Making other security programs work with CIS (v5)

[mouse1]

Security packages from different vendors commonly conflict with each other. This happens because security software makes use of very deep and powerful operating system facilities. These facilities may be so fundamental that the OS cannot fully coordinate their use. Security packages cannot co-ordinate their activities themselves, as they don’t know what each other is doing. So they may conflict – usually when two packages are trying to do the same thing - causing malfunctions, crashes, or high CPU usage.

For this reason Comodo cannot guarantee that CIS will work harmoniously with security software from all other vendors. The developers try to make it run with most of the major suites, but do not guarantee this. Settings changes are normally required, but even these may not resolve conflicts. Conflicts may be such as to reduce the effectiveness of either or all security packages running on the same machine.

This topic gives guidance on how to set up CIS and other security packages to reduce the likelihood of conflicts. There are three options, two recommended and one non-recommended option, plus a combination option. Unless you have tried both recommended options please do not report conflicts as bugs.

• Disable overlapping security functions. (Recommended option).
• Disable or enable 'enhanced protection' on 32 bit systems. (Recommended option).
• Retain overlapping functions but reduce effect of overlaps. (Not usually sufficient but may work).

In difficult cases you can try combining all three options

When you use these options this you must consider all potentially overlapping functions in all security packages. You need to consider specialist packages (eg Spybot antispyware) as well as general purpose suites. Please also make sure you reboot after making setting changes.



This FAQ has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone, especially: Andyman). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.Please help us improve this FAQ by posting any comments you may have on this FAQ here.


Updated: 18 March 2013, to reflect changes up to CIS version 5.12.xxx

[mouse1]

In this option you reduce conflicts by disabling overlapping functions.

Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. The CIS AV facility may be weaker than that in some other AVs (eg Avira) so you may wish to disable the CIS function. Real time and batch scanning functions normally need to be separately disabled. If you wish to disable this function completely in CIS you need to disable both batch and real time scanning separately under ‘Scanner Settings’.

Defense plus / Program behaviour control
CIS Defense plus overlaps program behavior control systems and local 'behaviour blockers' in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. The CIS facility  is stronger than in most other packages, so it is best to disable this facility in the other package. If you wish to fully disable this function in CIS you must use the tick box marked ‘disable the defense plus permanently’ in Defense Plus Settings ~ General Settings and reboot – don’t just use the slider.

Firewall
Overlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. The CIS facility is stronger than in most other packages, so it is usually best to disable this facility in the other package. If you wish to disable this function completely in CIS you need to disable it using the slider in Firewall Behavior Settings ~ General Settings .

[mouse1]

In this option you reduce the effects of overlaps by:

• Preventing packages from monitoring each other by excluding security package directories from monitoring.
• Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.

This option is much more difficult to implement  - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.

Excluding directories
You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude all directories – those under Documents and Settings as well as Program Files, and within Documents and Settings, those under the All Users profile as well as those under normal users' profiles, and in each user profile under %Userprofile%\Local Settings \Application Data (a hidden directory) as well as %UserProfile%\Application data. Also all subdirectories of these directories.

You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.

Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you can do this using the Exclusions tab in Scanner Settings. If you wish to reschedule batch scans in CIS you need to use Antivirus ~ Scheduled Scans.

Defense plus / Program behaviour control
CIS Defense plus overlaps program behavior control systems and local 'behaviour blockers' in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. If you wish to exclude other security packages directories in CIS you are best to make the contents of these directories ‘Installer/Updaters’ in the Computer Security Policy ~ Defense Plus rules. Making them ‘Trusted Files’ may not be sufficient. The easiest way to do this is to create a File Group which includes all the directories involved using the Groups button in say the Protected files tab of the Computer Security Policy, and then apply the Installer/Updater policy to this group using Computer Security Polcy ~ Defense Plus Rules ~ Add.

Firewall
Overlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. If you wish to exclude other package’s directories in CIS you need to do this by making Application Allow rules for incoming and outgoing communication in the Network Security Policy. The easiest way to do this is to create an allow rule which references the Defense+ file group you may have created in the last section. If you do not have a Defense+ group see the last section for how to create it.

[mouse1]

If you are using a 32 bit system you can disable or enable enhanced protection mode under D+ ~ D+ settings ~ General Settings and reboot

This toggles the way D+ hooks into the OS. If you change it to a way not used by the other security program it may resolve a conflict.

Note: Unticking this setting on a 64 bit system will result in lower security.