Comodo Firewall 7.x-11.x [cavwp.exe]

Would be interested to understand why does Firewall only setup load ‘cavwp.exe’-executable while only firewall is enabled?

  • Website Filtering: disabled
  • VirusScope: disabled
  • Contaminent: disabled
  • HIPS: disabled
  • File Rating: disabled

Also, it’s odd that Comodo Firewall 11 uses 3 background processes beside 1 service and 4 drivers. Not even sure why Comodo needs filesystem filtering while it should only filter/monitor network traffic. Of course I mean no offense and I understand that building ■■■■ around almost perfectly build firewall is nice way to market things, but curious couldn’t these features all be separated while installing and made attachable by plugin installing system or something?

Because if you don’t protect the firewall process from access from malware, both file, and fileless, it would be too easy to bypass the firewall.

I can understand protecting firewall processes (cmdagent.exe) and gui (cis.exe / cistray.exe), but as I understand cavwp.exe doesn’t protect the access to firewall service / process. As if it would you couldn’t kill the process while comodo firewall is still working normally, so, I can only assume it’s a anti-virus left over, bypassing comodo firewall itself is single command (registry key, scheduled task, driver) at normal user rights no matter what you load with firewall service.

A bit of protecting processes / security solution below remark, but since I refer to other products there added it as offtopic.

Offtopic remark
Some of security companies has tried to protect their processes by creating so called security hidden user with lowest level access and making services controlled by this user which actually works quite well (namely Symantec and Avast uses these kind of hard to delete services). Of course as I am “coder” myself I understand that also brings difficulties while updating the installing product.

-edit / further more-

Hmm, now that I think of the ‘cavwp.exe’ running, understanding above. I could ask same question about ‘cis.exe’.

Why is comodo GUI running at background. As you need only 1 process (if even that utilizing user security by Microsoft) to protect the ‘cmdagent.exe’.