Comodo Internet Security 2024 v12.3.1.8104 beta

Sorry…I just encountered another problem…

1. I decided to trust DivX and install it
2. For this I decided to stop Comodo CIS during the installation.
3. Problem: While I have a code that prevents modifications and actions in CIS, to exit CIS and stop it, I was not asked for any code…
   (I stopped it by right clicking in the taskbar)

I don’t know if this is an error or a function oversight.

Most security software whose functions are locked with a code prevents it from being stopped without this code.

No one wants a 10-year-old child or an inexperienced employee to come and stop the antivirus, even though the owner has set a code to prevent this.

Relation to DivX
Installing was successfull a.s.o. I don’t like to try out such software. But I did it because of interest and deinstalled it again. I didn’t have by now warnings only one warning by KVRT after installing BETA2 and this issue was solved by KVRT. Found in hosts.
With DivX deinstalled I started the PC and got prompt: Threat found! Not by KVRT.
So, I never again will try such software and this has shown that you not know what someone do with there pc - the reason for some issues!?
My PC runs with BETA 2 und comodo protects it.

image1919×1052 93.5 KB

Good morning,

For information :

When in the firewall management, in the settings, you do a search within the applications (example “Adobe”) and you create or modify firewall rules among these results, after each modification , we lose the search result and return to the complete list.

I think it would be better to stay in the search result.

The opposite makes things more tedious, like the good old days of Windows XP.

Thanks for thinking about it

In my case, there are 4 results for “Adobe”, checking all 4 of them also does not open the modification of the 4 rules successively and/or simultaneously for the 4 occurrences. (otherwise, why allow several to be checked)

And when we close the modified rule, the alphanumeric search value is still present in the search location, but clicking on the search tool function again will do nothing.

That is, in my case, “Adobe” is still there, but clicking on the search tool function again is ineffective.

This requires, in addition to having to start the search again, to have to erase the previous search to enter the same (identical) one…

(Please do not ask me to take a video capture for you, a test must be conclusive on your CIS too)

(Unless my explanations are misunderstood

image1918×1053 104 KB

If we only consult, without modifying, when we close the rule consulted, we return to the search result. 5steps in case of modification)

Additionally, in the right column, we can only read “Custom”.

It would still be good if we could see in two other columns, the connections which are refused or accepted by the individual rules. At least when everything is accepted or when everything is refused.

It is impossible to get an opinion quickly without opening all the rules individually, which is very tedious…

the “threat” was found by who?

Concerning DivX, which is still quite famous (it is even installed on my TV), I use “UNCHECKY” which protects me from bundles added by certain installations.

Otherwise, there is Virtualbox to try software.

The “Threat” did not end up in the automatic containment of Comodo CIS?

Suggestion: add an exit button on Comodo Internet Security.

I’m running the stable version of Comodo and I think this issue can be present also in this beta 2024: sometimes Windows (Even Windows 11 23H2 most recent iso today) can have the explore service that restart. In this case the Windows desktop is refreshed and the Comodo Icon is no more showed in the task bar, near the Windows Time.

I can open Comodo from the Desktop link but there is no way to exit from the Comodo program I mean close Comodo to restart completely. If I close with the X is not really Closed Comodo just the WSindow is closed and once I reopen it the icon in the task bar is not showed because I need completely exit from Comodo but I can’t. The only way to exit from Comodo seems to be from the task bar where now the Comodo icon is no more showed. I need restart the PC.

I hope you can add a way to exit from Comodo also in the program, not only in the Task Bar Icon and also you can fix the issue that if explorer is restarted, the Comodo icon is no more showed.

Hello !,
Would it be possible to add a feature to Comodo CIS that would limit or control outgoing NTLM traffic to remote servers?

My thoughts are:
You can simply create a block outgoing rule to port 445 for those apps you wish to restrict NTML traffic for or create a global rule but give that it relates to Microsoft Directory Services, it might cause some connection issues.

Having said that, if you set the Containment Level to Restricted by default, any application/malware etc or any child process of that malware will have it’s network connections blocked if in containment.

You can set very specific port blocking rules but I don’t see the necessity of it that port/protocol needing to be restricted with containment and firewall in safe mode but CF can be highly tweaked and running the firewall in Custom Mode would pop-up new connection requests.

@ Varan-de-C0m0d0

I didn’t feel like dealing with this software any further and restored my last backup. I had installed it in the sandbox.

Hi Varan-de-C0m0d0,

Thank you for reporting.
We will check and update you.

Thanks
C.O.M.O.D.O RT

All right !
Understood.
It’s normal.
If we had more time, we would go work at Comodo

I notice another problem:

I save my configuration to the external drive (let’s say D:).

If I want to save it again, the path to the configuration backup folder is remembered and will open in the correct location. GOOD !

Now if I send a sample for analysis to Comodo and it is on disk E:, Comodo CIS will remember this folder when I want to save my configuration again and vice versa. (Less good)

Comodo CIS does not know how to remember folder paths for each use.

If I want to send a sample or make a specific rule for an executable, I can end up in the configuration backup folder. And if I want to save it, I can find myself in the folder of an external disk which no longer exists or that of my last application firewall rule.

