362 pop ups to install one programme!

I recommended Comodo to a friend, but they uninstalled it after a couple of days due to the constant pop ups and went back to ZA.

I have had Comodo for around a year and have stayed with it despite the large number of pop ups, usually 30+. I updated a programme yesterday and had 55 pop ups. Today I updated IrfanView and counted 362 pop ups and it took about half an hour to install.

I had to update IrfanView on the laptop as well and ended up disabling Comodo rather than suffer the pop ups and it installed instantly.

I have a 32 bit Vista pc fully updated with Windows Updates. Comodo is version 5.0.163652.1142

Would the advice in this topic stop me getting constant pop ups?


When installing a program, which you trust and you trust the source you downloaded it from, it is easiest to either:

  • give the installer the requested elevated privileges. That is the alert you get when the sandbox is enabled. See attached image for elevated privileges alert
  • give the installer the Installer/updater policy. That is the alert you get when the sandbox is disabled.

Giving permissions one by one when installing a program. That is a demanding task.

[attachment deleted by admin]

I don’t have the Sandbox enabled so I think I get a different pop up.

I vaguely remember seeing Installer mentioned in the pop up, but it’s hard to remember without actually seeing the pop up. I shall try ticking the box in future.

That’s a standard D+ alert. It just gives you the option to sandbox the application if you’d like.

I’ve never seen the Sandbox option on any of the pop ups I’ve had.

My friend said he did tick the Installer option, but still got loads of pop ups.

Define for me loads of pop ups.

The Installer/Updater policy has a tremendous set of rights but there is one thing you will get notified about and that is when services.exe is being run to install a service or driver.

I’m being told 10-15 pop ups at start up.

All of my programmes are fully updated so I won’t know if clicking Installer will work until the next time something needs updated.

I just updated Faststone viewer and I think I got 1 or 2 pop ups asking permission for access to the internet.
I answered “Treat this application as” …Outgoing only
and ticked Remember

If a program has a Updater (Like GoogleUpdater) you can go to…

Defence+ → Computer Security Policy → Find the app you want → right click → Edit → Use a predefined Policy → select - Installer or Updater → Apply

see pic…

[attachment deleted by admin]

Thanks, that helps.

How do I know when to choose Outgoing or Installer?

Sorry for all the questions. Is there an idiot’s guide to using Comodo? What is the difference between the Firewall and Defense+?

I did find a post on Configuration, but the only thing I changed was to Proactive Security. I was too scared to change anything else in case I broke it. I got a svshost.exe pop up on start up this morning which I don’t normally get so I allowed it as a Web Browser.

Yep, Proactive is the way to go.

I think Comodo will only ask if it should give “installer” permissions if the program wants to make changes to sensitive areas of the system. Otherwise it only offers ‘outgoing’. For example, when I just updated Faststone, it didn’t offer ‘updater/installer’ it just offered ‘outgoing’.
To the Comodo aficionados out there - please correct me if I’m wrong

When I first installed CIS, it was after being infected (while using a paid AV & FW) and I was extremely skittish about trusting any AV. That’s when I heard about ‘HIPS’ and Comodo and it’s “default deny” policy, which made perfect sense to me. So the extra pop-ups didn’t bother me at all. And for the first month, I did get alot of warnings. But now, CIS is very quiet despite having the FW alerts set to ‘very high’.

As for the difference between a run-of-the-mill FW and Defence+…Defence is a HIPS - Host Intrusion Prevention System.


So I should allow it at whatever it default to, I don’t need to change anything?

Not sure I understand you, sorry.

This is probably the best place to go to answer your questions about the different alerts…

and also read this…

and you’ve probably already seen these guides, but just in case…

I wasn’t sure if the box next to “Treat application as” populated with the preferred action such as “Web Browser” or “Outgoing only” or whether the same action always appeared requiring me to change it to the correct one.

I now think it always appears as “Web Browser” and needs changed, but I’m not 100%.

Thanks for the links. I have read them, but there is sooooo many options to try to remember. I am trying to learn, and appreciate the help, but I’m finding it hard to remember exactly what to do in each situation as I feel under pressure to get rid of the alert ASAP.

