Comodo AV Version 5.12.256249.2599 Won't Update

Changing the log in didn’t do a thing. It still gives me a “class not registered” error.

I’ll check it again tomorrow after my computer’s been turned off for awhile.

I still run Vista so I don’t know if that’s an issue or not.

Did you follow the instruction from Chiron:

Same issue, happened spontaneously immediately after it updated on 11/18/2013.
When I try to update manually, I get “Check your internet connection and try again later”.

I also get crash notices that send email reports to Comodo, which are rejected by the Comodo.

I have the same or similar issue. CIS version 5.12.256249.2599. I usually update my virus definitions manually 2 or 3 times per day by right clicking on the date/time of the latest definitions update in the summary page. For years this has always worked for me. But lately, after a few updates (sometimes a few days) it downloads the latest definition, then goes through the “activate” process, then sits on “finalize” for v-e-r-y long time and finally stops with the the same error everyone else is reporting: " Failed to update the virus signature database. Please check your internet connection and try again."

Interestingly, if I reboot the machine and try the update process the same way again it always works (so far). But then after a day or two, the updates fail once again, always that same way.

This first started happening a couple months ago on my old Toshiba laptop, but never happened on my desktop machine until last week. Now it’s happening every couple days even on the desktop. Both are Windows XP SP3 fully patched and up to date. The CIS diagnostic utility does not report any issues.
Any ideas?


I usually update once a week max. 10 days, but after I see the download is finished I hide and close gui and wait for balloon to say it is updated.

Updates then only fail if there is a problem with the actual download from Comodo, approx. 6/12 months since I had one.

Then if still online check again so it shows the correct date.

You only other choice that I know of is export config. (Please note export to other than a CIS folder) then uninstall and reinstall.


A few days ago, I tried the suggestion to change the logon for the “COMODO Internet Security Helper Service” (cmdagent process) from system to my administrative login, then rebooted for that to take effect. As before, the virus definition updates worked fine for the next several days. But last night, once again, I got the now-too-familiar “Failed to update the virus signature database. Please check your internet connection and try again” message bubble.

So, no change. Meanwhile, the advice to perform frequent uninstalling/reinstalling procedures is not a valid solution suggestion. And, given the number of reports about it, this issue affects a significant portion of the user base, many of whom, I suspect, use automatic scheduled virus definition updates and aren’t even aware that their definitions are out of date. That seems pretty dangerous.

Has anyone written this up as a proper bug report yet?

OK, so here’s progress of a sort:

This time, before rebooting, I tried a couple things. First, I closed cfp.exe (the Comodo CIS graphic user interface), reopened it, and tried to update the virus definitions. Once again, it downloaded several .cav files, went through the “updating” process, but failed to “finalize,” terminating with the usual error (“check internet connection”, etc.)

Then, again without rebooting, I used the “Defense” screen’s “view active process list” feature and killed the cmdagent.exe process (which stops the “Comodo Internet Security Helper Service”). I then restarted that service and tried updating virus definitions again. This time it went through the usual downloading of several .cav files, then went through the updating definitions process, then spent the usual very long time on “Finalizing” (using most of the cpu while it did this) and then, finally, went to “activating the new definitions updates” and closed with a successful definitions update!

SUCCESS (of a sort)! So, at least now we know that a full Windows system restart is not required (in my case, anyway). But I do need to kill the cmdagent process, restart the service and run virus definitions update again.

So what’s this tell us? I am not sure… but there is something going on with the cmdagent process that allows definitions to update for a while (a few days in my case) but then requires killing it and restarting the service before it will work after that.

Just to reiterate, I’m using Windows XP sp3, fully patched and up to date, and Comodo 5.12.256249.2599 with virus definitions updated to Virus Signature Database Version 17541 at this moment (Jan 2, 2014 1:20pm CST).

I hope this is helpful to whomever at CIS is looking into this matter. Meanwhile, if this behavior changes in any way, I’ll try to remember to update this thread with any new news.


CIS and Windows would report an outdated av database.

Has anyone written this up as a proper bug report yet?
V 5.12 is no longer supported so I don't know if filing a bug report for it would help... :-\

Thank you for posting this workaround.

Just an update here…
As before, virus definitions updates work for awhile, but after several days they start hanging on “Finalizing.” Meanwhile, the workaround continues to work OK. I.e., 1) Use CIS/Defense/Show Active Process and kill the cmdagent.exe process. 2) Immediately restart the “Comodo Internet Helper Service.” 3) Retry manual update again, and it works.

