Making other security programs work with CIS [v6]

Security packages from different vendors commonly conflict with each other. This happens because security software makes use of very deep and powerful operating system facilities. These facilities may be so fundamental that the OS cannot fully coordinate their use. Security packages cannot co-ordinate their activities themselves, as they don’t know what each other is doing. So they may conflict – usually when two packages are trying to do the same thing - causing malfunctions, crashes, or high CPU usage.

For this reason Comodo cannot guarantee that CIS will work harmoniously with security software from all other vendors. The developers try to make it run with most of the major suites, but do not guarantee this. Settings changes are normally required, but even these may not resolve conflicts. Conflicts may be such as to reduce the effectiveness of either or all security packages running on the same machine.

This topic gives guidance on how to set up CIS and other security packages to reduce the likelihood of conflicts. There are three options, two recommended and one non-recommended option, plus a combination option. Unless you have tried both recommended options please do not report conflicts as bugs.

[ol]- Disable overlapping security functions. (Recommended option).

In difficult cases you can try combining all three options

When you use these options this you must consider all potentially overlapping functions in all security packages. You need to consider specialist packages (eg Spybot antispyware) as well as general purpose suites. Please also make sure you reboot after making setting changes.

This FAQ has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone, especially: Andyman). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.Please help us improve this FAQ by posting any comments you may have on this FAQ here.

Updated: 18 March 2013, to reflect changes up to CIS version 6.0.xx

In this option you reduce conflicts by disabling overlapping functions.

Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. The CIS AV facility may be weaker than that in some other AVs (eg Avira) so you may wish to disable the CIS function. Real time and batch scanning functions normally need to be separately disabled. If you wish to disable this function completely in CIS you need to disable both batch and real time scanning separately under ‘Scanner Settings’.

Defense plus / Program behavior control
CIS Defense plus overlaps program behavior control systems and local ‘behaviour blockers’ in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. The CIS facility is stronger than in most other packages, so it is best to disable this facility in the other package. If you wish to fully disable this function in CIS you must

  • Untick ‘Enable HIPS’ under Advanced Settings ~ Security Settings ~ Defense Plus ~ HIPS ~ Settings
  • Untick ‘Autosandbox Unknown Files’ under Advanced Settings ~ Security Settings ~ Defense Plus ~ Behavior Blocker ~ Settings
  • Untick ‘Detect shellcode injections’ under Advanced Settings ~ Security Settings ~ Defense Plus ~ Behavior Blocker ~ Settings
  • Reboot

Firewall
Overlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. The CIS facility is stronger than in most other packages, so it is usually best to disable this facility in the other package. If you wish to disable this function completely in CIS you need to disable it by unticking the ‘Enable firewall’ tick box in: Advanced Settings ~ Security Settings ~ Firewall ~ Settings.

In this option you reduce the effects of overlaps by:

[ol]- Preventing packages from monitoring each other by excluding security package directories from monitoring.

  • Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.[/ol]

This option is much more difficult to implement - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.

Excluding directories
You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude all directories – those under Documents and Settings as well as Program Files and ProgramData, and within Documents and Settings, those under the All Users profile as well as those under normal users’ profiles, and in each user profile under %Userprofile%\Local Settings \AppData (a hidden directory) as well as %UserProfile%\AppData. Also all subdirectories of these directories.

You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.

Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you can do this using both the Excluded Paths and Excluded applications tab in In this option you reduce the effects of overlaps by:

[ol]- Preventing packages from monitoring each other by excluding security package directories from monitoring.

  • Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.[/ol]

This option is much more difficult to implement - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.

Excluding directories
You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude all directories – those under Documents and Settings as well as Program Files, and within Documents and Settings, those under the All Users profile as well as those under normal users’ profiles, and in each user profile under %Userprofile%\Local Settings \Application Data (a hidden directory) as well as %UserProfile%\Application data. Also all subdirectories of these directories.

You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.

Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you must do this using the both Excluded Paths and the Excluded Applications tab in Advanced Settings ~ Security Settings ~ Antivirus ~ Exclusions. If you wish to reschedule batch scans in CIS you need to use Advanced Settings ~ Security Settings ~ Scans ~ Edit

Defense plus / Program behavior control
CIS Defense plus overlaps program behavior control systems and local ‘behavior blockers’ in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. If you wish to exclude other security packages directories in CIS you are best to make the contents of these directories 'Exceptions’ from Behavior Blocking and Shellcode protection in Advanced Settings ~ Security Settings ~ Defense Plus ~ Behavior Blocker ~ Settings. Making them ‘Trusted Files’ in Advanced Settings ~ Security Settings ~ File Rating ~ Trusted Files may not be sufficient. The easiest way to do this is to create a File Group which includes all the directories involved using the Groups button in Advanced Settings ~ Security Settings ~ Defense Plus ~ HIPS ~ Protected Files and then select this group when defining exceptions.

Firewall
Overlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. If you wish to exclude other package’s directories in CIS you need to do this by making Application Allow rules for incoming and outgoing communication in Advanced Settings ~ Security Settings ~ Firewall ~ Application Rules. The easiest way to do this is to create an allow rule which references the Defense+ file group you may have created in the last section. If you do not have a Defense+ group see the last section for how to create it.