Firewall stops working after uninstalling AV and can't get fixed anymore *help*

Hello,

i think i need professional help with the Comodo Firewall.

I’ve been running Comodo Firewall v8.4 (only the firewall aspect, no AV) alongside Avast Antivirus on Windows 7 x64 for about 4 years now - without any major problems or compatibility issues.
However, some time ago I needed to uninstall Avast Antivirus and after having Avast uninstalled, the Comodo Firewall service doesn’t start up anymore.

On each and every boot Comodo Firewall shows the following error-popup twice:
“Comodo Security Agent could not be started”

Having a look at the windows-services then shows that the comodo security agent service is not running and trying to restart/start the service always stops/ends with the error: “the service did not respond in a timely manner”.

I spent many days trying to fix this error (I tried the whole procedure, uninstalling avast and fixing this error, many times the past year) but I always ended up restoring a complete OS hard-drive backup, because nothing seems to fix this issue. I want to continue to use the comodo firewall, but once this error shows up, there is NO point of return. the only fix is restoring a hd backup.

Even when i finally managed to completely uninstall the firewall and then tried to reinstall comodo firewall v8.4 or even the latest live verion 10.x (version doesn’t matter after v6.x), the error “Comodo Security Agent could not be started” shows up again on every boot.

To give you a glimpse of the struggle i had, I will enumerate some of the things I’ve already tried to fix the issue:

1. i uninstalled Comodo Firewall from the control panel / software. - it did not uninstall the firewall-software, just the online installer! (this really needs to get fixed too!) so the error was still there, the software was still installed.

2. i then manually searched the original firewall offline-setup.exe and removed it with the setup menu. The Firewall then was gone, the startup popup-error was finally gone. however, some remnants were still there. f.i. the registry keys in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent. CmdAgent and its subkeys seem to be corrupted and cannot be deleted by any user/admin/system-account. Either it’s really corrupted or it’s a deep-in-the-system rootkit-like security function to protect the software - i don’t know. But it’s not really completely gone. Reinstalling any version of Comodo Firewall v6.x - v10.x then leads to the same error message on boot again.

3. I also tried the “Official Comodo Uninstaller v2.0.0.3”. One time after I had already uninstalled the firewall via the setup.exe - one time before I had uninstalled the firewall via setup. Both with the same outcome: “Comodo Security Agent could not be started” shows up again on boot whenever I install a comodo firewall again.

4. I then tried to install comodo firewall after i had:

• no AV products
• other AV products than Avast
  without any differences in the outcome.

5. I tried to install the complete Comodo Internet Security Suite, with AV and all the annoying unnecessary stuff - the same result “Comodo Security Agent could not be started”. In fact i tried installing any combination possible, it doesn’t matter it just won’t work.

to sum things up: i’m finally able to uninstall avast antivirus and comodo firewall, however, and that is the major problem here, I cannot install comodo firewall again and use it because on every boot the “Comodo Security Agent could not be started”.

I’m struggling with this issue now for over a year and it cost me many days of time and nerves trying to fix it. And yet it still doesn’t work. As long as both, Comodo Firewall and Avast Antivirus are running and neither one are being touched or uninstalled, everything works fine. But when i try to uninstall the Antivirus or the Antivirus tries to automatically update itself, hell is breaking out.

Please, if someone qualified is able to help me with other stuff than the usual steps I’ve already tried, it would be very appreciated!

Run the official uninstaller tool and when it fully completes every phase, provide the log it creates in the same directory from which you ran it from. Also run it in normal Windows mode, not in safe mode.

I had run the official uninstaller tool exactly like this, but I don’t have the logs anymore, because i needed to restore the hard-drive to get it back working, and the logs were overwritten.
However, I remember almost all red-line errors of the log. There were 3 and 2 of them were:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CmdAgent both could not be removed by the uninstaller tool.

the third line i don’t remember.

Please keep in mind I waste about 2 days of productive time just to try to run the uninstaller tool again, because in the end I have to restore my complete backup and get everything back running - nothing I can do that easily. this will take time and opportunity.

I wished someone could give me advises to solve the problem without going through these steps over and over again, because it’s so costly everytime.

Are those registry entries still there? If so can you open regedit and manually try to delete them? If you get an error message like access denied then you will need to use this to run regedit and delete the keys again.

I already tried to delete these two keys with various ways as user/admin/system-account, all failed.

I also used Sysinternals psexec tool to start regedit with System privileges: psexec –i –d –s regedit.exe
even then the keys were not deletable. Changing the owner and permissions of the subkeys never worked either, due to missing privileges.

I also loaded the HKLM hive into another registry on another computer and tried to delete the keys from there. no success.

Thats why i wrote: either there is part of the registry corrupted (i don’t believe so) or comodo invented some real deep in the system security to make these keys undeletable. When I google for the reg-delete error-msg I find similar problems by users of other AV products. this lets me assume it might have something to do with the hardening of security of the own products.

I’ll try the TrustedInstaller method next time, but I don’t think it will top the system-privileges attempt. I might be wrong, so I’ll definitely try it next time it fails.

Another idea: does it matter in which order i uninstall the programs? First Avast, Second Comodo? or First Comodo, Second Avast? i didn’t try uninstalling comodo first yet, because I only wanted avast to be uninstalled.

warning: tested only on W7 some time ago
0. create a system restore point or backup

1. try to uninstall (using normal methods) security-related products
2. get :
   a) https://www.microsoft.com/en-us/download/details.aspx?id=23510
   b) GitHub - jschicht/RunAsTI: Launch processes with TrustedInstaller privilege
3. make a batch file with:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

4. run mentioned batch file with TrustedInstaller privs
5. wait ~ it could take a lot of time
   (after this one: restart system… optionally, repeat step 1)
6. run forced removal tools for products [at] step 1
7. attempt normal installation

could you please elaborate what the subinacl command does?
i see it is obviously adding permissions to all the registry keys and system drive dirs.
But I don’t know if it’s default for all these dirs and keys to have administrator and system privileges. I mean, I don’t want to add these privileges if they are not default values for the corresponding keys/dirs. Otherwise, okay!

It’s probably not default. You could search for more reasonable ones. Reason why I used those is because I had nothing to lose… it was pretty much corrupted and it caused subtle side-effect issues. Anyway… that’s the way to go.

Ok, I’ve got news!

I tried to fix the problem one more time… i made a complete backup first then tried to get things rolling. here are my steps in detail to reproduce my errors:

1. this time i tried to uninstall my comodo firewall 8.4 first, and avast antivirus after that.

2. i uninstalled comodo firewall by running the initial offline-setup.exe because thats the only way it works the “usual” way. it seemed to work, it’s gone so far.

3. i uninstalled avast antivirus. it worked, it’s gone.

4. i rebooted again. no AV no Firewall and no error message on startup.

5. i always wanted to try another AV product, so this time I chose avira antivir. i downloaded the online installer, installed it and configured it… rebooted, everthing works fine so far. Avira AV installed.

6. i downloaded Comodo Firewall 10 online installer and started installing it. after it’s been installed and before i’ve had rebooted, comodo firewall starts up and is running. I disabled virus scope and hips in the config and then did the necessary reboot the program had asked me for.

7. THE SAME ERROR AGAIN! “Comodo Security Agent could not be started” is showing up twice upon boot. No comodo firewall running.
   This means the whole attempt to fix this problem has failed and I can usally start restoring my backup.
   But this time I want to try the things you’ve mentioned in the posts before!

8. I’m trying to free my system completely from Comodo in the next steps.

9. I uninstall comodo firewall via control panel/software and reboot the pc. After that the error shows up twice again and I see the uninstaller did NOT uninstall the firewall completely. The drivers are still there, some of the services are still installed, etc. (why can’t the uninstall of comodo work just one ■■■■■■■ time!)

10. comodo firewall or 90% of it is still installed but the uninstaller is gone. Leaving me with no other option than downloading the “Official Comodo Uninstaller v2.0.0.3” tool.

11. I just ran the “Official Comodo Uninstaller v2.0.0.3” normally as admin after the UAC prompt.
    I recognize about 3 redline-errors which i post in detail later in the logs.
    after i rebooted twice and the uninstaller tool has finished, the error message “Comodo Security Agent could not be started” was GONE. However there are remnants the uninstaller could not delete and I guess they are the reason why it’s not working whenever I try to install a new version of Comodo Firewall again.

12. Looking at the Logs and the remnants of comodo Firewall after the uninstaller tool:
    while i ran the uninstaller tool, some errors where particularly striking:

You can see the complete log with more attempts later!

But for now, particulary,
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CmdAgent
where left over and i could not delete them or change permissions in regedit as normal admin and not as system-level-user.

13. Now one idea of you was to run regedit as TrustedInstaller. So i installed the RunAsTI tool and started regedit from the TI command prompt. I tried to delete these keys and tried to change owner/permission with NO SUCCESS. The same errors again:

Translated it says: CmdAgent could not be deleted: Error deleting the Key.

I even ran the uninstaller tool with TrustedInstaller permissions, with no success either.

13. So as trustedInstaller was no solution either, i tried the other idea: using SubInAcl tool with the batch:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

i ran it with TI permissions again and it took a while until it’s finished and after that i tried again to delete these reg-keys. But again, NO SUCCESS. not been able to change owner/permissions of the subkeys of CmdAgent, not even been able to open these keys!

Translated it reads: Error opening Configurations. The Key could not be opened due to an error. Details: The System could not find the File.

i even ran the uninstaller tool once again with TI privileges with no changes.

14. After all your suggestions failed i tried one last despairing attempt, and tried to manually text-edit the SYSTEM file from another PC (remote registry / load hive didn’t work before… ). I deleted the keywords CmdAgent and saved SYSTEM file (registry). But almost expecting it, the PC didn’t even boot up anymore after I tried to start the OS then.

15. Hell, I’m so tired of this sh***. Again I ended up restoring my hd-backup and wasting valuable hours of time for nothing

something to note:
last time i uninstalled Avast Antivirus first. After the uninstallation of avast the errors “Comodo Security Agent could not be started” showed up twice, even though Comodo Firewall wasn’t yet uninstalled.
this time, I uninstalled comodo firewall FIRST and avast antivirus second. That way I was not getting the “Comodo Security Agent could not be started” on boot anymore. However the comodo registry remnants were still there, preventing a succesfull reinstall of the firewall.

As attachment you can find the log of the official comodo uninstaller Tool 2.0.0.3.
The Log contains 3 runs of the tool.
1st run: started the tool as admin, after comodo firewall 10 uninstallation failed.
2nd run: started the tool then with TrustedInstaller privileges.
3rd run: started the tool with TI privilegs after i used the subinacl batch file.

Please, if anyone has a solution to my problem, especially deleting these registry keys, let me know! I’m still looking for a final solution!

Another idea would be to use a bootable disk & load registry for offline editing.

As I already wrote, i already did that. I started a windows PE session and loaded the registry in regedit via “load hive” option. I could not delete these remote keys either. not even when remotely loading the registry.

one more thing to note: I just had my backup restored and had a look at the very same registry keys. As long as I didn’t uninstall the Firewall I’m able to browse the mentioned registry keys without problems! They are there and they are accesible. Maybe they became only corrupt when I try to uninstall avast antivirus or comodo firewall with the original uninstaller or the official uninstaller tool!

maybe it’s worth an attempt to delete these registry keys as long as none of the programs have been uninstalled and uninstall them afterwards? In hope that these reg-keys are finally gone completely?

How is it even possible that registry keys can’t even be opened after the software has uninstalled them? is this an error in the uninstaller?

ohh… and another thing:

I tried renaming the parent key “CmdAgent” to something like “xCmdAgent”. that worked. and I hoped that when I reinstall comodo firewall, it would create the original “CmdAgent” key again and that everything works. It created a new CmdAgent key when reinstalling, however the firewall did not start on boot and gives the same error again “Comodo Security Agent could not be started”.
Therefor i doubt this registry key is the only reason why it’s not being able to run anymore after reinstalling.

Just to make sure we have a clean playing field. Could you run the Avast clean up tool to make sure there are no drivers or services of Avast left.

Another way of removing the Legacy drivers from the registry is to clean them from device manager as described in the following.

To remove the socalled Legacy Keys, which are otherwise hard to remove, open Device Manager from the command prompt using the following two commands:
set devmgr_show_nonpresent_devices=1
start devmgmt.msc

Then set Device Manager to show hidden devices under menu option View. Then see if there are Comodo Internet Security related drivers left in non Plug and Play drivers. If so select the driver → click right → uninstall. Do this for all present drivers. Do a reboot when it has been requested.

I am curious to see if the above works in your case.

