hi there,
for 3 days now im running cis, but i have a netbook and i have the firewall installed in minimal configuration to save as much resources as possible . i know the cfp.exe and the cmdagent.exe work together for the firewall but i tried out to kill the cmdagent and the firewall runs still great.
Are there any limitations using the pure firewall without the cmdagent.exe?? because I found none so far. for minimal usage!
So I want to know if i can put any settings to start the firewall without the cmdagent.exe??
I dont want to have it run on my system as long as the firewall runs proper without it!
Cfp.exe is the client that communicates with cmdagent.exe to let it know how it is supposed to work
Cmdagent.exe does all the work as a background service with the inspect packet filter driver firewall driver working under it.
I am not quite sure how CIS behaves these days with cmdagent.exe terminated. Can you try the following? First have both cfp.exe and cmdagent.exe running and set the Firewall to Custom Policy Mode. Delete the Firewall rule for your browser in Network Security Policy → Application Rules.
Then terminate cmdagent.exe and start your browser. It should pop up with a Firewall alert. It it doesn’t then we have proven protection is bust with cmdagent.exe terminated.
oh yes mate, good idea to test the function thanks!
so as i hoped, i did as exactly as you said and WITHOUT cmdagent pops STILL up an instant message to allow open the firefox/ ie to get access!
it looks like there are no restrictions in security as far as i can see, functions are all available, i got the settings of minimum firewall, and didnt take the comodo dns-server…
now i looking for an idea to have only cfp.exe loaded with booting but not the cmdagent…
cause i dont like the idea having to kill it every new reboot…
do i have to wriite some .bat-file or something else? because the processes arent divided in the msconfig in two ones.
Can you also block FF if you were to follow my test procedure again?
yup, didnt open the ff and any other progs as long as i didnt confirm…
the fw also listed the blocked files correctly when notified
i looked for the registry-entry and saw that there is no correlation with both files, it has just an entry for cfp.exe in it… is there another entry only for cmdagent or DO the files correlate when booting?
so is there a way to let both files boot and kill the cmdagent after having booted both files automatically??
cause i´m so annoyed in always having to kill this process manually in the taskman…