Comodo Internet Security 2019 Beta (v12.0.0.6798) is now available for download.

Hi All,

We are pleased to announce that Comodo Internet Security 2019 Beta (v12.0.0.6798) is now available for download and beta testing feedback.

NOTE: Beta versions should not be run on production machines.

Online Setup Details:
In order to install online setups, please ensure you have following entries in Windows hosts (c:/windows/system32/drivers/etc/hosts) file:

Comodo Antivirus

Size: 5.3M ( 5470872 )
MD5: 57cb72cfe4cc587046abe01afa888cab
SHA1: 17cfeb5862a527cb85751b5dc9b2eb88d0318aad

Comodo Firewall

Size: 5.3M ( 5470872 )
MD5: d1cd97da552060d8f872deb2e7ffd580
SHA1: a8312166c1b7d04262e7b8de1fc3b3aa35b2d2bd

Comodo Internet Security Premium

Size: 5.3M ( 5470872 )
MD5: 80e269c384b6cbd204e081595ea78985
SHA1: 24363df9a40cb86e01d3e0529164fa2ba163faeb

Offline Setup Details:
Comodo Internet Security Premium (Firewall and Antivirus only)

Size: 72M ( 75228600 )
MD5: c3d462cf583b8db18f256db4634ca40b
SHA1: 1031469a77a2c7d9f995c354f502b2007de988f9

New for CIS 2019:

  • Full Microsoft Redstone 5 Support.
  • Long path and case sensitive filenames support.
  • ELAM protection.
  • Extended Containment Rule “Created By” criteria with “Rating” attribute.
  • Extended sanbox rules with a vendor as a criteria.
  • Extended Vendor List with User rating.
  • “Heuristic Command-Line Analysis” and “Embedded Code Detection” for scanning and monitoring of auto-run entries.
  • Powershell_ise analysis support.
  • Option to automatically scan plugged-in devices.
  • Simplified installation.
  • First network zone detection is performed in background.
  • Widget is hidden by default but can be changed with an install setting available through the Options button.
  • Updated AV engine.
  • Overall performance and stability improvements.
  • WDSC integration performance and stability improvements.


  • Fixed extended OS boot time in some cases.
  • Fixed defect where full scan fails in some rare cases.
  • Unrecognized file does not launch in Sandbox second time after first viruscope detection.
  • Defect where ‘Cmdagent.exe’ consumes 40-50 % CPU constantly in some cases.
  • Rules for Website Filtering can’t be added if all rules was deleted.
  • Uninstall of CIS Premium is periodically failed.
  • cmdagent.exe unexpectedly terminates in some rear cases.
  • Defect where cmdagent.exe unexpectedly terminates after install CIS with Secure Shopping on XP.
  • Sandboxed .bat scripts are displayed as cmd in active processes list.
  • Containment resetting process takes a long time in some cases.
  • Not able to play videos in Facebook inside sandboxed Opera.
  • BSOD when playing Freeridesgames games

Known issues:

  • CIS icon is not displayed in Task Bar after upgrade from Leon 11 to Wonder 12 BETA.
  • It is impossible to run CIS by its shortcut on Desktop after upgrade from Leon 11 to Wonder 12 BETA.
  • Settings will be lost if installed over all previous versions of CIS. ‘Installer’s state cannot be saved’ is displayed during Wonder BETA install over a previous CIS version (please use clean install or updates)

Please check fresh installs and updates from previous releases.

Please give your valuable feedback! :-TU



Thanks Shane - clean install coming up later this evening :slight_smile:

Thanks megaherz33 and Ploget. :-TU

update av engine. this sound good.
i’ll give a try on virtual box.

Clean installed with no obvious issues so far.

Useful: As per my suggestion to disable Trusted Certificates (/vendors) I am very happy to see you can now do this by simply untrusting them.

Unsure if useful: Also interesting that you can now separate Script Analysis based on if it is classed by CIS as a startup item or not. I’m not sure how useful this is though as scripts that are not startup items can be used for malicious purposes too… So is it not best to treat both with maximum security anyway? I’m on the fence with that one.

Useful: I find ‘apply selected action to unrecognized entries related to new/modified registry items’ potentially very useful (although I find the title very confusing) for potential exploit vectors. However… this is only useful if the default it set to something other than ‘ignore’. If you can get this to something other than ignore by default without causing too much disruption, then this would be impressive.

Great work on version 12!!!


