CIS Defense+ is not completely disabled


  1. What you did: Completely disabled Defense+ with the setting “Deactivate the Defense+ permanently” and then reboot.
  2. What actually happened or you actually saw: In the “Trusted Files” of Defense+ the executables keeps getting catched by Comodo.
  3. What you expected to happen or see: A clean list of Trusted Files, for some reason I disabled completely the Defense+.
  4. How you tried to fix it & what happened: Completely disable all the Defense+ features (Sandbox, Execution Controls and Monitoring), did not work.
  5. If a software compatibility problem have U tried the compatibility fixes (link in format)?: Yes.
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): N/A.
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: Just install CIS and try to completely disable Defense+.
  8. Any other information (eg your guess regarding the cause, with reasons): Yes, this “bug” did not happen with CIS version 3 but from version 4 it started to happen.

B. FILES APPENDED. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Appended.
  2. Screenshots illustrating the bug: Appended.
  3. Screenshots of related CIS event logs: N/A.
  4. A CIS config report or file: N/A.
  5. Crash or freeze dump file: N/A.
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: N/A.


  1. CIS version, AV database version & configuration: 5.10.228257.2253, Firewall Security.
  2. a) Have you updated (without uninstall) from a previous version of CIS: Yes.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: Yes.
  3. a) Have you imported a config from a previous version of CIS: No.
    b) if so, have U tried a standard config (without losing settings - if not please do)?: N/A.
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No.
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Perma-Disabled, Sandbox=Disabled, Firewall=Safe, AV=Not installed.
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP, SP3, 32 bit, No Uac, Admin.
  7. Other security and utility software currently installed: None.
  8. Other security software previously installed at any time since Windows was last installed*: None.
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: None.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


As feedback I would say this is an interesting one.

Yes since Trusted Files are mostly part of D+, you might expect them to be disabled if D+ is disabled.

But, Trusted File status also confers some firewall privs and may affect the operation of the AV too.

So maybe in practice it is right that the operation of the trusted file list does not depend on that switch.

BTW the best way to ensure trusted files are ignored is to switch to paranoid mode in D+, but get ready for lots of alerts :slight_smile:

If you just want to stop CIS adding (non-OS) entries. Disable cloud lookups. Untick ‘automatically scan unrecognsed files in the cloud’ and perhaps ‘Perform cloud-based behaviour analysis’ in Defense Plus settings ~ Execution control settings. Also in AV settings, scheduled and manual tabs, you may need to disable cloud scanning. Now delete all the entries except Microsoft entries in the Trusted Vendor List

Here’s a FAQ on a related topic that covers the ground:;msg441942#msg441942

Best wishes


You may also want to consider to disable the option “Automatically trust files from Trusted Installers”. That may contribute as well.

corrected a humorous spelling error.
edit2: changed corrected spelling to what was intended… Eric

Tested what mouse said and it worked (took me 7 minutes to delete all the Trusted Soft Vendors :D), no more Trusted Files appear but I started to be spammed with alerts of every program that I use and didnt have in the “Firewall - Application Rules” :-[, so I decided to turn back all the changes and just leave Defense+ perma-disabled but nothing else.

Really my topic is a bit “OCD” but its annoying to see hundreds of process added in the Trusted Files, because I test a lot of software and in 1 week my list has 100 entries and I must do a “Purge” regularly to clean all the nonexistent files, but well, I will keep doing it because I saw that there is no choice.

Thanks to all!

Yes unfortunately you are turning off a lot of CIS’s automation, so you get a lot more alerts. Sorry should have been clearer about this


Good thought

And I think ‘rusting’ is what sometimes happens to files that get submitted for analysis :slight_smile:


Where did I write rusting in my previous reply? Just curious…


I will edit my post again as it was changed to “Automatically run files from trusted installers” where it should say “Automatically trust files from trusted installers”. :wink: