CIS - Firewall blocking Comodo???

My scheduled AV scan that started in the middle of the night is still running but frozen on one file (see embeded screen shot). Poking about inside Comodo’s log files, I see that the Firewall Events log shows that the firewall “Blocked” cmdagent.exe (Comodo process) at 5:13AM, just a little over 2 hours after the scheduled scan started.

Why is the firewall blocking the AV scan process from running any further than that file?

Other info…

I know about the 1 threat that is showing up so far. I just installed this latest version of CIS 5.3x and the threat is probably a false positive that I keep ignoring 1 time while further investigating the file but everythign I’ve checked so far, including a upload, shows this to be a false positive. I’ve reported the false positive to Comodo.

Windows XP-SP3, if that is needed.

Direct link to full size image…

What do I have to do to stop this from happening? You would think that cmdagent.exe is already a trusted file… isn’t it?

Check if you have anything in the Blocked Zones: Firewall → Network Security Policy → Blocked Zones.

And See if Comodo Internet Security group is in Network Policy

CIS > Firewall > Network Security Policy :smiley:

Hope this helps


In answer to both of the above replies. See below screenshots.

On a side note, while CIS GUI was open, on the summary page, I saw that the definitions hadn’t updated since 3AM which is when this scan started so I clicked on that date/time link to do the manual update and got the error code below (see 3rd screen shot).

CIS>Firewall>Network Security Policy>Blocked Zones is blank.

CIS>Firewall>Network Security Policy>Application Rules

Is this supposed to have that one blocked part for block and log all unmatching requests for CIS?

Update eror while scan is still trying to run for over 12 hours now.

Hello LennyV39

Do you have any other Security Software Installed?

Yes Your Policy is fine…

I’m trying to reproduce your situation and i’m having difficulties;

Can you do the following,
CIS > More > Diag. - Report back the dialog that is presented
If nothing/ Does the issue still exist after a uninstall / Restart / Run a Registry Cleaner/Diskcleaner / restart > Install from a fresh download.

Before Reinstall/Install; Please Follow this Post



No other security programs running in the background.

I had to Exit CIS from the System Tray Icon in order to get rid of the “scanning…” window since it would not stop or close. Then I restarted my computer to get CIS restarted since clicking on the Start Menu> Comodo Internet Security would open the GUI but it didn’t put the shield back in the system tray. Even when I did the Exit from the System Tray, I was surprised to see the cfp.exe and the cmdagent.exe processes still running in Task Manager process list.

I ran diagnostics after restarting the computer and it’s showing all is fine.

I ran a Spyware Scan (the quickest one) manually and it finished fine. I’ll run a manual My Computer scan later and see what happens and report back.

I may not have been 100% clear in my initial post but I’ve been a CIS user for a couple of years, pretty much since CIS came out and whenever I upgrade to a new version, I start from scratch, using RevoUninstaller to uninstall the old version, then do a clean install of the new version. In case you don’t know, Revo does do registry cleaning when uninstalling a program so I didn’t run my usual WinASO Registry cleaner.

All was fine the first couple of days and I did the initial My Computer scan manually after the new install and then a couple of scheduled Critical Area scans (I run My Computer scans twice a week and Critical Area scans the other five nights). I’m scheduled for a My Computer scan tonight so I may just let it do it’s thing and report back tomorrow morning.

But… back to that inital BLOCKED in the firewall log, is there something I can check or do to list cmdagent.exe as trusted or safe so the firewall won’t block it again… or are the two places I’ve checked the place to check

EDIT - I also went into the Comodo Internet Seucurity Helper Service and changed the Recovery tab settings per that link you provided

The event where CIS blocks an incoming reply from the Cloud server has been noticed before. It may be caused by a slow reply of the server; subsequently breaking stateful inspection of the firewall.

In short nothing to worry about.

My scheduled scan completed last night without a problem.

While I understand where CIS firewall could block an incoming cloud packet, the timing of this “Blocked” action and my scanner stopping on a particular file at the same time still seems kind of strange to me.

I made some other changes today. Where I use to have the updater check for new definition files before doing a scan, I have turned that off since CIS pretty much checks for new definitions every six minutes anyhow. I noticed when doing a manual scan, the updater would open first and would seem to freeze at 90%. When I turned the update before scan, the scanner opens right away and starts doing it’s thing.

I had some other issue today that generated the popup to send an bug report to Comodo and it was a 17KB .Zip file. Should I attach that file here as well?

With regard to the crashing. Please file a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

You can then attach the crash log to the report. Please follow the bug report strictly otherwise you will have the change your bug will go unnoticed.

Here is my bug report thread.

While re-reading this thread, something I thought about that might be a cause or reason is that I think I changed the default AV settings… well I know I changed some of them… but the one I think might be an issue is that I checked “Enable Cloud Scanning” for my manual and scheduled scans. Do you all think this might be the cause since possibly it was a “cloud scan” that was blocked and then that caused the scanner to freeze up?

Make sure you mention in the bug report that you have Cloud scanning enabled for manual and scheduled scans and that the freeze happened during the Cloud scan. That should be sufficient information for the devs.

If they need more they will ask you.