Can not update cis 3.10 to 3.11. Getting error 109

I am trying to update cis 3.10 to 3.11. Several attempts failed with error 109 alleging I have a network problem. I tried it on several occasions spread over 2 days. I have no network problems (at least not with anything else, but cis). I tried updating using the install file CIS_Setup_3.11.108364.552_XP_Vista_x32.exe but it does not work (I do not wish to uninstall and reinstall if it means losing all the setup I have acquired by now).

Help ! anybody. Thanks

You can export your configuration so that you can import it again after the installation of 3.11. Go to Misceallaneous → Manage my configurations → select the active configuration → Export → store in a folder that is not part of the Comodo installation folder to prevent it from getting deleted by the uninstaller.

After installing 3.11 use Import → give the new config an appealing name → Activate the config after it was imported.

Since the installer is meeting problems make sure Windows Firewall is not switched on. Also make sure other security programs are not interfering. Try temporarily disabling them.

Next step is to take a look to see if there are some old drivers of your previous security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

Thanks for your prompt reply.
When I mentioned setup I meant also Firewall and Defence+ rules which I set since starting to use CIS. Obviously, I don’t want lose them. Are those included in the setup export and import ?

Also, do you think that Comodo will fix the update function so people will not have to go thru the process which you mentioned ??? I have never encountered this problem before, but I read that other people did.

Currently I am only using the FW so I may be able to wait awhile, since most of the fixes were made in the AV part.

BTW, I am on XP SP3.

Thanks again.

The export/import will maintain both Firewall and D+ rules. If you want to keep the list of Trusted vendors you need to manually copy the vendor.nme in the database folder.

I just reminded the following bug recently reported where a stray proxy setting in the registry messes with AV updates. See if if relates to your problem as well:;msg321768#msg321768 .

The configurations you are using from which version of CIS do they start? It is recommended not to use the configs of 3.8 or earlier because of a change in the way the rules are stored.

Hi guys

I’m also having this same problem and am also on XP SP3. Just arrived here when trying for a few days without success and wondered if anyone else was experiencing the same. Just thought i’d post a response in case there are other simalarities that could help resolve.

Mine always fails when it gets to 10% of the update downloaded.

I am also running ESET NOD32 AV v4.0.437.0.

I also noticed in the proactive defense files awaiting review the followiing file currently flagged as untrusted;

C:\Documents and Settings\User\Local Settings\Temp\Comodo\Firewall Pro\Data\TempFiles\cfp.exe


Could you try with ESET pauzed/suspended/disabled what ever it’s named ?

Hi Ronny

Just tried that with ESET disabled and with cfp.exe added to my safe files but still no joy, still fails at 10% with error 109.

Not sure what else to try :frowning:


You can try to capture the network traffic to see if there is a clue there.

You can try SmartSniff from Nirsoft here:

If you need help using/analyzing it please let me know.

Hi Ronny

I have that set up now having also installed MS Network Monitor Driver protocol on my network connection.

I have SmartSniff open with a few index entries in the top half of the SmartSniff window. I’m guess I should be looking at the last one of these, this has 16 packets in which I think captured the point where things failed but what should I be looking for in the bottom half of the window?


Does the AV program work as a local proxy? It so, then you could try to make the Loopback Zone a trusted zone in your Global Rules.

Go to Firewall → Common Tasks → My Network Zones → there should be an entry Loopback Zone by default.

When there is no entry for Loopback Zone there we are going to add it: Add → A network zone → give it a name, f.e.: Loopback Zone → Apply. Now select Loopback Zone → Add → A new address → choose an IP address mask → fill in → Apply → Apply. We are now back under Firewall → Common Tasks.

Now we are going to add the Loopback Zone to the Global Rules using the Stealth Ports Wizard. Go to Firewall Common Tasks → Stealth Ports Wizard → choose 'Define a new trusted network stealth my ports to Everyone else"–> Next → choose “I would like to trust an existing My Network Zone” → select Loopback Zone from the drop down menu at the bottom → Finish.

We are done. Go to Firewall → Advanced → Network Security Policy → Global Rules and see the Loopback zone added.

Hi Eric,

I’m not sure about your question relating to ESET, I think it may work like that…

I already had the loopback zone but I followed your advice to add it to the Global Rules using the Stealth Ports Wizard.

Unfortunately this still didn’t solve but looking in ESET’s Advanced Set Up Tree, under “Antivirus and antispyware” > “Web access protection” > “HTTP, HTTPS” > “Web browsers” ;

This dialog in ESET shows;

"To increase security, we recommend that you mark any application used as an Internet browser by checking the appropriate box. If an application is not marked as a web browser, data transferred using that application may not be scanned.

To resolve performance or compatibility problems, you can exclude applications from content filtering by putting a cross in the appropriate box.
Note: This setting should only be applied if you are sure that the data transmitted by the application is safe. Do not exclude web browsers or email clients!"

C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe was already ticked, so I changed this to a cross and this has now allowed me to get past the 10% download glitch. I now get about 90% of Comodo update downloaded before now being presented by a 108 error.

Am going to now try also putting a cross next the following and retry;
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

It seems that just disabling ESET AV was not stopping it from doing the above AV traffic filtering.
Shall report back in a minute on how the next attempt goes.


Hi Eric,


Having both of those items I mention in my last post with a cross beside them in the ESET advanced config allowed the update to take place. Also didnt have to totally disable the AV this way whilst the update was taking place.

All seems ok now, Comodo now reports Product Version 3.11.108364.552

Hopefully this will help other ESET users out if they experience similar issue.


PS would be interesting to know whether dresnick12 is also using ESET AV, he only mentioned that he was only using Comodo Firewall inferring not using Comodo AV.

Let’s hope dresnick shows up again…

Thanks for posting the ESET info, I’ve been having the same situation for awhile, by x’ng the box for cfpupdat.exe it worked!!

Maybe this will be helpful for others, The attached file shows the settings for the comodo modules in ESET that worked for me.

[attachment deleted by admin]