I have CIS Firewall running for some time now, NO Antivirus, defense+ is DISABLED.
Great software so far. Now after the update to version 5, I receive cloud scanner alerts (see pic).
Where are the settings?
How do I turn it off?
Why does it run in the first place?
Is there anything else running I should be aware off?
I only want the firewall.
Grateful for answers…
[attachment deleted by admin]
I uninstalled, reinstalled firewall, and now the cloud scanner seems to be gone.
Problem was, when simply updating without uninstalling first, you don’t get the install options a) only firewall b) low proactive c) full proactive. So this time I chose a), and now everythings back to normal
Did you disable all cloud look up facility under Defense + Settings -->Execution Control Settings?
Even when you don’t install the AV when the cloud look up finds something to be malware it will notify the user. The idea behind is that Comodo does not want to compromise security although the user did not install the av.
Yeah, turned it all off. So maybe that’s why it’s gone?
Anyway, I’m happy now…
One word about the detected “malware”. One is LeakTest to test if Firewall works properly, the other one (see pic) is HeapMemView by Nirsoft. Both of them are far from being malware…
LeakTest is classified as malware because it behaves like malware. This is intentional. If the program were whitelisted, CIS would fail the leaktest wouldn’t it?
Shoudn’t leaktest be caught by the firewall rather than by blacklisting it?
It seems to me that the purpose of leaktest is to prove if the firewall
is able to block a certain type of outgoing connections and if it
can be detected by signature…
Please report the Nirsoft program as false positive in the AV False Positive/Negative Detection Reporting board.
It is only a token blacklist. It’s just Comodo saying, yes we know what this is. They even put the words leak test in the actual definition name. (Can’t remember the exact definition name, but it’s fairly obvious…)
If it wasn’t defined, it would be continually submitted as unknown malware.