I’ll try that next time I get a chance. I had run the Avast cleanup tool after uninstalling in previous attempts already but had no changes in the results…

But I don’t think removing legacy keys will work when i remove possible old comodo drivers in device manager. keep in mind i had already booted with windows PE. there is no comodo driver active or running then which could protect the legacy keys. And nevertheless I was not able to delete the legacy keys with regedit while I had loaded the remote hive.

Therefor i really assume somthing corrupts the registry and especially the mentioned legacy keys when i uninstall comodo firewall with the uninstaller or the uninstaller tool. That’s why i think i have to get rid of these keys BEFORE i uninstall comodo in any way and therefor befor it can corrupt the registry/keys.

I need to have a good plan before starting next time, because any wrong attempt takes a lot of time to restore and try again…

The Comodo Legacy drivers will no longer point to a file on the hd and will show up as ghosted ik Device Manager when starting it as instructed. If you remove it there it will also be removed from the registry. I am curious to learn if removing the Comodo driver from there will work or fail in your case.

In which order should I begin?

my order would be:

1. uninstall avast antivirus + cleanup tool (this would lead to: “comodo security agent could not be started”-error on next boots)
2. uninstall comodo firewall via the offline-setup.exe (because there is no other way to uninstall it normally)
3. run the comodo cleanup tool
   at this point I’ll have comodo uninstalled but the CmdAgent registry key is corrupt and can’t be deleted anymore.
4. try uninstalling the legacykey/driver with your method via device manager. then see if the reg-key is also gone.

what do you think, is this order okay? I have still doubts it will work after having comodo uninstalled… I would rather prefer trying to uninstall legacy drivers with your method before i uninstall comodo firewall normally or even avast? Would it be better this way?

That is a good order. Keep us posted.

Ok, i’ve got news again…

I’ve tried the exact order mentioned in the previous post now. And everything (every error too) went exactly as expected.

• i uninstalled avast antivirus, worked flawlessly. on next boot the comodo security agent error showed up.
• i ran the avast cleanup tool in safe mode as requested. it did something, the comodo error was still there as expected, though.
• i uninstalled comodo firewall via setup. after boot the error were gone. however the registry remnants “CmdAgent” services were still there. and again not being able to delete them as expected.
• i ran the comodo uninstaller tool, had 2 reboots, then it finished. it went exactly as in previous posts with the exact same errors. (see the attached .log file in previous post!)

so far, as expected. now I was going to try the new things.

I did exactly what you told me. started the device manager with these options, showing hidden devices and found 4 non-plug-n-play devices starting with Cmd* (things like comodo helper etc.)

I removed (selected uninstall) all thouse 4 obsolete drivers.

A few lines above i also found 2 obsolete Avast drivers. I uninstalled them too. just in case they have the same problem… so they’re all gone now.

I did a reboot.

I started the registry again, browsed to the affected keys, tried to delete them.
Again, they could not be deleted. The same problem as before:

So unfortunately it seems this method doesn’t help either. It went exactly as I suspected…

I think I’ll try it my way next time:

• removing the registry keys of comodo from a remote pc (or windowsPE) BEFORE i uninstall the firewall. Because that seems to be the critical point. As soon as I uninstall the firewall, the registry keys get corrupted.
• I then try to remotely delete the services files from windows system dir also.
• After that… booting up again and run the comodo uninstaller tool to remove the rest.

then see if everything is really removed, the reg keys, the system drivers, etc. and then hopefully the new comodo firewall version will install and start without problems… (phew)

If anyone still got some other ideas… let me hear.

Sounds really frustrating. Sorry to hear about it. Are you running latest version of Windows 7?

Not sure why but Avast is a nightmare to remove. I tried removing it from a system to replace it with another a-v, but it simply would not go away. I tried the official uninstaller…everything under the sun to rid the system of Avast. Well, Avast is still on that system over a year and a half later… >:(…I like Avast, so I am OK with this for now, but I hate to see this happening to a Comodo user. Good luck getting the problem resolved…

indeed, it’s really frustrating… such a mess… and if it wouldn’t take so much time to install and config everything again from scratch, i would just reinstall the complete os. but that still takes more time than just trying to fix the firewall/av (yet).

yes, i’m using the latest version of Win7x64 - in the meantime with the kernel updates for meltdown and spectre mitigation but that doesn’t make a difference here.