Comodo Firewall: Loads too late to provide boot-time protection

From looking at some nasty pests and when they load, it appears they start before Comodo’s firewall is even considered to start during Windows startup. That is, and as examples, programs listed in the BootExecute and WinLogon event registry keys are loaded before CFP is started. That means there is a window of opportunity in malware (or even with goodware but which you want to restrict network connects or access rights) to run before CFP could block it. The firewall can’t block the connect because the firewall hasn’t even started loading yet (although I mention a possible technique in the other thread to kill networking until the firewall has fully loaded). The HIPS function cannot restrict access rights to the program because CFP hasn’t been loaded yet.

I’ve used other firewalls that had an option to disable networking until the firewall program got loaded; i.e., they provided boot-time protection. CFP doesn’t seem that have that level of protection or it is not documented. For HIPS, CFP cannot restrict access rights to anything until it loads, and since CFP loads as an NT service then it loads too late to control boot-time programs.

inspect.sys and cmdguard.sys are loaded as kernel level drivers to provide boot time protection.

Thanks for that information. Nice to know that CFP is protecting starting from boot-time (when the drivers load at the start of Windows load). Thanks again.

I was using comodo i feel its good …but i reinstalled OS n so comodo…but windows wont boot in normal mode with comodo…When i uninstal comodo in safe mode n reboot in normal mode windows boots normally…

Hi Madhav,

Can you please post your OS details.
Windows version, language, 32/64bit, OEM version ?
ANY other security software installed no matter if it’s on-demand or real-time
Can you explain a bit more about the "won’t boot, what are the symptoms how far does it boot ?

Are you using CIS 3.12 as installer ? and are you using the English language version ?