Comodo update fails but every other av tool works fine.

I’m working on the third WinXP box that has had a virus/rootkit on it that upon installing CIS, it won’t update. Every other program I use to clean the machines updates just fine. CIS on other machines on the same network all update okay, so it’s not the network. I installed Kaspersky and it updates.

What I’ve noticed is that on machines that will update Comodo, cmdagent.exe opens connections to Comodo’s update servers to get the job done. On the machines that won’t update, cmdagent.exe doesn’t open any connections at all. It is running and gets a few percent of the CPU usage when I try to get Comodo to update by clicking Never Updated. I’ve even gone as far as using Process Explorer 11.66 to see if I can get any more info about why it fails. The only thing else I’ve seen is that when I open the Properties box for cmdagent.exe in Process Explorer and click on the TCP/IP tab and then try to update Comodo, is that once in a while, a TCP connection appears from localhost:12xx to localhost:5577. On the two previous machines, I wiped and reloaded Windows, then Comodo worked. Don’t really like doing that tho.

Any ideas of what I can try?

CIs uses the IE settings to update, make sure that the Internet explorer connection settings are set to stock.

I’ve checked the network adapter settings and everything is set correctly. I’ve check IE settings… no proxy servers set all other settings are correct. I’ve turned off Windows firewall, and Comodo’s sandbox, defense+, and firewall. It still won’t update. I’m going to see if I can turn on network logging to see if I can glean any info there.

Did you change anything in hosts file?

Oh yeah. I updated it with the MVPS hosts file (Blocking Unwanted Connections with a Hosts File) and then let Spybot S&D immunize which also updates the hosts file. But to make everyone here happy, I restored the original hosts file so that it only contains the 127.0.0.0 localhost line and tried updating Comodo to no avail.

Also, while working on this problem and based on the languy99’s suggestion, I reset IE’s settings back to factory default. I’ve checked proxy server settings, IP settings, gone through XP’s Network Setup Wizard all to no avail. IE connects to the web just fine. All other programs that use the web are working.

I even installed WireShark to see what is happening on the network. When I click Comodo’s link to update it, it does not appear to send any traffic to the network adapter. About ready to give up.

try this, go to CIS, misc tab at the top. Settings, connections tab. select import settings from IE. Then try to update. doe sit work now? also check to make sure you have the driver installed in the network. Go to control panel, networking, change adapter settings, right click on your adapter, proterties. It should have listed there comodo internet security firewall driver and it should be checked. let me know.

languy99 “try this, go to CIS, misc tab at the top. Settings, connections tab. select import settings from IE. Then try to update. doe sit work now?”

After my last post, I uninstalled CIS. When I saw your post, I decided I would give your suggestion a try. It didn’t help. Comodo still refuses to open any connections. It will not open any connections period. Network properties are not the problem. Every other program I install/use on the machine can connect to the Internet without a problem. Which is why I suspect there is an issue with Comodo. I tried updating Comodo while using a network “sniffer” and no connections were opened and no packets were sent by Comodo.

languy99 “also check to make sure you have the driver installed in the network. Go to control panel, networking, change adapter settings, right click on your adapter, proterties. It should have listed there comodo internet security firewall driver and it should be checked.”

In Windows XP there is no such driver listed. I checked a machine with XP in which Comodo is working and there are no Comodo drivers listed in the Local Area Connection Properties, under “This connection uses the following items:” In Windows Vista there is a Comodo driver listed.

In a related vein, another thing I’ve noticed is that all the AV removal tools I’ve seen, still leave stuff behind. They are not removing everything as they claim. If you open device manager to show non-present devices, you will see all the other AV drivers listed but greyed out. The “devices” are not present, but the stuff they put in the registry remains. This discovery is rather irksome.

To show non-present devices temporarily:

Open a command prompt.

Type “set devmgr_show_nonpresent_devices=1” and press Enter.

Type “start devmgmt.msc” and press Enter.

Device Manager will open.

In Device Manager, click on View, click on Show Hidden Devices.

Then look under Non-Plug and Play Drivers to see what I’m talking about.

I have exactly the same problem. Wireshark does not show any kind of network traffic on my Windows 7 64 bits (Comodo 4.1.150349.920).

Check for update hangs and trying to use “Import proxy settings from IE” in Settings hangs too…

Internet Explorer won’t connect and hangs as long as Check for update is running and gets back to normal when Updater gets closed (IE connects fine to the web).

I have uninstalled Comodo twice and used the batch file available on the forum in order to clean left overs and registry keys.

Is there a way how we could debug that issue?