Hello. After installing CIS 6.2 (clean install with previously uninstalling 5.10) i’ve experienced some strange things: CryptSVC through host process (svchost), from time to time send HTTP request to Akamai CDN servers. Wireshark dump showed me such requests:
-Select Start » Control Panel.
-Double-click Internet Options.
-Select the Advanced tab.
-In the Security section, uncheck the Check for publisher's certificate revocation option.
But first, its really secure hole, and second, it's doesn't helps. CRL requests still occurs.
I guess CIS 6.2 do some request to MS Crypto API, I'm right? What is it, bug оr new security feature from CIS 6.2?
P.S. Windows 7 x64 with latest updates (exclude IE 10 and RDP 8.0).
I also got CIS v6.2 when i re-installed my laptop and was not happy with it. After a complete unsinstall of CIS and Dragon I had a lot of problems reaching SSL secured sites or for instance use Windows Update.
I saw a lot of connections from windows services and applications to ??? in a “CLOSE_WAIT” state to address 178.255.87.3 / no-dns-yet.ccanet.co.uk on tcp 443 (using netstat -fb).
The certsentry dlls still existed in the System32 and SysWoW64 directories, so it was not uninstalled
I had to manualy unregister them using :
“%SystemRoot%\System32\regsvr32.exe” -u “%SystemRoot%\System32\certsentry.dll”
“%SystemRoot%\SysWoW64\regsvr32.exe” -u “%SystemRoot%\SysWoW64\certsentry.dll”
and then archive the dll-s for safe keeping and remove them from the System directories.
After a reboot i could browse SSL secured sites and download updates normally.
I do still wonder why Certsentry caused allmost all SSL communication to fail on this laptop. It may have to do with the virusscanner - i tested Avira Avast and Bitdefender (not at the same time), and both have transparent proxy techniques (which is why i’m not keeping them) with a generated root certificate. Or it may be caused by OpenDNS, who knows…
IMHO the CertSentry should at least have its own installer / uninstaller utility, so you can choose to remove it separately from other Comodo software and have a normal way to uninstall it if for some reason it is left after a dragon / CIS uninstall.
Greetings,
Mick
Mod edit: Correction made, Captainsticks.