And now, I have a theory. Just a theory… no proof yet.

My internet connection is a DSL line via my local phone company. Periodically, my outside IP address changes automatically; this is a (somewhat weak) “security feature” of my DSL service and it usually happens every few days (I don’t know for sure how often, exactly). My theory is that when they change my IP the virus definitions stop working with the error “check internet connection”, etc. So maybe something happened during one of the CIS updates back in November or so that causes it, during the Finalizing process only, to try to use or refer to my previous IP address which doesn’t match up with the new IP? Now, this seems odd because the first several steps in the virus definition update process work ok. I watch it using the CIS/“Active Connections” feature and it connects to the Comodo IP, downloads the most recent .cav files, it goes through the “Applying the new definitions” part without error, but then hangs on “Finalizing” until I do the workaround thing again. So whatever the problem is, it seems connected only to the “Finalizing” portion of the multi-step definitions update processes.

Again, this is just a theory… difficult to prove because the IP address change happens only every few days and I cannot be absolutely sure that this exactly correlates to when the CIS definitions update/finalizing process begins to fail. But it’s the only thing that makes even remote sense to me so far. Does this make any sense to anyone else?

My workaround is not much trouble and I don’t mind doing it, really, as it only takes a minute. But it is probably a tad beyond the scope of the casual user who can accomplish the same thing by simply rebooting the PC. That, of course, also stops the cmdagent.exe process (and everything else) and restarts it when the operating system loads again. It just takes longer and is a bit more inconvenient.


I believe your talking about your ISP’s DHCP server lease period for assigning IPs. When your IP changes its going to drop your whole internet connection. Which is why it normally happens during system maintenance/down time. Is there a pattern to these changes?

Sorry for delay in replying…
Yes, that’s what I meant: my ISP DHCP lease period. But no, I have not been able to discern a pattern for the changes and/or whether that for sure correlates to the CIS definitions update failures.

I’ve been using Comodo almost since forever on a WinXP system and it seems that I’m also using this (old) version. My product is apparently still “up to date” when checking for updates mind you !

However, everything seems to have been just fine ever since whenever this particular version was first installed anyway but today good old Windoze Security Manager reports “virus protection out of date” or words to that effect. I’m pretty sure that I’ve never seen that at any time in the past or if I have done then it’s been so infrequently and/or so long ago that I can’t remember ever seeing it. On checking Comodo, the last virus signature update was on 26th Jan and as Comodo is set to automatically check for updates it usually does so at least daily if not hourly.

When manually forcing an update, Comodo appears to go through the motions of obtaining one but I’m now also getting the “failed to update” error message so the last update remains as 26th Jan despite repeated attempts.

This ‘problem’ has quite literally “just happened”, I don’t remember seeing it at any time in the past and I haven’t (intentionally !) changed or updated anything else on my system recently either. Apart from Comodo, all other updates are usually done manually because I much prefer not to have stuff automatically updating itself. It seems as though virus signature updates simply just stopped working correctly at some point not very long after 2015 hours on 26th Jan :frowning:

Just tried it Vista desktop, I normally do virus updates every 7/10 days.

Sorry I have no problems it update fine, please try again later or tomorrow.

Now on virus database 17691

Thanks for trying it out :slight_smile: Still nothing doing here in the UK on a WinXP system unfortunately so that’s a bit over 48 hours of being consistently unable to obtain an update to the database for whatever reason hence Windoze whining about it. I’m not really that concerned at all about it at the mo TBH … just so long as it’s not a permanent end to updates !

It’s a bit weird really as something (cav files ?) are referred to when manually updating but it just hangs and ultimately fails at the “finalising” stage. The last update was #17678 and of the several files that get mentioned during a manual update attempt the last one seems to be #17692, it’s just that I don’t think any significant amount of data is actually downloaded so the update doesn’t complete normally. It’s as though Comodo obtains the list of what to download but is then unable to actually get hold of the data for some reason or other. Comodo appears to be connecting to the ‘usual’ 2 server IPs and there’s nothing in any way strange in the firewall logs.

Anyway, here’s hoping that the ‘problem’ (whatever it is) suddenly goes away again sometime very soon just as curiously as it suddenly appeared !

@Dennis2. Just thinking out loud. Could this be a problem with a corrupted download in a temp folder that is being used in the process of updating the AV?

Sorry would not know.

It might worth clearing all temp folders for Comodo in program data.

