Updated to add download locations for 5.12 and rationale for blocking Comodo
This is a personal approach to using Comodo, I have been doing this since 2010. It completely removes the antivirus files and the trusted vendors database, disables automatic updates, prevents automatic sandboxing of applications and prevents Comodo from phoning home. It reduces installation size by 84%. It's meant for advanced users who only need the firewall and maybe the proactive defense. If you like Comodo's Antivirus or you dislike creating firewall/defense+ rules, stop reading now.Why:
Decreasing the installation size of bloated software helps maintain faster backups or use it in portable Windows and small virtual machines. The default installation takes more than 150 MB, fiddling with the installer options may decrease it to 130 MB but the following instructions will leave it at just 23 MB!
I find the omission of the Antivirus to be desirable as the Comodo Antivirus is not well regarded in established tests. I don't like it and I was not happy to see it taking development energy away from Defense+ which is quite respected in various tests.
Removing the "trusted" software vendors is a great modification; the whole idea was flawed from the beginning: A software vendor may be trustworthy in not taking malicious actions, their programs however can be hacked and then be used for malicious actions which Comodo will not block (as they seem to originate from a trusted vendor). Internet Explorer is an infamous example as it has been used for many years by hackers to take control of systems.
AutoSandboxing is bad for two reasons: Firstly, legitimate programs running in the sandbox will not function correctly if Comodo is uninstalled as their previous settings will be lost to them. Secondly, while the system may be safer from a hacked application in the sandbox, the malware can still expose any private data this application can access to the wrong people.
Blocking Comodo from phoning home is a matter of principle: despite several complains in the forum
, Comodo will still try to connect to remote servers even if all related options are turned off. This is unacceptable in a security application which is meant to block unidentified or unwanted connections and therefore we have to tell Comodo to block itself.
So what we are left with? An excellent firewall with the greatest self-protection out there and Defense+, a powerful (although a little outdated) host intrusion prevention system.How:
So, here is what to do to keep Comodo clean and neat with only the needed features:1)
Download the Comodo 5.12 installation package. It's no longer found on the official Comodo locations, but you can find it at Filehorse
. The file size is 98,142,056 bytes. Big!2)
Extract the MSI installer. 7-zip
is the easiest way to do this, just install this excellent free, open source archiver and right click on the large installer you got in the 1st step. Extract the files and find cis_setup_x86.msi (for 32 bit systems) or cis_setup_x64.msi (for 64bit systems) there.3)
Install Comodo from the MSI installer, unchecking the Antivirus option. DO NOT RESTART when the installation ends!4)
Unlink the Explorer integration of Comodo (context menu cluttering) by running the command
regsvr32 /u "%ProgramFiles%\COMODO\COMODO Internet Security\cavshell.dll"
This is necessary to delete cavshell.dll in the next step.5)
Go to the Comodo installation directory and delete everything EXCEPT for these:
COMODO - Firewall Security.cfgx
COMODO - Internet Security.cfgx
COMODO - Proactive Security.cfgx
Run cfp.exe and apply the following settings:
a) Firewall > Network Security Policy > Change the Firewall rule for Comodo to a blocked application.
b) Firewall > Don't Create rules for safe applications
c) Firewall > Show popup alerts (you may disable them later)
d) Firewall > Don't show Trustconnect alerts (both)
e) Firewall > Firewall security level > Custom policy
f) Preferences > Don't Auto check program updates
g) Preferences > Disable Comodo Message center
h) Preferences > Update > Disable
Comodo will still try to phone home but we have already dealt with that in rule (a)
If you have installed proactive security, then the following options also apply:
i) Defense+ > Don't create rules for safe applications 7)
j) Defense+ > Show popup alerts (you may disable them later after)
k) Defense+ > Execution Control > Disable "treat unrecognized files as" (important!)
l) Defense+ > Execution Control > Disable both "cloud" options
m) Defense+ > Sandbox > Disable both "Automatically" detect/trust installers
Phew. You can now restart. The Firewall and Defense+ will work fine. Manual sandboxing will work if you need it (remember, Comodo-sandboxed applications can still read your documents so you better use a real virtual machine for trying dodgy stuff). You will be getting more alerts from Defense+ which is natural because software is now untrusted by default. Which I think was Comodo's philosophy until recently.
Auto update will not work but I have always had bad experiences with Comodo updates and I prefer to do them manually after reading feedback in the official forum. The built-in Diagnostics will naturally tell you about problems in your installation as well. But I beg to differ...