I have CIS v12.2.2.8012.
I have everything disabled except Firewall.
Auto-containment - disabled.
HIPS - disabled.
File Ratings - disabled.
VirusScope - disabled.
Website filtering - disabled.
Every time I open a file, like just simple .pdf file, CIS tries to go to the internet (and blocked by my firewall rules) and because it is blocked my computer freeze for 5 seconds while CIS is trying to check something over the internet!!!
EACH TIME!
Why CIS needs to check something over the internet???
How can I disabled this BS??? I only need a firewall feature, I donât need to check my files!!!
Itâs obviously checking the file certificate validity in the cloud. Not sure why it still happens with all those options disabled in the settings.
You can, however, always create a global block rule to that IP Address or a specific block rule for cmdagent.exe blocking outbound . to that IP address if itâs an issue though you are disabling a further security layer. You can always just check the certificates yourself online or submit with virustotal.com
Malware recently has been digitally certified and in a few cases recently only Comodo caught the malware while it remained undetected. For Example this Pikadot variation VirusTotal Link which was only detected by a few initially. Human Analysist At Verdict.Valkyrie identified it as Malware a day later but thanks to Comodo not trusting the certificate, it was immediately flagged up as untrusted. Valkyrie Analysis
Anyway, create a block rule for any connections you donât want to allow and consider running CF element in Custom Mode if your wanting more firewall control.3
I canât create global rule, it is not just one IP, CIS is trying to access many different IPs.
And blocking it actually cause the problem!
CIS freezes my file on opening (any file), for 5 seconds while trying to check something over the internet multiple times while being blocked!
Can you also confirm you have Automatic Updates disabled and your OS and CF version number?
I have CF.8012 running at my end on Win11 (23H2)havenât noticed any lag with opening any files at my end but if you can provide more detailed information I can try and reproduce at my end.
Do you have any other security software running? The cmdagent lag may be because itâs not whitelisted by your AV or other security products.
Yes, updates are disabled, even check for updates is disabled.
OS Windows 11, CIS v12.2.2.8012.
No other security apps.
Block cmdagent.exe traffic and see, if you have any lags, trying to open different files or apps.
I didnât have any lags, until I decided to remove all the default firewall rules and actually block CIS.
Thanks. Iâll have a look when I get time. I suspect you deleting the default rules might be part of the problem. Did you delete all of the global rules or all of the application rules or both?
I removed only default application rules.
It is not supposed to be a problem, as I said I have only firewall enabled, CIS shouldnât try to access internet at all.
Tested at my end. Removed all Application rules with only cmdagent.exe block rule.
Disabled updates, containment, hips, file rating, website filtering and viruscope. No lag found at my end and cmdagent blocked see below screenshots.
Unable to replicate your lag issue with any application or file.
Honestly, if your not wanting to use CFâs security capabilities and just want a blocking firewall with nothing else, you might want to look at Windows Firewall Control which is a front end for the Built In Windows Firewall and is very effective at blocking outgoing and incoming for anything there isnât a rule for and a product I use in between CF installs.
I donât know what else to provide. Letâs assume that the freeze happens only for me.
The problem remains the same: why is CIS trying to access the internet when opening a file?
P.S. I had lots of Untrusted files in my File rating and lag wasnât observed with opening an untrusted file either. Might be worth checking if you happen to have cmdagent.exe as Untrusted / Unrecognized in the File Rating list.
On to test some other products and the new Beta so will leave it with Devs to check at their end but the issue could not be reproduced at my end.
Ok, Iâve checked your screenshots and I found some difference with Containment Settings.
In my case âDetect programs which require elevated privilegesâ was checked, it shouldnât influence anything, cause "Enable Auto-containmentâ was still off.
But it looks like it helped with opening regular PDF/DOC files. I will check that more.
But if I open some installer application, CIS is still trying to access the internet and installer freezes.
Also in File Rating- > File List, there is a list of all the executable files I was opening with the date and rating.
Why?
My File Rating settings is off.
I did run the Firewall in Safe Mode but that shouldnât affect anything.
It may be if you are running CF in Safe Mode rather than custom but the file rating automatically adds files for trusted vendors on first installation. You can remove all of the the Trusted Vendors under that section and then remove all the files in the file list but youâll get a lot of firewall popups even for every Windows system application connecting out.
When CF is configured using the CruelSister Configuration https://www.youtube.com/watch?v=psnLHârvFQ, itâll block and contain even the latest ransomeware and you donât need an AV but the barebones firewall element is effective, I just donât understand why you would only use that element of CF rather than itâs full capabilities.
I donât need anything except firewall, because antivirus and all the bells and whistles just slow down the computer and provide no benefits to me.
I cleaned Vendor List and File List and CIS started to fill these list back right away.
Anyway, CIS is still trying to access the internet, when I open a file and run a program.
Not all the time, but for time to time though.
Why is CIS trying to access the internet on file open???
This is like the main question.
I guess, you were able to replicate that.
UPDATE:
I guess, considering that File Rating â File List started to have files again and some of them have Unrecognized rating, that CIS is only trying to check these file over the internet, cause freezes for me.
For example, if I try to open a PDF file, my PDF reader is Unrecognized and CIS tries to check it and cause the freeze of the reader on launch.
It barely slows your system even with full CIS installed though some experienced increased disk usage for cmdagent and the cavwp (web filtering) processes
I only have a few applications as trusted and also cleared out all the trusted vendors / certificates (outside of a few Intel/Comodo/Microsoft ones). I do not see the behaviour you are experiencing on 8012.
Unrecognized files will fill up after a while with 100s of applications as âunknownâ. But CIS does not connect to the internet to check these files (at least it doesnât show up as doing anything) so I am curious as to what configuration option has done that.
I suppose what you could do is export your configuration setting and have someone at Comodo take a look at it, as I would assume it contains every Comodo setting+file rating. (Which of course youâd have to clean if there is something there you do not want to disclose.)
Perhaps try exporting your configuratin then re-importing it and check the settings to see if there might be a UI-bug where an option is shown as disabled when it is in fact enabled (probably under file rating / certificate listâŚ).