Only time mine failed was when I tried to annoy it ;D

I obviously have no idea as to exactly how Comodo updates work or where all the relevant data is actually stored … but I have already found a tmp directory in a sensible and very appropriate looking place. It’s empty ! It may well be being used during the update process of course but if so then it’s obviously emptied as it should be at the end.

Is there perhaps a detailed log file lying around somewhere or even some kind of “debug mode” or suchlike that would result in Comodo being just a bit more explicit in what exactly it’s problem is rather than simply producing what is TBH a rather unhelpful error message ?

What I also found along the way was some other “interesting” looking Comodo files, xml files in particular, that appear to relate to some kind of Comodo advert campaign. The file dates are “suspicious” to say the very least as they are dated almost exactly 2 days after the last successful virus signature update was obtained. Here’s the plain text from a typical one:

<?xml version="1.0" encoding="utf-8"?>
    <tree description="Cis Complete and Pro campaign">
        <rootNode name = "CisCompleteOffer" reportUrl = "" timeOutMin = "600" dialogFile = "html/CisCompleteToPro/CisCompleteOffer.html" windowWidth="279" windowHeight="167" >
                <delayFromInstallAtLeast days="2"/>
                <Answer name = "NextOne.Yes" sysState = "EmptyForm"/>
                <Answer name = "NextOne.Yes" sysState = "WindowClosed"/>
                <Answer name = "NextOne.Yes" sysState = "WindowTimeIsOut"/>

        <node name = "CisProOffer" reportUrl = "" timeOutMin = "600" dialogFile = "html/CisCompleteToPro/CisProOffer.html" windowWidth="279" windowHeight="167" basisAnswer="CisCompleteOffer.NextOne.Yes" >
                <delayFromAnswer days="4"/>
                <Answer name = "NextOne.Yes" sysState = "EmptyForm"/>
                <Answer name = "NextOne.Yes" sysState = "WindowClosed"/>
                <Answer name = "NextOne.Yes" sysState = "WindowTimeIsOut"/>

They all relate to registry entries needless to say and note in particular the references to “delays” in terms of 2 and 4 days ! I’ve no idea what these files actually are or what they’re intended to do and I certainly don’t see any Ad screens, nag screens or anything similar popping up … but they definitely do look more than a bit suspicious in their timing as do various other bits ‘n’ pieces that were lying around nearby.

Preventing Comodo from accessing the particular directory also had some interesting results as well including a very good indication that virus signature data was then being downloaded during a manual update rather than there being no significant amount of data being downloaded. But sadly I still got the same end result of no valid update :frowning:

Are Comodo possibly trying to run some kinda Ad campaign here that is effectively disabling virus signature updates for a period of time in the hope that a user will ‘panic’ or whatever and go for some kind of paid-for upgrade ? If so then not only am I far from being impressed at the tactics but I’m not actually seeing the campaign in any case ! I only found what appears to be Comodo doing something very strange behind the scenes by poking around on the HD and in the Registry. I’m seriously tempted to go registry hacking and strip out anything that in any way relates to the various strange looking Comodo keys that I’ve found lying around but I’m resisting the temptation at the mo as it could obviously result in no end of other problems arising of course 88)

I may well be 100% wrong here … but if I were a betting man then I’m fairly sure that I’d be putting all my money on the problem suddenly going away again at somewhere around 2100 hours on either 30th Jan, 1st Feb or 3rd Feb. It will be very interesting to see if it actually does :stuck_out_tongue: although I could perhaps have ■■■■■■■ up the timing completely by playing around and preventing Comodo from accessing the relevant data files today.

EDIT: Some more maybe interesting info. I think I’ve found where the scanner data is lurking and I appear to have a file “bases.cav” dated at EXACTLY when the last successful virus signature update was obtained. There is also a file “bases.$$$” that is generated or at least modified every single time that an update is attempted. It seems as though all of the relevant update data has in fact been downloaded and is stored along with the program files so it is available locally but it’s just not being processed correctly or is deemed unacceptable for one reason or another.

Assuming that there isn’t some fundamental and known problem with the apparent Ad campaign, how good ( or perhaps more likely BAD :wink: ) an idea is it to delete the file “bases.$$$” just in case it contains some historic error or data corruption and hope that not finding the file will force Comodo to obtain all of the required data again the next time an update is attempted ? Alternatively, how about starting fresh and just deleting both files then manually downloading a copy of the latest virus signature database ? It would appear that #17692 is available for download.