I know, it takes more work to correct this, but it would give a more accomplished and better finished impression.

And the reverse suggests that CIS is a little confused…

image1919×949 128 KB

Is it normal that EaseUS Todo PCTrans.exe uses the IP address 224.0.1.2?

After a little research online, this is what I found. And this corresponds chronologically to the use of this software.

What I don’t understand, once again, is why Comodo CIS in the firewall log does not mention EaseUS Todo PCTrans, but indicates that it is the System itself.

At this point, all connections are requested by the system…

To find out if it came from Comodo CIS beta, I also tried with Glasswire Firewall. It doesn’t classify this as a system connection, but rather a software connection and even names the connection itself: “sgi-dog.mcast.net”.

Aside from all this, I don’t know whether to trust. Comodo CIS beta neither challenged me nor advised me on this subject. No annotations or windows appeared.

image1053×595 35.1 KB

So Comodo CIS no longer displays an alarm for new software connection requests?

I wonder if CIS would show an alert if it was no longer the default firewall manager then?

(Without being asked to check for myself)

As the application is both legitimately signed and countersigned as well as being vetted by Comodo, CIS will allow Network connections for it without any popups.

If you want the popups, switch the Firewall setting to Custom Mode and you will get just oodles of FW alerts including the PCTrans.exe connection out to 224.0.1.2.

Hello Cruelsister !

Thank you very much for the response. It’s nice to take the time to come and help.

The firewall is set to “secure” mode.

That said, I still wonder, as an average user, (please excuse me), why CIS mentions the system rather than the software (EaseUS)?

Precisely, thanks to the certificates and the signature, should it not present the precise identification of the executable?

(Surely something escaped me in the reasoning of the thing…)

image1919×1056 72.8 KB

Hello,

I tried to make a rule and I left it as an example.

I think it would be wise to take advantage of the new version to add two columns to the firewall rules window:

“activated” and “inactivated”.

This way, we would not have to destroy rules just because we would like to deactivate them for a certain period of time.

Or the opposite.

If the ARP protocol was included in the creation of the rules, I could have created one for a particular IP address, and for example, deactivate it while the device is in repair service (IP address released), to reactivate it at his return.

This being valid for all examples in fact…

First off, I do not quite understand what is meant by “Secure Mode”, nor on my computer is the application classed as “System”, but instead is referenced (as you correctly prefer) PCTrans.exe requesting connection to 224.0.1.2.

The issue that you may be having is that you have created Rules within the FW that are yielding that which you are seeing.

The MOST important thing about Comodo (either CF or CIS) is to NOT overthink things by playing with settings that one may think will cover perceived threats which really may not exist in reality.

Comodo is that very rare application that is strongest when tweaked least; deviation from this simple principle may lead to self-created issues and will often end in tears (or uninstallation, which for me is much worse). Use the settings that I have suggested in my videos and fear not, as you will be protected.

Please forgive me in advance if the above is either not helpfull or indicative of preaching.

meghan

Hi, I wanna share a Comodo experience with the test users and to Comodo staff.
I’m not a tester, I’m in a production PC when I run the current CIS stable that has some issues.

One of the biggest issue is that Windows 11 22H2 Pro is unable to upgrade to Windows 11 23H2 Pro with the Windows 11 Installation Assistant.

I run the Windows assistant twice and get, after a long time of waiting, a Windows blue screen and was not able to upgrade Windows. After this twice try I uninstalled Comodo CIS 12.2.2.8012 then restarted PC and run again the Windows Assistant and I was able to upgrade Windows.

So… Comodo CIS was blocking Microsoft software.
I use to activate auto-containment, euristic antivirus on medium setting and hips.

Also… after some day a program has blocked my PC so I tried to restore the PC back with the windows restore point. Also in this case Windows failed to restore the PC and usually this I think is caused also from Comodo. I was not able to uninstall so I need to format my PC.

I share this for tester to test better how Comodo works with Windows upgrade with Windows assistent or if made Windows restore point fail. In my experience Comodo can cause this issue, caused to me. When I unistall Comodo usually those issues are resolved.

I hope in a improvement in the 2024 version.

Thank you Cruelsister again for taking the time to answer me.
I hope this will also be useful to anyone passing by.

By firewall secure mode, I meant this:

image770×516 58.9 KB

On the other hand, I searched, but I couldn’t find it. Are your CIS tuning recommendations somewhere also in writing instead of by video please?

(If not, don’t, Thanks, I’ll try to find time to watch the video)

Otherwise, my problem is that I find that it has already happened that “reputable” software (so legitimately signed) sometimes ends up doing unsavory things. Intrusive telemetry is one example, but there are others.

Hello PeopleInside !

I had exactly the same problem. I had to do a clean install of Windows 11 Pro.

Then I used EaseUS ToDo PC Trans to repatriate everything from the virtual disk of the AOMEI Backupper backup.

It worked incredibly well!

Sorry to bother you again, but when I click on “Quick Scan (antivirus)”, or “Complete Scan” nothing happens…(in the functions start a scan).

It only works if I go to “advanced analysis options”