I recently was doing some research on the cryptography service, and found that besides for Windows updates, I have no use for it. I figured that on patch Tuesday, I will enable the Cryptography service for Windows updates (Windows update requires the service to be running for updates), then simply disable it when I’m done patching. When I disabled the service, CIS wouldn’t load on boot. The tray icon would not appear, so I couldn’t access CIS when I disabled the Cryptography service. Why is this service needed for CIS to run? It seems that the Cryptography service is useful for corporate environments, but I’m just a single home user. Is there a way to have Comodo Firewall working normally without the Cryptography service?
CIS Needs Cryptography Service Too Run?
CIS does not need cryptography service to run. At least not the Comodo Internet Security Helper Service.
Can you check with task manager what CIS processes are running or not. Which of the following are running or not running:
As always make sure there are no leftovers of security programs you had installed in the past. A possible left over can cause all sort of “strange effects”. Please run clean up tools for all security programs you had in the past. A list can be found here at the Eset website: ESET Knowledgebase .
Since the tray icon stopped working when I disabled the Cryptography serivce, I will assume its “cistray.exe”. When I first disabled the Cryptography service via services.msc, it would return back to “Manual” on startup with it running. I had to remove the cryptsvc.dll from the system32 folder to successfully disable the Cryptography service. Upon doing this, after the reboot, I then noticed that the CIS tray icon was missing. I assumed that the Cryptography serivce is being forced on by CIS. I saw there were 3 out of 4 Comodo processes running, but the tray icon was missing. So at least one of those 4 processes requires the Cryptography service.
I’m running a very recent reinstall, and the only security program I’m using is Comodo. I never installed anything else.
From what I read it seems that cistray.exe needs the Cryptographic service to run. Cistray.exe is not a core process so it is not a problem for security when it is not running.
Why it is needed is unclear to me as I am not a programmer, I am end user like yourself who happens to wear a badge. The dependencies of Cryptographic Services do not show cistray.exe more than likely because it is not a service.
I know no way of changing this. As far as I know you are the first to find and bring to our attention.
I’m glad I brought this to Comodo’s attention. Is there any chance that in a future patch, cistray.exe will not depend on the Cryptography service? Also, besides Windows Update, is there any reason to leave this service enabled? I couldn’t find anything about this, and it seems that having it running is more of a security concern then it being disabled. It handles certificates and stuff.
I don’t see a service that handles checks of certificates as a security risk. It’s necessary that the validity of certificates are checked. How else would we know if they are revoked?
Why are you so keen on disabling Cryptographic Service?
I always consider a service I don’t use a security risk. Since I would only enable this service when updating Windows, having it run when not needed is not a good idea. I want few services running as possible, and see unneeded processes running a security risk in my eyes. Is there any chance you can make the cistray.exe independant from the Cryptography Service?
I am not a Comodo employee or developer. I am an end user like yourself. I have no influence on design choices.
The best option the forum has to offer you is to make it a wish in Wishlist - CIS since it is strictly speaking not a bug.