CIS2025 "killed" itself after a rule popup for cis.exe which destroyed default policy for comodo application

I recently installed Winodws 11 as a test OS and then installed CIS 2025 on it, it ran successfully for several days without incident using HIPS + Firewall.

Yesterday evening I get a popup that CIS detected that CIS.exe wanted permissions to some files and I stupidly pressed ‘accept’ and to save the setting in the verbose popup that shows whenever there is a comodo issue you do not have a profile for.

I then get a few more popups regarding file access and then a popup that cis wanted access to cis.exe in memory, which I also pressed accept to.

Then nothing.

When I attempted to click on the CIS tray icon, nothing would happen and after a long wait there would be a popup that CIS was having an issue and to launh the troubleshooter.

The troubleshooter would start and it would not be able to do anything.

So I figured I’d reboot and try my luck.

After a reboot, CIS Tray icon appears but I am still not able to do anything.

So I figure I’ll go into regedit to check the Policy rules I just applied. But those registry keys are blocked by CIS when it is running. (But you are somehow able to press ‘export’ on all the keys to a .reg file so you can see all the settings that way).

So I reboot into Safe Mode with command prompt and lanuch regedit that way, then load the SYSTEM hive to look at the policy settings. I compare my configuration with the default and notice that the 2 default policies for “COMODO 2025” no longer exist and that I instead had 2 policies set for comodo files directly, i.e. they were missing all the “Allow” permissions they would normally have.

So I decide to copy the settings from the other policy to a reg file, clear the 2 erroneous policies (using their numbers as the target for the copied settings) and import the two default comodo settings. Thinking that I now have a correct HIPS Setup for Comodo I reboot. Only to find that the CIS Tray still does not launch the comodo UI and the troubleshooter starting again.

I then decide to uninstall CIS2025 but I am told that this is blocked by an administrator…

SO I have to reboot into safe mode again and set all 4-5 Comodo Services from Automatic Start to DISABLED. Reboot again into Windows and now I can uninstall comodo.

After uninstallation I check the registry and see that the Comodo registry settings are gone and I do another reboot.

I then proceed to run the CIS2025 installer anew, selecting Firewall/Antivirus and rebooting afer it has successfully been installed.

Upong launching windows now, I am STILL unable to access the comodo user interface to configure it, and the troubleshooter eventually starts up.

So now I’m stuck and it seems like I can no longer run CIS2025 on my system.

So:

How can I manually remove all traces of Comodo so I can perhaps be able to install it succesfully again.

(I checked the default HKCU/Software, HKLM/Software and HKLM/System/CurrentConfig/Services… areas and those were clean, as well the Proram Files, Program files (x86) and Programdata folders to see that there were no traces of Comodo there. In addition to running RAPR to remove the Driverstore traces (2 entries) for Comodo.

1 Like

Should also add that after uninstalling Comodo again, rebooting, I attempted to just install the “FIrewall” module, thinking that prehaps there was some hidden HIPS issue causing CIS to not function but I still had the same problem unable to click the CIS Tray icon, the CIS shortcut and then eventually the troubleshooter launching and not being able to solve anything.

1 Like

i hope for a fast fix!!

Did a new attept yesterday, uninstalling, then had to take ownership of some registry keys that remained related to Firewall, something debugging as well as removing the service registrations remained after uninstallation (so removed with sc command).

Reinstalled, still broken.

Dont know what is missing that I need to remove to get it working again.

1 Like

Did you use the Uninstaller tool?
Did you remove the drivers as described in my post?
What about the the Installer Startup Entry that has to be manually removed from the Registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1 Like

Used the program uninstaller, then manually cleaned up what I could find.

Forgot to add that there were remaining *.sys filesin a /windows/ subfolder that I had to take ownership over and manually delete, after having already used RAPR to delete the two entries in the drivers filestore location.

Would be nice to know what the uninstaller looks for and removes, depending on how it is made I would assume it fails now that most of Comodo has already been removed, unless it just goes through each area and ignores what it cant find. Need to download it on my other computer and move it, as I do not go online on the computer without Comodo until I can get it working again.

Did a check in my Windows 11 installation for remaining pieces of comodo, checked registry, services, RAPR (Driverstore) and also used Autoruns from sysinternals to see if there was anything there. Nothing pointed to any Comodo pieces being left over. Also checked %Appdata%\Local, LocalLow and Remote as well as My Documents and Program Files, Program Files (x86) and ProgramData. Could not find anything Comodo.

Installed CIS 2025 to a different folder than the one I usually use (default) and waited a long time after installation, noticed there was a lot of process action by one of the Comodo services checking windows.dll files etc, and saw that cisinstaller was runnig. Waited some more then did a reboot.

After reboot I waited some more and observed file access with resmon, as it slowed down I then clicked the system tray icon for Comodo and got the usual “Comod Agent Unable to start would you like to troubleshoot”, which I did.

I then fired up Process Monitor from sysinternals but couldn’t seen anything in particular except that cmdInstall seemed to run for a long time, and that Comodo and Windows Defender both seemed to be running, as well as cmdagent continuously trying to do file access on the same comodo files over and over again (cmdinstall, cis.exe, cfpconfig and regbackup\product.dat).

Surprised to see so much activity in telemetry when I clicked ‘no’ to it during installation.

Also doesn’t seem normal that all of these Comodo processes should be active, compared to my Win10 installation of 8012 which only have cis.exe twice and cmdagent twice)

Mind you this was some time after starting the troubleshooter (without any indication that It was up…) so that might have been it.

Anyway, now that I have yet another failed install I’ll try the uninstaller.

Is there a more recent build w. FULL Installer for CIS2025 Free than the one I have already downloaded with files dated from May 2024? 12.3.3.8140

1 Like

I’m not sure why you want to install a version that has a revoked certificate issue. Just run the 3.1.0.55 removal tool and install the 8012 build until comodo provides updated installers.

4 Likes

Exactly what you said.
I myself would prefer to come through a product update as was mentioned in another topic.
Since it will make my work much easier, avoiding me having to do this on several of my clients’ machines.

Probably because I didn’t know there was a revoked certificate issue, you’re the first to mention it after all, and I assumed there was a bug in the application after that first HIPS popup that could be bypassed somehow once it was fully removed from the system. Didn’t see any notifications related to that in the system nor in the eventlog either.

1 Like

Anyway, installed 8012 and all is working. Also got a chance to import a profile made in 2025 version and it worked ok with the old and trusty 8012.

1 Like