1). Do you suggest or recommend to both disable VirusScope and a Cloud AV lookup in any case?
3). I always had (and still have) HIPS enabled and it takes a steep learning curve how to use it and how to respond to its popup Alerts.
HIPS isn’t an easy feature to learn and to use but it’s powerfull but certainly not as powerfull as a Sandbox or Containment, I fully agree.
Sandboxing is my preferred way too to run things that I don’t trust.
4). Thanks for the tip!!!
Therre is absolutely no need to disable either VirusScope or the Cloud lookup. ASomething that is often missed is that VirusScope (or Cloud) will detect/block/delete malware that is in the database WITHOUT a specific AV popup- for unknown malware you will instead see a “file is blocked” Containment popup instead of a "file is being run Restricted (or whatever).
As far as the HIPS is concerned, unless you like popups the sandbox (as well as the firewall on Safe Mode) is more than adequate.
Yes, I know that 
I was referring to Microsoft’s lack of solution with their updater. When you read on M$ forum “reinstall the system, refresh it” again and again - it’s aggravating. I apologize
any tips for best security configuration on this new cis edition?
I wish I could tell. I can’t even install it on Windows 7 - it requires some policies that probably don’t exist on this version of Windows… Only Windows 10 it seems.
Ok, so here is my result of installing CIS premium v12.2.2.7036
After clicking the Finish button CIS asked me to reboot the system, so I did.
After reboot, and waiting a small amount of time for the tray icon to appear, I opened up CIS made a couple of changes in several settings to my preference and exported the CIS Configuration file on my system.
All I can say for the moment is, is that the installation of CIS premium v12.2.2.7036 on my system went very smoothly.
I did not encounter any hiccups during the installation phase.
I don’t know what the future might bring when using CIS premium V12.2.2.7036 but so far it looks good.
Thank you Comodo!
Maybe a stupid question cruelsister but do I have to install the COMODO Antivirus component for this to work or does it also work for the Firewall only installation of CIS premium?
Thank you.
Hmm, I didn’t try to exclude AV module… maybe I should try?
CISfan- If you install Comodo Firewall both VirusScope and the Cloud AV (which can be seen as Enable Cloud Lookup in File Rating Settings) are both enabled by default.
With CF (vs CIS) you really will only lack the on-demand AV scanner (which is of dubious value).
Ok, I understand thanks.
I didn’t install the Antivirus component because I’m already using another product for that for years now (sorry Comodo).
Do you maybe have more tips (about do’s and don’ts) regarding the CIS configuration settings or are the default settings sufficient?
Many thanks.
If your installation does proceed to that point (so if you are able to select the components you wish to install) I would certainly give it a try.
Although it is puzzling why the Antivirus component wouldn’t install for you.
I just made an eicar test using all possible configurations as HIPS+Containment disabled/only one of them disabled a.s.o, with custom configs and included configurations.
Either the testfile wouldn’t allowed to downloaded or it would recognized as “dangerous” file. All tests successful.
I have few problems.
Installation - problem with permissions > restart > Uninstall CF by CIS cleanup > restart > problem with permissions > install CF > problem with permissions > restart > install CF > success
Installation Killswitch > error > other error > another error > yet other error
Sorry for my English.
There is some possibility how to install Killswitch?
Thank you.
I tried CIS 12.2.2.7036 on Windows 7 64-bit updated to January 2020.
No other security products have installed.
Steps:
Issues:
I found some possibly related system log.
I gave CIS 12.2.2.7036 another try.
Steps:
Uninstall CIS 12.2.2.7036 using Comodo Uninstaller 3.0.0.41 in safe mode.
Reboot.
Install CIS 12.2.2.7036.
Reboot.
→ Windows stuck at “Please wait” screen for a minute after reboot.
Import previous configuration.
Reboot.
→ Windows stuck at “Please wait” screen for 20 seconds after reboot.
Remove vendors except Comodo, Microsoft, Intel, AMD and Realtek.
Reboot.
→ Windows stuck at “Please wait” screen for 20 seconds after reboot.
Import and online update virus definition database.
Reboot.
→ Windows stuck at “Please wait” screen for 20 seconds after reboot.
The system was relatively stable for a day.
cis.exe sometimes crashed with error Application Popup 26
‘COMODO Advanced Settings: cis.exe - Application Error: The instruction at “0xdedcab77” referenced memory at “0x0bb77610”. The memory could not be “read”.’
when closing Advanced Settings window via OK or Cancel button.
Microsoft Windows security auditing 6281
‘Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
\Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll’
was generated even when successfully login.
The system was then shutdown for 8 hours.
Login always failed with error “Windows could not connect to the System Event Notification Service service.” again after boot.
I installed CIS 12.0.0.6882 after that.
Windows shows “Please wait” screen for 2 seconds only.
There are no issues like those of 12.2.2.7036, except cis.exe sometimes crashed with error Application Popup 26
‘COMODO Advanced Settings: cis.exe - Application Error: The instruction at “0xdfa3ab77” referenced memory at “0x0c0b32e0”. The memory could not be “read”.’
when closing Advanced Settings window via OK or Cancel button.
There have been several posts re. Windows 7 and yet no reply from Comodo. I’m starting to get worried that Comodo is abandoning W7 and we’ll be stuck with an old version of CIS.
