cfp.exe1 & cmdagent.exe1 files found in CFP

I was looking in my CFP install directory and found the following files:


why would these files exist along with the “real” executable files:

I found them when I was copying both cfp.exe & cmdagent.exe to BOClean’s Program

Just wanted to make sure that my CFP didn’t get hacked or something.

Best regards,

The .exe1 files are not standard and are not created dynamically (at least AFAIK).

Can you please submit these to for analysis. It would also be worthwhile submitting them to Comodo for analysis as well.

Please keep us posted with the results.

Ewen :slight_smile:

Hi Ewen,

I went to to submit the files and all I could find were “Sponsored Links”.
How do I submit a file?


Sorry, I should have said

Ok, I ran all 4 of the above mentioned files through and got the same response for all of them …

Panda 2008.04.06 Suspicious file

Any idea what this means? Should I try to reinstall CFP?


Hi Jim,

Just a thought on something you could look at.On the two files concerned if you right click on them and choose properties then Digital Signatures does it say the files where signed by Comodo?
Also have you ever ran the diagnostics/repair function.



ps on a side note why where you putting these files in BOClean excluder

They both have a digital signature of “Comodo CA Limited” so it guess they’re ok.

I put the files in the in BOClean Excluder because it was recommended somewhere on this site.


You can also put the BOClean folders into the exceptions list with regards to Defence+/Interprocess Memory access.This will stop BOClean from constantly coming up in the logs for each CFPV3 executable.

To do this Defence+/Advanced/Computer Security Policy,right click on the Comodo v3 enrty and choose “Edit”.Next click on “Protection Settings” and “Modify” next to Interprocess Memory access.Click on ADD and then Running Processes(Assuming you have BOClean running).Highlight BOCore.exe and select and BOC425.exe and select then “APPLY” to close all windows.
You should end up with this



[attachment deleted by admin]