Installed CIS v18.104.22.16865. COMODO Internet Security rule is present and allowing all outgoing requests under Firewall Application Rules.
After I start up my PC and Windows has loaded up, CIS asks me if to allow “cmdinstall.exe” to connect to internet…
Luckily the alert has a link to the file so I could check what it is. Well, it is CIS’s own component, in CIS’s install folder, even has a certificate by Comodo Security Solutions.
So… why does CIS ask my permission about its own component, which by firewall rule should be allowed?
I could think of two reasons:
Either the developers forgot to update COMODO Internet Security firewall rule to include cmdinstall.exe
Or cmdinstall.exe isn’t supposed to connect to the internet at all, which would mean that official installer is… infected with a backdoor?
Well, anyone care to give explanations?
If you look under the file group for COMODO Internet Security, you’ll notice cmdinstall.exe is NOT listed within that group so yes you can say Comodo forgot to include it in the file group. But you shouldn’t be getting an alert anyways because cmdinstall is a trusted application due to being digitally signed by comodo. This assumes the firewall is in safe mode, otherwise if it is set to custom ruleset then the firewall will alert for any application in which there isn’t a rule defined for the application to allow access.
Where do you check the file group?
Open advanced settings and on the side click on file rating then go to file groups.
Ohh! I used v5.12 before upgrading to 8.4. Didn’t use Defense+ on it, was too complicated and annoying. So forgot all about it, its features. After installing 8.4 I didn’t bother checking out File Rating part, I thought it was just a typical gimmick feature like on many other applications nowadays. Well, I was wrong, it is actually very important too.
Thank you, futuretech.