à > Nunzio,
I suggest this action:
[7556] Log started: 20/04/27 09:19:00
[7556] Command line: “C:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe” -type local -uninstall -theme lycia -log
Command: ; args(0):
Command: ; args(1): ,
Command: ; args(1): ,
Command: ; args(0):
[7556] App version: 12.2.2.7036
[7556] CIS ID: {DE000B**************CC}
[7556] User: 1954
[7556] User is admin: 1
[7556] User is system: 0
[7556] Parent process: 3060 = \Device\HarddiskVolume2\Windows\System32\dllhost.exe
[7556] Memory: Total 8190 mb, Free 6391 mb
[7556] Disks: C (207979 mb)
[7556] Session 0 (Services), user (), state 4 (active: no)
[7556] Session 0 (Console), user (1954), state 0 (active: yes)
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:124 >> Also test GetNativeSystemInfo: its said Processor Architecture is PROCESSOR_ARCHITECTURE_AMD64
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:141 >> User is Admin: YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:142 >> Windows Version test: x64
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:143 >> Windows Version test: SERVER - NO
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:144 >> Windows Version test: XP - NO
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:145 >> Windows Version test: XP or VISTA - NO
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:146 >> Windows Version test: XP or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:147 >> Windows Version test: XP SP2 or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:148 >> Windows Version test: VISTA or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:149 >> Windows Version test: 7 or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:150 >> Windows Version test: 8 or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:151 >> Windows Version test: 8.1 or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\appcheck.cpp:152 >> Windows Version test: 10 or higher - YES
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\applicense.cpp:61 >> Data blob loading result: 1
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:464 >> Cannot read binary value from ‘LicenseKey’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:319 >> Cannot read dword value from ‘TKey required’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:464 >> Cannot read binary value from ‘SubscriptionID’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:319 >> Cannot read dword value from ‘KnownCamUser’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:464 >> Cannot read binary value from ‘ABC login’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\applicense.cpp:122 >> License loaded
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1822 >> File ‘C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll’ signer is ‘Comodo Security Solutions, Inc.’
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1822 >> File ‘C:\Program Files\COMODO\COMODO Internet Security\themes\ilycia.set’ signer is ‘Comodo Security Solutions, Inc.’
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1822 >> File ‘C:\Program Files\COMODO\COMODO Internet Security\7za.dll’ signer is ‘Comodo Security Solutions, Inc.’
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1822 >> File ‘C:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe’ signer is ‘Comodo Security Solutions, Inc.’
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1822 >> File ‘C:\Program Files\COMODO\COMODO Internet Security\cmdres.dll’ signer is ‘Comodo Security Solutions, Inc.’
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\network\usagestatistics.cpp:35 >> Send User Stats CIS’ option enabled: 0
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\apps\cisapplication.cpp:375 >> CIS ID loaded from registry: {0E9AFD45-C3BA-41D1-B54B-495A22CB3409}
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\applanguage.cpp:156 >> 27 languages loaded
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\base\applanguage.cpp:97 >> Applying language 1036
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\installerapp.cpp:1141 >> Mutex created (app type Global{4FF9C456-DEAA-4A31-89A1-41F782798DB0})
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\installerapp.cpp:1145 >> Mutex created (block all Global{A38AE876-E670-4CEE-8866-CE62B6FD58E1})
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:319 >> Cannot read dword value from ‘PendingRebootAfterInstall’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\tools\regtools.cpp:46 >> Cannot open key ‘SYSTEM\Software\COMODO\Firewall Pro\VolatileData’: 2
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\apps\cisapplication.cpp:116 >> CisFeature AV / FW installed: yes / yes
[7556] 9:19:0 c:\workspace\cis_um\installer_cmdinstall\apps\cisapplication.cpp:116 >> CisFeature AV / FW installed: yes / yes
SCITER 9:19:9 >> id(id_repair), type(button), action(), cmd(0: button), reason(1)
[7556] 9:19:9 c:\workspace\cis_um\installer_cmdinstall\apps\cisapplication.cpp:1014 >> Trying to start CIS diagnostics…
[7556] 9:19:9 c:\workspace\cis_um\installer_cmdinstall\tools\tools.cpp:1268 >> Starting process: “C:\Program Files\COMODO\COMODO Internet Security\cis.exe” --diagnoseUI
[7556] 9:19:9 c:\workspace\cis_um\installer_cmdinstall\base\applicense.cpp:198 >> Saving license: Activation successful: 0, CIS installation: 0, Installation successful: 0, IgnoreState command: 0
[7556] 9:19:9 c:\workspace\cis_um\installer_cmdinstall\base\applicense.cpp:202 >> Data blob loading result: 1
[7556] 9:19:9 c:\workspace\cis_um\installer_cmdinstall\installerapp.cpp:751 >> Installer’s exit code: 0
[7556] Log ended: 20/04/27 09:19:09
V12.2.2.7036 on Windows 7 64-bit
I have to admit that I also do notice an increased boot delay between the disappearing black screen with the “Starting Windows” text on it and the blueish screen prompting for the logon password. During the delay the spinning/turning circle with the text “Please Wait” is shown.
I tried many reboots, the delay on my machine varies randomly between approx. 7 and 20 sec.
Well to be fair even Microsoft have abandoned Windows 7…
Then Comodo has to be fair as well and make the same statement, isn’t it?
For those who are interested I’ve attached a Windows 7 boot log screenshot showing that “cmdagent.exe” is eating away quite some seconds.
First column shows “Relative Time” from boot start 00:00 down to 02:31 when boot process finishes.
Second column shows duration. The first (second line) entry of “cmdagent.exe” is the one that delays the boot time at the “Please Wait” screen. Also further down there is another instance of “cmdagent.exe” eating away more then 10 seconds. This one is the time delay for showing the CIS tray icon on the desktop (takes to my believe also longer then for the 6882 version).
Note:
The events in the boot log have been filtered to only show events that take more then 1 second to complete (see status bar at the bottom of the screenshot for the total number of events that are recorded).