Does CIS protect against internet attacks during boot-up and logon?

Assuming that the CIS firewall is configured to block messages initiated from the internet, and assuming the internet is connected via cable or DSL such that internet modem is always active, is there a window of vulnerability for internet attacks during the boot-up or logon processes? The best answer would include the sequence of activating CIS, the PC’s network port and any other relevant modules.

I have a USB-conected Ethernet adaptor, and I notice that its link status light starts blinking during the boot-up process (before logon starts). I am concerned because Autoruns shows that the Comodo module loads in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, which is in the logon process.

I am especially concerned about this since my hardware firewall died, and I am waiting a few days for a replacement to arrive. My Comodo firewall logs show blocked messages to several IP ports from several computers on the cable internet in my neighborhood every few minutes (likely from infected PCs). One of my applications only gets an update during the login process, so I would like to leave the internet modem enabled during the boot-up/login process.

I have CFP v3.0.25.378 installed presently. I plan to install the latest version CIS after I install my new hardware firewall. I don’t want to experiment with the new CIS while infected PCs are pounding on my PC. If the answer to my above question is different for CFP v3.0.25.378, please let me know.

My thanks to many knowledgeable and helpful folks on this forum. :slight_smile:

I’m not an expert, but I believe the Windows firewall is the only firewall that protects you from bootup. (Meaning, it is loaded before the networking protocols) If you buy into the Windows propaganda…

The Comodo services load back at kernal level, but I think there is a very slight gap in protection. I think the chances of getting a malicious attack in this extremely short interval is infinitesimal, but that’s just my assumption.

Hopefully someone will more knowledge on this will speak up.

Since there have been no other replies, I assume it is necessary to activate the Windows Firewall when not using a hardware firewall in order to protect against internet attacks before CIS has activated after logon.

I wonder if CIS could be improved to provide this type of protection so that CPU and memory are not wasted on the Windows Firewall after CIS activates.

Hi SilentMusic7;

You don’t have to worry about boot-time when CFPv3/CIS are installed. Millions of users and no-one had trouble with (unknown issue).

Give a try and see Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year This should answer your questions and doubts.

CFP has had many, many security/performance issues resolved. Still not in perfect shape, very-very close, but if you replace your old CFP, installing the new CIS with FW & D+ only (install options ARE avaiable, you CAN reach the same “old” functions only) I GUESS you would be better… :wink:

If doing so, don’t forget to save/export your configurations of your CFP to a safe place (not CFP folder)! This way you can go back any time. :slight_smile:


The driver for Comodo’s cmdguard.sys loads before any networking protocols.

So yes, it protects from internet during boot up.
Leave windows firewall disabled. One is better than Two.


PS: you can verify this by doing a boot up with boot logging enabled, and checking log.

IIRC cmdguard.sys is defense+ driver; Comodo firewall driver is inspect.sys;

Can someone from Comodo conferm this?

oops my Bad,

inspect.sys is the firewall one, but nothing changes. inspect.sys loads even earlier in boot process.