able to kill cmdagent


Why i’m able to kill cmdagent process ? After doing this Diagnostics didnt report any problems… but CIS tray icon shows “disabled” an CIS was really disabled. It happens twice. Once itself ??? Second by me.

Win XP Pro SP3
CIS 3.5.57173.439
D+ Enabled Clean PC Mode
Firewall Enabled Safe Mode
etc :wink:

I’m not too good in english so i cannot provide any more details :-\


Hello, How did you kill cmdagent?

By default i cannot do that.
Happens only twice.

Second time just selected cmdagent.exe and ‘Kill Process’ :))

Sysinternals Process Explorer

Hello, Perhaps Comodo did not install correctly. Could you please re-install and try again? Please post back your results.
Thank you for reporting this. (CNY)

its possible to kill by using Comodo Active Process Viewer
ieg. Terminat and Block

it wouldl be hard to intercept term sig msg from Active Process Viewer and use it to disable protection ?

hm I did a run with Sysinternals Process Explorer downloaded at technet:

I got a error “Access Denied”.
Your installation could be damaged as Kyle said.

What version of CIS/comodo are you running?
(misc > about)

I tried on a vista machine, so the setup is not similar.
If you use the latest version, then this could possible be a bug, since I belive CMDagent should not close so easily!

Using Process Explorer, I wasn’t able to kill cmdagent.exe (D+ logs inform that PE was trying to access the memory of cmdagent.exe).

BUT, using the Active Process List built into CIS I was able to terminate and block cmdagent.exe. Oops :o And CIS still showed that all systems were active and running. I removed cmdagent.exe from the block list and restarted it from the Services window.

Is this a bug or intentional? Or maybe I have some odd rule somewhere?

Win XP Home SP3
CIS 3.5.57173.439
D+ Enabled Safe Mode
Firewall Enabled Safe Mode

It’s intentional, but I don’t understand why you would like to kill CIS using CIS ???

Why can CIS kill cis and no other product can ? Because it won’t monitor the things it does itself, and it does monitor the others…


Yes, I see. I was just experimenting whether and how CIS can be killed. And also testing the methods suggested by the original poster.

Well, it seems that there are 2 ways to kill CIS.

  1. using CIS itself
  2. download Icesword, make it a trusted app on CIS and then you can kill it…


You can kill CIS by using CIS, IceSword, Process Explorer. All the programs I named uses a driver (cmdagent.sys itself is a driver). Drivers have very high privileges, and can do pretty much anything without CIS offering any protection at all. Is CIS unable to defend itself? No, Defense+ can prevent damage from being done. You can either deny the program to load and/or create a driver. Or for extra protection, use a Limited User Account, and you won’t even have permission to load drivers.


  1. In latest CIS 468 diagnostics can detect and fix cmdagent malfunction
  2. What D+ mode were you when you killed cmdagent, was process termination monitoring enabled.