custom Policy Mode, then you could easily create an Application Rule for the application name * (ie. everything and anything, defined as File Group) that allows full LAN access and stops any Application Alerts for LAN traffic.

[McCovican]

See, I started all of this by reading the documentation about global rules. It mentioned the order in which it was processed, which only implies order of priority for rules. Furthermore, what you have said there does not show me that global rules do act as global rules. The behaviour of application rules are not what are in question here - I have set custom mode, as I wish connections without any assigned rules to be questioned. However, if when a global rule is created and the firewall still questions the connection with a pop-up simply because it could not also find an application rule, then no matter how you spin it, that is not a global rule. It may not be application-specific, but it also is not a rule that is applied to all incoming connections that match it (global) if the application rule filters still need to be queried in order for the connection to pass.

To be honest, now that I know that you can use wildcard entries for application paths (something that was mentioned no-where in the relevant documentation pages!!), I'm not quite sure what the supposed global rules section is attempting to accomplish, as the same functionality can be achieved within the application rules section. As best I can tell from what you have said and the exceptionally limited documentation available on the subject, there is absolutely no point in ever creating an "allow" rule in the global rules section - if there isn't a matching allow rule in the application rules section then it will ask, and if there is a matching allow rule in the application rules section then, well, you didn't need the entry in the global rules section entry anyway, as the application rule on it's own was sufficient. It appears that it only exists to set certain block conditions.

I'd be quite happy to see if I was wrong here, but unfortunately, the documentation doesn't cover any of this. It doesn't mention wild-cards, it doesn't mention that the order of global/application filtering is not simply in the priority of the rules, but that a global rule also requires an application rule in order to be allowed. If what I have said above is also true, then it completely skims over that rather pertinent detail.

The fact is that the existing documentation isn't even consistent with the process that the firewall actually performs. For an outgoing connection, application rules are first - if there is no rule it asks, if there is a rule, it is allowed. Global rules are second. If there is a global rule but no application rule, it still asks. If there is an application rule but no global rule, it allows the connection. However, the order for incoming rules, according to the documentation, is reversed and yet, the result is exactly the same as outgoing rules. Global rules are asked first. According to the order then, if there is no global rule, the connection attempt should result in a pop-up. However, if there is no global rule it just passes right on by to the application rules. If there is a global rule... it still passes straight on to the application rules and will query the connection attempt if there isn't a relevant application rule.

Simply put, the order is ignored in favour of the fact that if there is no application rule, the firewall will always query the connection, regardless of order. Inversely, the firewall will never query a connection if there is a lack of appropriate global rule, regardless of the order in which the rules are checked. So firstly, the documentation fails to mention that the filter checking order mentioned in the global rules documentation section is not, in fact, simply a priority check, but a layered check. Then it fails to mention that the order is not actually entirely true and that application and global rules are not checked equally!

I appreciate that this wildcard functionality is there. What I don't appreciate is the documentation not actually stating this fact, nor that the documentation doesn't make clear the true functionality and order of global rules. Nothing on any relevant manual page mentioned anything about either of these crucial points.

I don't ask that you change the documentation into a hand-holding baby-speak exercise, but adding crucial information about the way that your firewall acts would be quite helpful!

[kail]

I didn't intend to annoy you or argue with you here.. that would be inappropriate. Sorry if I gave that impression, that was not my intent. I fully accept your feedback and the time you have taken to post it.

However, I will briefly say that you cannot dismiss the Firewall Security Level of Custom Policy Mode, or the Applications rules themselves, because an option you have set directly impacts the way the Application rules behave. With Custom Policy Mode you have specifically told CIS to prompt you for any application that doesn't have an Application rule! And this, to me, seems to be fundamentally at odds with what you want. But, I guess it would best to explore these issues in another topic if that's what you wanted.

[McCovican]

I didn't mean to give that impression either, so my apologies. I was simply frustrated.

With custom policy mode, as with many other firewalls, I would indeed expect to be prompted for a connection that does not have a rule. However, the way you have designed custom mode, as you said, only looks to Application Rules, and not global rules. That is the issue here - global rules are, essentially, useless in this mode. Whether or not it was specifically designed in such a way, I see this as a major flaw. It's certainly not exactly made very clear in the documentation that an entire feature of your firewall is useless in this mode, especially given how much of a break from the status quo of firewall technology this is.

I appreciate that wildcards do essentially make this redundant, however, those are not mentioned anywhere in the relevant pages of the documentation. That is a pretty major issue - folk surely can't be expected to work around this issue when you don't tell them that it exists.

Edit: Just to clarify, the existence of wildcards suit my needs, so I no longer feel that I have to uninstall CIS - thank you for pointing that out to me. That was the functionality that I thought was missing. My only suggestions at this point would be to clarify the documentation on both issues that I have mentioned.

[robbie73]

i uninstalled because it's Malware. removing the end users rights to make security related decisions. MALWARE
continuing to scan when the user led to beive everything is disabled. SPYWARE
transmitting more information back to comodo servers than the user is warned about. SPYWARE

i could go on and on.. but the product is a virus in itself.

[captainsticks]

Hi robbie73,
Spyware, Malware and Computer virus's all have been designed to intentionally cause harm, to be disruptive or to intentionally hide itself on your Computer.
The above in no way describes Comodos intentions, so please refrain from posting in this manner.
The only ill intentions Comodo has is against Malware itself.
If you do have an issue with a Comodo program, please post for help for the particular product in an appropriate manner and location.
From Captainsticks.

[kenhall5551]

I just recently installed CIS Pro version.I had been using the free version for over a year. I believe it is the best security suite available free or paid. I have NEVER had one security issue since using Comodo  software. I also use Comodo System Cleaner,Comodo Programs Manager, and Comodo Dragon Browser. I have been very vocal of my support of Comodo products. All my friends and family have heard me extol the virtues of Comodo.
All this being said, I do have one area of disappointment though. The main reason I purchased the PRO version of CIS is to have access to Geek Buddy which I had been lead to believe, was included with the Pro version of CIS. But, I found that there is an additional fee for using this service. I am very disappointed. This is a tactic I would expect from someone like Norton or McAfee. I will continue to use CIS Pro because it is worth the price as well as it is a way I can help support the best security product on the planet. But I am disappointed.

[Tags:]