Installed CIS v8.4.0.5165. COMODO Internet Security rule is present and allowing all outgoing requests under Firewall Application Rules.
After I start up my PC and Windows has loaded up, CIS asks me if to allow “cmdinstall.exe” to connect to internet…
Luckily the alert has a link to the file so I could check what it is. Well, it is CIS’s own component, in CIS’s install folder, even has a certificate by Comodo Security Solutions.
So… why does CIS ask my permission about its own component, which by firewall rule should be allowed?
I could think of two reasons:
Either the developers forgot to update COMODO Internet Security firewall rule to include cmdinstall.exe
Or cmdinstall.exe isn’t supposed to connect to the internet at all, which would mean that official installer is… infected with a backdoor?
If you look under the file group for COMODO Internet Security, you’ll notice cmdinstall.exe is NOT listed within that group so yes you can say Comodo forgot to include it in the file group. But you shouldn’t be getting an alert anyways because cmdinstall is a trusted application due to being digitally signed by comodo. This assumes the firewall is in safe mode, otherwise if it is set to custom ruleset then the firewall will alert for any application in which there isn’t a rule defined for the application to allow access.
Ohh! I used v5.12 before upgrading to 8.4. Didn’t use Defense+ on it, was too complicated and annoying. So forgot all about it, its features. After installing 8.4 I didn’t bother checking out File Rating part, I thought it was just a typical gimmick feature like on many other applications nowadays. Well, I was wrong, it is actually very important too.