You can try removing delete but copy before the other bases.$$$ cav if it will not delete rename as oldbases.$$$ then reboot.

If I remember correctly when CIS V5 was released I check this and this file was created during the update but should disappear after.

I checked the Comodo temp folder in program data but did not find anything the was modified or created during the last update I did on Vista desktop.


ambrougham (and others having this issue, where CIS virus definition hangs on “Finalizing” and then fails to update)… Did you read through my attempts to figure this out and did you try my “workaround?” It continues to work for me – in fact, I just had to do it again today.

Workaround 1. This takes longer. Simply reboot and try your virus definitions update again.

Workaround 2. This is much faster (takes about 1 minute) because you don’t have to restart your PC. Open the windows services panel (fastest way: Start/Run/“Services.msc”) and find the “COMODO Internet Security Helper Service.” You’ll notice that you can NOT stop the service from this panel (the stop button is grayed out). Leave the services panel open and then open your Comodo/Defense+/View Active Process List; right click on COMODO cmdagent.exe and click “terminate.” Now return to the windows services panel and restart the “COMODO Internet Security Helper Service.”

Now go back to your Comodo main panel/Summary and click on the latest virus definition date link. The virus definitions should update normally (this will take a few minutes) and should continue to do so for several days. When it fails again, just go through the workaround again and you should be good for a few more days.

I still don’t know why the virus definitions updates fail every few days. For awhile, I thought it had to do with my ISP’s DHCP lease renewing automatically every few days with a new IP address. But I have experimented with this a bit (killing my PPP service or just turning off my DSL modem and restarting) to get a new IP and this doesn’t seem to affect Comodo’s virus definitions updating ability at all. So why it fails remains a mystery, but the workaround is so easy that I stopped worrying about it.

Thanks for the responses :slight_smile: Yes I have read the entire thread of course and I may well try the 2nd suggested work-around at some point BUT I’m not overly happy about effectively hacking things to attempt a fix right now and WITHOUT first understanding what the problem actually is. In any case, I can be 100% certain that it isn’t an admin rights or IP issue and as I reboot at least once daily as a matter of routine, rebooting doesn’t help either. I can also be 100% certain that even if the problem has in fact happened before at some point over the past several years, it’s also fixed itself without me doing anything at all ! It’s also worth bearing very much in mind that there should not have been any genuine updates to this application (other than to the virus signature database) for a very long time and therefore there is no plausible genuine reason for this problem to have occurred other than due to a dodgy virus signature database incremental update. Something quite clearly happened on or shortly after 26th Jan when update #17678 was installed and/or on 28th Jan when Comodo apparently downloaded and installed some kind of Ad campaign behind my back which can never work as intended because it appears to be completely incompatible with the version of CIS that is currently installed.

I think I’ll leave things exactly as they are for the next few days just out of morbid curiosity to see if the problem does indeed go away. However, if it doesn’t then I’ll be manually updating the entire database to whatever latest version is available for download at the time. I’ll quite obviously be doing it with Comodo and Windoze shut down so there shouldn’t be any issues with locked files or other problems. If that doesn’t permanently fix the problem and/or the problem returns again in the future then I’ll have no real option but to seriously consider dumping Comodo completely and installing something else. An ‘unreliable’ security application does not in any way provide a good feeling of being in any way secure !

I think I’m reasonably confident now that I don’t have a really serious problem here ( famous last words and all that >:-D ) but I’m sure that most people can understand why I’m concerned and need to get to the bottom of what exactly is going on. We’re not talking about some random and totally unimportant/unnecessary facebook or whatever application here, Comodo is a fundamental security application. A security application shouldn’t suddenly stop working or suddenly start behaving strangely after being in use without issue for several years. A security application shouldn’t suddenly need hacking, tweaking or even reinstalling or whatever without there being a VERY good reason for having to do it. A security application and it’s provider should ALWAYS be 100% trustworthy 100% of the time. The worst scenario bottom line here is pretty simple really:


The security product that you’ve been using continuously for several years without experiencing any significant issues whatsoever suddenly develops some strange and totally unexplained problem


There are currently no known general issues with said security product


Other users of said security product are definitely NOT experiencing the same problem(s) as you are


One of the more likely scenarios (if not the MOST likely scenario) is that your system has been compromised thus rendering your security product(s) worse than useless because not only have they quite obviously been disabled but they’re quite possibly under the total control of an unknown 3rd party and therefore more than likely very busy doing the complete opposite of what they’re actually intended to be doing !!!