cmdagent.exe process

dalek · October 2, 2007, 10:11pm

Hi

I’m sure this has been covered somewhere, but for the life of me I can’t find anything that relates to my question, so here goes.

Why can I not get permission in the services console to set as manual or disable, I am using an administrators account, even process explorer by sysinternals wont let me kill the process.(access denied) This is after I have exited the program.

I would like to be able to take possession of the cmdagent.exe process and be able to kill/stop it…

Cheers

Zito · October 3, 2007, 2:16pm

Explanation here

Little_Mac · October 3, 2007, 6:37pm

Welcome to the forums, dalek ~

cmdagent.exe is the core executable of the firewall. To be able to kill it you would have to kill the relevant services and drivers first. It might not even be viably possible at that point.

When you “exit” the program all you’re doing is shutting down the GUI (cpf.exe).

The idea is, the firewall is supposed to protect itself. If the user can easily terminate it, so can malware. If malware can terminate it, your system is not really protected. This is why firewall testers do “termination tests.” Some debugger might be able to kill it, but would likely cause a system crash in the process.

LM

dalek · October 3, 2007, 8:55pm

Thanks for the response, this sort of explains it to me, however I still would like to be able to go into services and either disable or set to manual, is the only other option to uninstall the app?

I understand the need for the program to be able to defend itself from malware, however at that point that just means the system is infected and will need cleaning, I still would want to be able to take ownership of the process.

Don’t get me wrong, I like the firewall, I just don’t use it that often (behind a router) and so when I am not using it, I (I being the operative word here) would like to be able to stop the process.

If this is not an option (and I believe it should be for those who know how to manage their PC’s security options) then maybe my best bet is to uninstall.

I will keep the Anti-Virus and I am preparing to use the Malware version.

Cheers

Edit: Keep up the good work

Little_Mac · October 4, 2007, 3:28pm

I’ve tried disabling it before (all services, drivers, etc); it can be disabled, although it doesn’t like it. Setting to Manual doesn’t seem to work in line with my intent.

You can set cpf.exe to not run when you log in to Windows, which removes the gui aspect of it. Taking cmdagent.exe out of the startup wouldn’t be good, though, unless you disable all services.

What I’m not sure about is:

I just don’t use it that often (behind a router)

If you’re behind a router, one presumes you have a high-speed connection, rather than dial-up. Provided that’s the case, why would you not use the firewall? Its purpose is not the same as a hardware firewall (presuming your router has one), and it does much that your hardware firewall would never be able to accomplish. On the other side of it, if you consider your system to be secure without a firewall, why would you install one?

I’m not asking to be confrontational, just trying to better understand your position/thought process.

LM

dalek · October 4, 2007, 8:21pm

Hi

I have already made it so it doesn’t run on startup, so the cpf.exe is not a problem (I usually make it a habit that when I want a program to run I start it manually, less clutter).

I do have DSL, I have been cleaning PC’s for a number of years, so I practice safe hex, so am not too worried about malware, unless I want it on my ststem, (I like to test things) just wanted to test the Comodo firewall out and see if it is up to snuff.

A properly tuned PC should be able to run smoothly, I’m sure you have come across a few HJT logs where the 04’s boggle the mind and users wonder why their PC is slow and yet some of the answers are to immediately increase RAM, where as if you manage the resources and processes properly (as required) then it should chug along nicely, so my question still is, why can I not take ownership of this process and shut it down, there are no dependencies so nothing else is affected.

I don’t believe your confrontational, however I think your trying to default on the side of caution, or the user isn’t smart enough so we will make it so it can’t be shut off or killed…decision for them…

Also you are right, the WinXP firewall is sufficient if I’m behind a NAT router, so why do I have it, as above I like to tinker with new programs and I have a couple of children who have their own machines, so I want to see if this is what would be good for them. And I do like it, but philosophically if it’s on my PC, I want control of it.

Cheers

Little_Mac · October 4, 2007, 9:04pm

Neither the XP FW nor the router have outbound protection; this software FW does. That’s the other part of its purpose - not just be a powerful SPI firewall, block unsolicited inbound connection attempts, control the manner in which applications are allowed to communicate, and so on, but also watches for hijack attempts on applications in the event you catch a drive-by download unawares (can happen regardless of your security settings), something slips past your AV (again fully possible) and so on. There are a number of reports from folks that found they had a problem only because CFP warned them. Anyway. Enough of the “why you need a software firewall” schtick.

If you want to disable CFP, you can do so. It’s not for the faint at heart, nor the computer literate. It’s only for the computer extra-literate… The thing is, it will restart (or attempt to restart) its core components on reboot; it will always do this. You can disable the services, and the nonUPnP drivers. You can disable the startup entries for the exe’s involved. This will typically result in instability, and frequently termination of connectivity. You won’t be able to start it manually; you’ll have to reset everything and reboot.

Essentially, I guess the design theory is that if you don’t want a firewall you won’t install it. If you do want a firewall, you will allow it run as it was designed. Due to the pernicious nature of malware, all security applications are working their way deeper into the system (even AVs), for security reasons and to reduce resource consumption (especially as user-demand for features increases). If you check system hooks, CFP is buried quite deeply; this adds to the difficulties in stopping it.

It can be done, but it won’t be pretty, and it won’t be operable. If you know your way around an HJT log, I would presume you can identify all necessary drivers & services to disable, and deal with any instabilities. As I said, I’ve done it (just to see if it could be done); it worked but wasn’t pretty. Given that part of my “job” here (volunteer, not employee) is to take a more cautious approach to user security (inasfar as Comodo products go) - as you’ve noted - I’m not keen on giving step by step instructions; if the developers want to they can step in and do so, but I think I’ll refrain…

I’m confident you are up to the task, and hope you have fun playing with it. Let us know how it goes!

LM

PS: You will have to be logged in as Admin to execute control.