CIS 6 working on off

I have been turning antiv, firewall and defense off, but alerts keep triggering. How do you stop them? Taskeng.exe keeps modifying CFPCONFIG.EXE which Comodo says it does not know. How do I handle this? Thanks

Edit: I changed some unneeded all caps to normal case. Eric

Did you disable the Behavioral Blocker? Also, can you please post a screenshot of one of these alerts which are still being triggered?


Chiron, thanks for your response. It is a new load of 6 without any previous Comodo having been loaded. I take from your response that this should not be happening. All 3 configurable AV, FW and Behavior are turned off yet the alerts keep coming. Windows confirms that protection has been turned off, I also noticed that Comodo altered some of Wins protected system files and it is also blocking Win from restoring any previous registry restor. When I scanned a couple of test computers with Comodo “Clean Endpoint” Comodo disabled all my security cameras on all test computers and I have not been able to restore them on any test computer yet despite reloading the security camera software. It remains blocked for some reason on all test computers. The only procedure I did on those computers was to run the “Clean Endpoint” on the computers that were working just fine before the run and now will not run the programs even though the scans came out without any threats found. So what is the best way to restore the Win system files altered by Comodo? (Which Win 7.1 says it can not restore) What is the best way to stop Comodo from blocking Win from restoring previous registries? How to stop Comodo from giving all the alerts despite being turned off and how to stop Comodo from interfering with the security cameras on all the test computers? The alert looks just like all the other alerts given when Comodo is working. Thanks.

Is the HIPS option activated? This can be found in the advanced options?

If so I believe you will need to disable that as well.

So Antivirus, Firewall and Behavior Blocker all switched off then requires a hidden 4th switch? OK. What about all the other questions? Thanks.

Can you please explain what you mean when you say that you noticed that Comodo altered some of the Windows system files? What was altered? A screenshot would be very helpful.

I’m not sure, but it may be related to the problem you described above. If system files were altered that can cause a lot of problems.


Thanks for your help. I fixed the problems by unloading Comodo and reloading Win from holographic disk. I then reloaded all the software and Comodo and all the software and operating system were restored to working condition. So after 13 hours of time restoring the computer, I have learned to never do a scan with Comodo. In the process I have learned that Win 8 has taken the title from Win 7 as being the most unstable operating system released by MS to date. Multiple blue screens that took a hard power restart of computer to clear and even the activation/verification crashed twice before it finally confirmed that Win 8 pro was genuine. Now all I have to figure out is how to stop “Explorer” from trying to connect to the internet all by itself, “Iexplorer” from trying to connect to the Internet all by itself and for it to constantly try to allow connections from the Internet to the computer despite Win 8 being configured not to allow any connections of any nature whatsoever and all update disabled. Yes, Comodo is necessary to block all these unwanted Internet connections that Win 8 is designed to allow despite being configured to allow no connection whatsoever. At least I am glad Comodo alerts me to all this hidden and unwanted connections, but I wish they did not happen after midnight like most of them do. Unfortunately, that is time when I need the security cameras to function and yes, they are also configured like everything else not to do any updating. Now Comodo recognizes “CFPCONFIG.EXE” as being safe and has stopped classifying it as unknown and as long as I never attempt a scan by Comodo, I am hoping that the operating system will not corrupt, the restore function being not blocked and all the software programs being rendered non functional even with reload. Yes, there is a 4th hidden switch to stop Comodo alerts after disabling the 3 given switches, so thanks for all your help getting Comodo to work. I use “SFC /SCANNOW” and “SIGVERIF” to see the integrity of system files/drivers.

I’m happy to hear that things are working better now. Just sorry to hear it took so much work to completely solve the problems.

Please let me know if you encounter any other issues.

Another question. What is the best way to stop Comodo pop up alerts from being immediately allowed without my input? I checked and the delay is still set to 2 minutes. “Iexplorer” requested the mouse and Comodo said it was safe so I allowed it. Then it requested screen and Comodo said it was safe, so I gave it. Then the next pop up Comodo window was immediately allowed without my input and then the next and the next and the next. How do I stop this behavior? Thanks. (“Explorer” and “Iexplorer” still request connection to Internet, but I manually block it.) (Right after this, all the security camera recordings stopped. Coincidence?)

