Disable auto containment - registry key?

Some1Else · May 16, 2017, 11:13pm

Hi all,

Is there a way I can automate disabling the auto-containment?

Some registry entry I can automate with a reg file? Reason being is the auto-containment slows down too many apps in our network and people are complaining. I have the client auto-installing via our login script, but just need auto-containment to be off by default.

Please help.

Some1Else · May 16, 2017, 11:24pm

I ran ProcessMonitor watching for RegWriteKeys and the only one during enabling/disabling Containment is this

HKCU\SOFTWARE\ComodoGroup\CIS|lycia.set|COMODO Advanced Settings||1033|96\WindowPlacement
Data: 2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF

which does not change.

So maybe the settings are no longer in the registry??

Some1Else · May 17, 2017, 12:04am

The older versions of comodo allowed disable/enable through switches passed to the MSI, ie

msiexec /I cis_setup_x64.msi INSTALLANTIVIRUS=1 INSTALLFIREWALL=0 SETOURDNSSERVER=0 THREATCASTFEATURE=2 INSTALLDEFHOMEPAGE=0 INSTALLASKDEFSEARCH=0 /Passive

I could only find a reference to CES_SANDBOX using Orca in the MSI, but setting CES_SANDBOX=0 does not disable it.

What am I missing?

Some1Else · May 17, 2017, 12:20am

Also, if there is a way to automate disabling the “message center” popups that would help too. People complain about it popping up all the time.

qmarius · June 5, 2017, 12:01pm

You are doing it wrong. Try to compare before|after making changes in Advanced Settings.

Some1Else · June 5, 2017, 9:39pm

OK, using RegShot to capture compare. These are the changed keys for when I disable Auto-Containment

HKLM\SOFTWARE\COMODO\CIS\Data\VolumeUsns: 14 4E C8 0E 00 00 00 00 E8 87 85 DC 12 00 00 00 77 80 AD 8C 00 00 00 00 00 00 00 00 00 00 00 00 84 32 37 69 00 00 00 00 00 00 00 00 00 00 00 00 B8 58 78 28 00 00 00 00 90 4A C4 69 4B 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\VolumeUsns: 14 4E C8 0E 00 00 00 00 28 35 86 DC 12 00 00 00 77 80 AD 8C 00 00 00 00 00 00 00 00 00 00 00 00 84 32 37 69 00 00 00 00 00 00 00 00 00 00 00 00 B8 58 78 28 00 00 00 00 58 40 C5 69 4B 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{B7F04E87-441A-4F26-BE21-C4339F539F87}: E8 C9 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{B7F04E87-441A-4F26-BE21-C4339F539F87}: 14 CB 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{67CE8C55-02C1-4517-99F0-282BE2734181}: 94 CA 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{67CE8C55-02C1-4517-99F0-282BE2734181}: 48 CB 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{ABB45338-2428-46D5-BCA1-F907810012C7}: 1D CA 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{ABB45338-2428-46D5-BCA1-F907810012C7}: 77 CB 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{1AB2EC41-A04B-45CB-84CB-11BA5EBA283D}: 94 CA 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{1AB2EC41-A04B-45CB-84CB-11BA5EBA283D}: 77 CB 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{BEBAFD97-F7E0-43C2-A7DF-0D1B5EE26620}: 1D CA 35 59 00 00 00 00
HKLM\SOFTWARE\COMODO\CIS\Data\Timestamp.{BEBAFD97-F7E0-43C2-A7DF-0D1B5EE26620}: 77 CB 35 59 00 00 00 00

Making an auto reg file to import those values does not seem to help. Maybe Comodo uses the time stamps as some sort of checksum? Is there anyone from Comodo who can give me a straight answer of what keys I need to change?

futuretech · June 5, 2017, 9:54pm

Change SBMode located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs\X\HIPS\SBSettings where X is current active configuration.

Some1Else · June 5, 2017, 10:06pm

Thanks, but those SBMode keys (I have 0, 1 and 2 as “X”) do not change between enabling and disabling.

“0” SBMode is 329595
“1” SBMode is 67451
“2” SBMode is 67442

What am I missing?

futuretech · June 5, 2017, 10:10pm

For me under 1 because I am using proactive configuration, I have 66835 when it is disabled then 66843 when enabled. Are you refreshing regedit after enable/disable auto-containment?

futuretech · June 5, 2017, 10:13pm

Actually I think the better way is to export the configuration after making the desired setting changes and then import the config across clients.

Some1Else · June 5, 2017, 10:18pm

I cannot thank you enough. The “0” entry did change and once restarting Comodo Auto-COntainment it is disabled!!

Reg file contents in case it helps anyone else looking for this

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdAgent\CisConfigs\0\HIPS\SBSettings]
"SBMode"=dword:00050773

Do you happen to know the reg key for disabling message center popups?

futuretech · June 5, 2017, 10:26pm

CmcEnabled in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs\X\Settings

Some1Else · June 5, 2017, 10:37pm

Awesome. Thanks again for your help. It saves me a lot of manual hassles.

qmarius · June 6, 2017, 10:42am

Glad that you solved it.

You should only export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent before&after making changes for future reference. :-La