I recently installed Winodws 11 as a test OS and then installed CIS 2025 on it, it ran successfully for several days without incident using HIPS + Firewall.
Yesterday evening I get a popup that CIS detected that CIS.exe wanted permissions to some files and I stupidly pressed ‘accept’ and to save the setting in the verbose popup that shows whenever there is a comodo issue you do not have a profile for.
I then get a few more popups regarding file access and then a popup that cis wanted access to cis.exe in memory, which I also pressed accept to.
Then nothing.
When I attempted to click on the CIS tray icon, nothing would happen and after a long wait there would be a popup that CIS was having an issue and to launh the troubleshooter.
The troubleshooter would start and it would not be able to do anything.
So I figured I’d reboot and try my luck.
After a reboot, CIS Tray icon appears but I am still not able to do anything.
So I figure I’ll go into regedit to check the Policy rules I just applied. But those registry keys are blocked by CIS when it is running. (But you are somehow able to press ‘export’ on all the keys to a .reg file so you can see all the settings that way).
So I reboot into Safe Mode with command prompt and lanuch regedit that way, then load the SYSTEM hive to look at the policy settings. I compare my configuration with the default and notice that the 2 default policies for “COMODO 2025” no longer exist and that I instead had 2 policies set for comodo files directly, i.e. they were missing all the “Allow” permissions they would normally have.
So I decide to copy the settings from the other policy to a reg file, clear the 2 erroneous policies (using their numbers as the target for the copied settings) and import the two default comodo settings. Thinking that I now have a correct HIPS Setup for Comodo I reboot. Only to find that the CIS Tray still does not launch the comodo UI and the troubleshooter starting again.
I then decide to uninstall CIS2025 but I am told that this is blocked by an administrator…
SO I have to reboot into safe mode again and set all 4-5 Comodo Services from Automatic Start to DISABLED. Reboot again into Windows and now I can uninstall comodo.
After uninstallation I check the registry and see that the Comodo registry settings are gone and I do another reboot.
I then proceed to run the CIS2025 installer anew, selecting Firewall/Antivirus and rebooting afer it has successfully been installed.
Upong launching windows now, I am STILL unable to access the comodo user interface to configure it, and the troubleshooter eventually starts up.
So now I’m stuck and it seems like I can no longer run CIS2025 on my system.
So:
How can I manually remove all traces of Comodo so I can perhaps be able to install it succesfully again.
(I checked the default HKCU/Software, HKLM/Software and HKLM/System/CurrentConfig/Services… areas and those were clean, as well the Proram Files, Program files (x86) and Programdata folders to see that there were no traces of Comodo there. In addition to running RAPR to remove the Driverstore traces (2 entries) for Comodo.