Another question. Why does “MSCORSVW”(a MS system file?) constantly try to connect to the internet (Cambridge, Xo Communication, Akamai)? How should this be done? Thanks

I’m sorry, but I am not very familiar with the detailed specifics of the firewall component. Hopefully someone else will be able to help you with these questions.

It is most likely the Microsoft system file by that name that is used for the DotNet Framework. it precompiles .Net assemblies.

I don’t know why it connects to the outside world. It is connecting to Akamai Technologies. This is a big hosting company for big corporations and is often used for global load balancing and managing updates for programs. I do not worry when a program connects to Akamai.

To know for sure that MSCORSVW is the original file you can use Sigcheck to see if it is digitally signed by Microsoft.

Download this zip archive and unpack it to C:\Program Files\SysinternalsSuite\ . When done run sigcheck.reg to add it to the registry.

When this is done navigate to the folder it is in, look up and select MSCORSVW click right and choose Signature from the context menu. A black command box will pop up. See if it is signed or not.

Eric, thank you for your input, help and software. The pop up in Comodo still auto accepts after “Iexplorer” requested mouse and then screen. Is there an easy way to stop this, since it is auto accepting connections to the internet. The computer will not download your helpful file yet, so I haven’t been able to confirm integrity yet, but I am still trying. Thanks.

Do I understand you correctly you are running D+ in Paranoid mode? That would explain the plethora of alerts behind one another.

What I think is happening is when you get an alert while you had not answered a previous alert the new alert will cover the previous one. Simply move them around until you have all the alerts separated.

Eric, not exactly. Yes, I do get multiple alerts at times and that usually is not a problem to handle. What is happening now is that Win/Comodo is answering the alerts all by itself and allowing those that it wants regardless if I want to block them. It allows me to allow changes to certificates, restore functions and allowing processes afterwards, but it simply allows most alerts during the night without allowing me to block them. How do I stop Win/Comodo from answering/allowing the alerts automatically. It started immediately after “Iexplorer” requested mouse and then screen. Immediately after that it started to allow its selected alerts and leaving for me the certificates etc. How best to stop this? I was hopping, that I could simply block/stop all the unwanted processes/connections to the internet, all of which I do not need, but the block/terminate and remember dose not work. I still have not been able to download your test software, but still trying. All I get when I try to download it is “Waiting”, but while waiting I can do a speedtest and get top Comcast download speed through my top of the line 8 channel locked modem of 7+ mbs download and 1+ mbs upload that is the best $60/mo buys from Comcast.)(Comodo quick scan completes in less than 12 seconds and is always clean.) Thanks

If you are not replying to an alert CIS will block the requested action. By default an alert will stay on the screen for 120s. You can set that to a maximum of 999s.

When you gave CIS permission for a specific act, say write to a certain protected registry key, it will remember that answer for the Windows session.

Some users are reporting a problem with v6 where an alert only shows up briefly with as result they cannot answer alerts.

Eric, thanks for the info. All I know is that after the alerts flash by, I get alerts to ok certificates and ok restore privileges. I hope this can be fixed soon. I still am waiting to download your software. Thanks

Do you mean they stay on the screen for a second or less and cannot be clicked on?

I still am waiting to download your software. Thanks
I tried the download link for Sigcheck shell extension and it worked for me. It may be a browser related issue.

Please clean your browser’s cache, restart the browser and try again. Otherwise try another browser. Are you using non standard policies for your browser(s)?

Do you mean scan your endpoint with cleaning.essentials??
I ran a full scan weeks back and all my permissions were changed in system files and folders, my windows 8 was fried.
I had some other things going on at the time but since i use acronis and clone my disk periodically i switched the sata cable to the other hard drive and was back to normal and just wrote it off as coincident. but always had a feeling that cleaning essentials installed through cis 6 2674 did it…

Eric, got sigverify downloaded (using IE 10 the problem) placed and installed, but when I click on signature for mscorsvw it simply only goes to openwith program and then nothing no mater what I do.

I noticed that Java is now malware. Is there a way in Comodo to prevent it or do I need to disable/enable it in Win?

Portabledevice, Mscorservw, Defender (Yes it is disabled and Win confirms it.), Explorer and Iexplorer are the most frequent connectors to the internet, despite disabling all update, file sharing and network discovery. Is there an easy way to block at the computer level, access to the internet gateway for these 4, but allow my easy use of Iexplorer? Thanks