This topic could belong in either Firewall Help or Defense+ Help, as it spans both.
In the latest CIS release, 3.9…509 (possibly in all 3.9?), the default install has (among others) three File Groups: Windows System Applications, Windows Updater Applications, and Comodo Internet Security.
Comodo Internet Security, not surprisingly, contains several files in the Comodo installation directory. However each of the other two file groups contains, besides Windows system files, a single file in that same Comodo installation directory: Windows System contains cavscan.exe, and Windows Updater contains cfpconfig.exe.
Can anyone shed light on what cfpconfig.exe, and especially cavscan.exe do (there is a little information about cfpconfig.exe in a few posts, but nothing at all about cavscan.exe)?
Now I’m wondering why these two files are in these file groups rather than the Comodo file group, and my specific question is whether it is safe/helpful/desirable/or-at-least-not-harmful to move those two files into the Comodo file group?
This question involves two parts, since each of these three file groups has an associated firewall policy and an associated computer security (Defense+) policy.
Looking first at the firewall policies, Windows System allows ALL outbound, as well as ALL to/from [LAN]. Comodo Internet Security also allows ALL outbound (this of course includes outbound to the LAN); nothing more. So, does cavscan.exe require input from the LAN?
Similarly, Windows Updater allows All TCP/UDP outbound; nothing else. Since Comodo Internet Security allows ALL outbound, would granting cfpconfig.exe outbound ICMP, IGMP, etc. pose any security risk (one would like to think not, since it as a part of the security suite)?
Likewise for the Computer Security (Defense+) policies. Windows System has all access rights, except Run Executable, which is Ask. But the Allowed Files for Run Executable include *, so effectively Windows System has full rights with no limitations. Comodo Internet Security doesn’t have * for Allowed Files, so Run Executable would ask the user, but it otherwise has full access rights. It does, however, have some Protection Settings: Interprocess Memory Accesses and Process Terminations, whereas Windows System has none.
Windows Updater has all access rights set to Ask; nothing is blocked. It has no Protection Settings.
Anyone have any thoughts on moving cfpconfig.exe and cavscan.exe to the Comodo Internet Security file group?