Pseudo File Downloader Containment Rule:

I would add the ‘Email Clients’ File Group to the ‘Pseudo File Downloaders’ containment block rule. This is so it blocks Pseudo File Downloaders opened from both Web Browsers and Email Clients. Some email clients are able to open web pages within the client. Thunderbird for example. Therefore they also need protecting in the same way web browsers do.

Containment Criteria Naming:

I think that maybe ‘File created by applications’ should be renamed back to ‘File created by processes’.

This is so both options now read:

'File created by processes
'File started by processes

This avoids confusion so people know there is no difference between what is described as ‘processes’ or ‘applications’ in the context of these two options.

What about “Ask” option for AutoSandbox?

It is the option I was looking forward in Beta 12.

Congrats for the brand new version entering 2019. Run smoothly here with clean installation on Windows 10 x64 1809.

PS: Wow, Leon and Wonder is the internal code, right?

I did a clean install and imported my configuration from v11.

First impressions. The erroneous security center notifications on boot on Win 10 1809 (17763.316) x64 that the AV needs updating are gone. There already was a program update. It turned out to be for the eula.rtf.

The AV now scans a folder with installers and other archives faster. A first sign of performance improvement. Opening Explorer and Control Panel seems faster; it feels snappier. Opening Creative’s Soundblaster X Fi control panel is faster; it is no longer sluggish. XnView opens faster including enumerating the thumbnails. :-TU

Clean install this morning and imported last modified Proactive Config on a Win10 system and after reboots, it’s been running for a while . . . it appears faster and the delay I needed on this system, prior to logging on (to stop the odd Security Centre Firewall warnings), is down to about 5 seconds now, which is fine by me

But . . . . . . . .

  1. For some reason I have had to add Firefox to the exceptions to HIPS Interprocess Memory Access Rule, to stop the Logs being filled with Access warnings, which has never been needed before. It went up to over 80 before the entry

  2. The same for GP Software Directory Opus, which I’ve used for years, but is now getting the same Access warnings

  3. Also, how do you go about deleting anything from the Trusted Vendor list? I’ve changed Ratings etc. but still get the message as shown

Edit: Having run it now for the whole day, HIPS is warning about virtually every application trying and being blocked for memory access in cavwp.exe. I haven’t changed any settings from 6778 and HIPS is in Safe Mode as before and have tried clean installs both offline and on - HIPS now up to 450 and counting!!

Yay, glad to see the Opera bug is fixed.

The AV updates are not served by the beta server. To be able to update the Proxy and Host settings or the Hosts file need to be changed to the regular update server again. Make sure you have downloaded the extras from the beta server before switching.

When doing a program update it will not provide an update back to the latest stable version.

I noticed Avira was being blocked by the Firewall. All running processes seem to be trusted.


Can someone please explain in more details about how the new Registry monitoring settings works?

I find this confusing. An explanation to exactly what is protected under what conditions would be much appreciated!

I have been setting up a fresh Proactive Profile and noticed that Killswitch/Watch activity does not show up as option under Tasks in Classical Theme and Modern Theme but will show up in Lycia and Arcadia themes. I don’t know if this a regression or something longer standing.

When the Settings and Logs screens are maximized they use the whole screen covering the task bar.

Edit: the problem with maximization was also happening with other programs. I fiddled a bit with Task bar settings and that fixed it. I don’t know what happened and solved it.

Can you see what happens when you disable Do protcocol analysis and Block fragmentend IP traffic?

Can’t seem to get it to be blocked again. Maybe it was on install only. Nevermind. If it happens again I will try to keep track and try what you suggested.

I was waiting for this too.

Tested it out, Opera, Facebook and the sandbox are working well together! :smiley:

My computer started to act weird. It started to become unresponsive. Windows 10 x64 (1809 17763.316).

Several programs were getting unresponsive and could not be closed (or closing took too long and I nuked them with task manager). Starting new applications would take long. At a certain moment it seemed like they would not start. Windows Store Apps would start but as the screen was there it would sit there doing seemingly nothing.

I could not reboot the computer from the Start Menu or by using alt+F4 from the desktop. Windows would simply not respond to the request to reboot. Ctrl+Alt+Del did not bring up the choice screen from where I could have tried to reboot.

After the reboot Windows Security Center states Comodo AV and Firewall are not active I will reboot now to see if the registration with WSC changes.
Event viewer shows nothing of any importance. I am going to reboot now and see if the registration with WSC changes.

Edit: I rebooted twice. It takes WSC a minute or more to see the AV and Firewall are active but after that initial period it says things are hunky dory. Initially it will say the Firewall is not active while it is still assessing if the AV is active. Eventually it says all is fine without alerting the user with a pop up above the systray.