I tried to read about the Predefined Policies, but is says it is for advanced users and I am definitely just a novice so I think I should leave well alone in case I break it.

you should really read the manual, because you maybe dont understand nearly the whole thing.

in the moment when you guess, you dont know. and would you drive a car, when you just guess how it works, how the rules are?
so dont do the same with using a pc in the internet.

i read so much mistakes here, that i would need to write the manual again to explain all. everyone is a noob one day. thats no argument to avoid to learn! its not a hill, its just a thing…

whenever you dont understand something, in each window is a “what is this?” button, and there is also a link to the manual under “more, help”.

just short for instant repair of the worst:
the FIREWALL (custom mode) should be set to block any unrequested ingoing traffic, by using one time the stealth port wizard setting 3. then go through the other settings windows and look what is there. understand what you are using.
easy, simple, basic way: if a trusted program really needs internet traffic, its enough to give it OUTgoing permission. a question doesnt mean automatically that the permission is needed :wink: , choose yourself which program should do what.
dont allow because its just asked!

the DEFENSE+ should be in safe mode (less questions). and in a question window you can scroll in “treat as”, until you find the right one. choose installer or updater to allow it temporary for this single installer, and you dont get questions while that.

dont guess, try to understand. it may be new stuff, but in the end its easy. and you are safer.

Haha, yeah I felt the same way, but you can set the pop ups to remain open for 999 seconds, which takes the pressure off.

Under FW, Defence+ and Antivirus you should go to ‘settings’ and look for “Keep an alert on screen for (seconds)”…and fill in the box … 999 … which is like 16 minutes.

I used to call my boy friend and ask his advice - >:(
or I would click on the link inside the alert (See pic) and then make sure it was signed -
or I would go to http://www.what-is-exe.com/ and look up the file if I was still unsure.

At first I was kind of overwhelmed, but now, after alot of reading, I feel at ease with CIS.
And like I said, now CIS doesn’t pester me very much at all.

[attachment deleted by admin]

Thanks BoredNow, I have changed the settings to give me more time to suss what I need to do.

clockwork, I am not “avoid to learn”. I am trying to learn by reading what I can find on here and asking questions. I find Comodo much less user friendly than other FW’s I have used, but I am willing to persevere and not give up at the first hurdle.

I only ever get pop ups when I install or upgrade a programme. As I am not doing this every day it may take a while until I next have to remember what to do. However I now have a better understanding of how to avoid the constant pop ups I was getting.

i tried to give a good and important advice. it wasnt meant personally. i know how it sounds when someone says “read the manual”. but in this case it is needed, because your posts showed some misunderstandings in the basic understanding… just an example: you seem not to know the difference between defense+ questions and firewall questions.

i find comodo much more userfriendly than others :smiley: . i noticed, when you want to have full control over other firewalls, they are not good understandable. they might be silent and appear userfriendly as long as you let them do all themself.
with comodo i knew each time what to do.
i learned the basic behaviour in front of a firewall with a very simple one. it was reduced to rules. as i understood what rules are important to be protected even by a simple firewall, using comodo firewall later was total userfriendly for me. i even dont have to make (very specific) rules for ingoing traffic for applications anymore, because this modern firewall allows requested packets to come in after they were requested by just an outgoing rule.

for people who want to have the control, this firewall is best. i often see people get lost in their forrest with thousand trees, but they planted these trees by guessing. when you understand the things (and it is easy to understand the IMPORTANT things), you will find the way.
and when you dont want to have the control, comodo firewall can protect you good enough for normal days internet use.

but again, make sure that at least all unrequested ingoing traffic is blocked. (stealth port wizard setting 3). no one in the internet is scanning your computer to help you! updates are requested by an outgoing rule, and the packets can come in.
i read from people who “guess” that they should allow ingoing traffic, because “it could be microsoft”…
NO ONE is scanning the internet to give you an update. “guess” should be translated as “danger”.

last suggestion: “treat as installer” should be choosed temporary only (dont mark “remember my answer”), because it allows even the child processes of something to be executed… it should be used to avoid questions WHILE an installation. as long as the installation runs, it will be treaten as an installer, no more question.

Another good rule of thumb: if you get a pop-up and aren’t sure how to answer, choose “Block” but don’t check the box to remember your answer. That way you can see how your system reacts until you can get help from elsewhere or see whether the block causes problems for legitimate applications.