I installed CIS 2025 is now LIVE! Comodo 2025.
Yesterday, likely following a full system scan, I noticed CIS 2025 cmdagent.exe process was flagged as “Unrecognized”.
To me, this came with some surprised, why would CIS 2025 executables not be flagged as trusted?
I think this issue warrants attention.
What are the implications of this file being flagged as “unrecognized”? Is it ultimately whitelisted elsewhere, so none of the file ratings will have an impact?
Why is it not flagged as trusted?
Additionally I noticed the file has 2 digital signatures, one of them was revoked. Why deploy this version with 2 different signatures, a revoked one, and not a version with only the valid signature. This could raise security concerns no? Or eventually be taken advantage off, if it becomes normal for comodo to push files with revoked signatures?
Hello friend, I think you misunderstood the certificate was not resolved.
What @Dubliner said was that whoever has CIS 2025 installed is protected. According to him,
But I think the security is compromised.
I really agree with you to a large extent, the trick is to be patient.
What worries the vast majority is knowing whether they are protected or not, even though the moderators and other people say that they are, we are always left with this doubt, until it is proven otherwise.
Up to 2 weeks to provide a version with a new certificate is unacceptable unless you plan to include additional bug fixes. Why not just use the same certificate that is used for the 8012 build as a quick fix until you are ready to provide a true updated version?
I was bored have found out why the UI was failing to load for me but works for some others, as well as with a solution. It seems to be something related to using a custom CIS config instead of the 3 default ones. but just toggling from my custom config to the stock ones seems to have been all that’s needed to make the UI get back to working, Unfortunately I see no way to do this through a simple CLI flag so I had to do it through the registry.
boot into safemode
open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\CisConfigs
set the “Active” key from 3 to 0
reboot
now the UI works perfectly and I can even load my custom config and it stays working even after subsequent reboots, I don’t know why this solution works, to me it doesn’t make much sense but if I were to take a guess the configs are hashed against the binary which becomes unrecognized and just by changing to another config it has to re-hash the “invalid” one.
i didn’t try yet but i wonder why it works. It you set your custom config after the reg modification with ui, do the registry report again the previous config number before the modification?
It reflects the COMODO’s current status
that fulling of inefficiency and incompetence in handling and resolving issues, just like it doesn’t fix so many long time persistent bugs.
Yes, “Active” goes back to 3, I also did an export of the registry keys in safemode comparing both and there was no difference made to anything under the 3 subkey (my config), yet it works perfectly. I also exported my config through the UI and it’s also identical when I ran a diff against my original config file.
I’ll never give up my custom configuration.
I’ve put it in place over the years.
For me, Comodo CIS without custom configuration is no Comodo CIS at all.
For the moment, all this is shaky and does not ensure, despite what I’ve read, full and confident security.
I’d rather wait for the patch in 15 days
I made a new evaluation scan today. There is only one file that is not recognized. This is the file tdt.dll. This is in the folder \COMODO Internet Security
I am using version: 12.3.3.8140
When will users get an explanation of what happened to the certificates?
What do you mean when an explanation will be given? There has been alread.
Well, it doesnt explain exactly, how it could happen. But given that the certificate has been revoked, was supposed to run out in 2 months and there will be new files, my guess is they wanted to renew them but by mistake old ones got revoked. Likely it takes this much time cause they were going to release a new version anyway but need time to build and test everything.
