How to disable all cloud related features in Comodo Firewall 5?

I have the latest version of Comodo Firewall installed. I call it “Firewall”, but it’s in fact the Firewall and Defense+ (because I couldn’t opt out of installing Defense+). I don’t have the antivirus installed however.

I would like to turn off all cloud related features in Comodo. Specifically, I’m referring to the following features listed at Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year

NEW! Cloud based Antivirus detects malicious file even if virus defintions not up-to-date
NEW! Cloud based Behavior Analysis system can detect zero-day malware INSTANTLY
NEW! Cloud based Whitelisting of trusted publisher easily identifies a safe file and vendor

I don’t want any of these 3 features. Please give specific instructions on how to turn off each of these 3 features. I already searched before posting. There was another thread here ( but it isn’t specific enough to describe which check box disables which of those 3 cloud features.

If you didn’t install the AV, you already have number one taken care of.

For number two, go to Defense+ → Defense+ Settings → Execution Control Settings and uncheck Perform cloud based behavior analysis of unrecognized files.

For number three, the best you are currently going to able to do is to go to Defense+ → Defense+ Settings → Sandbox Settings and uncheck Automatically trust files from trusted installers. However, Comodo will keep making adjustments to your trusted vendor list.

Since you don’t want to use Defense+ though, maybe you just want to turn it off? Defense+ → Defense+ Settings → General Settings, check Deactivate the Defense+ permanently, then restart.

Suppose I were to uncheck “Perform cloud based behavior analysis of unrecognized files”, uncheck “automatically trust files from trusted installers”, AND deactivate Defense+ permanently. The AV is not installed. With all this, would any of my files be submitted to Comodo? My files are my own, and I don’t want any of them uploaded for any purpose whatsoever.

Please cite your source. Thanks!

If you turn of Defense+, none of those other settings will be active, so it’s pointless to disable them if you’re going to just turn it off entirely.

It will be a straight firewall at this point.

General Setting | Comodo Internet Security | Comodo Internet Security Help

Scroll down a bit to the part about deactivating Defense+ permanently.

Defense+ is turned off permanently, so based on what you said, Comodo is a “straight firewall” for me. What does this mean in terms of the cloud? The help file you linked to doesn’t mention whether any of my files are uploaded to the cloud if Defense+ is turned off. I need to know this for sure in order to continue using Comodo. Thanks :slight_smile:

You can opt out of D+ when installing just the Firewall. If you choose the first option of the three that are presented during the installation, the one that says something like “enterprise strength Firewall only”, you don’t get D+ active. This also means that you don’t get any of the cloud based things as well. You have to use the Firewall only installer.

By straight firewall, I mean just that. A firewall that does nothing more than you would expect a firewall to do. D+ is what is communicating with the cloud. Turning it off will of course kill the cloud.

what has “disabling cloud things” to do with “dont want to use defense+” ?

defense+ is and was without this cloud things a full protection layer. so there is no need to think, without the NEW cloud things it would be pointless to use it.

when you unmark all things related to the cloud in defense+ , you can use it like before.

in the defense+ section are 2 things to disable as far as i see:

analyze the behaviour online,
check unknown files online.

sometimes it may happen though, that in a question window will be marked: send this file for analysis to comodo. look if theres such a mark in a question window (show more).

When Firewall only is installed, D+ is inactive i.e permanently disabled but under D+, Execution Control Settings is enabled & therefore cloud scan i.e realtime cloud antivirus is enabled too (coz of the option scan unrecognized files which detects malwares & safe files found are added to trusted lists). Even though D+ is permanently disabled i.e the slider is on disabled & disable D+ permanently is checked, this Execution Control Settings tab under D+ is enabled by default when firewall only is installed & it works.

I find it good coz I am running firewall only & avast 5 free & I am protected with 2 antivirus, comodo & avast. But the problem is when Comodo Cloud detects malware there is no way to quarantine the threat coz CAV is not installed & therefore quarantine option is greyed out on the alert, only clean & ignore. I have posted this in wishlist to provide quarantine of threats.


I don’t think this is correct. I think that when D+ is disabled permanently, it doesn’t matter what other boxes are checked or not since they won’t work anyway. The boxes for the sandboxing are also still checked and I can tell you for certain that it is not functioning. Therefore, I’m sure the cloud based things and the execution control aren’t either.

Hmmm, can someone explain the discrepancy? I’ve got a major problem with Comodo even asking to submit my files (what if I misclick?). For example, if you have a computer with files containing the personal information of customers, you definitely would not want Comodo to upload that to the entire world. I don’t trust the concept of cloud computing, and I think users should have a choice.

If anybody can provide evidence that all of those 3 cloud features I listed in my original post are definitely turned off by certain check boxes or by turning off Defense+ permanently, please post here! Any other feedback is welcome too of course.

I don’t know how I could be any clearer…

Check outbound connections of cmdagent.exe you will notice their is non except during updates, when all communications to comodo are disabled. Enable cloud and cmdagent.exe has connections outbound again.

I have installed & running firewall only mode with default settings. D+ is disabled in slider & permanently disable D+ is also checked. Execution Control Settings is enabled by default. I dont know any other options under this settings works or not but Realtime Cloud Scan works for sure. Malwares are detected & Safe Files are added to Trusted Lists. Try yourself with any malware or malware sample detected by CAV & run any app which is in the Comodo Cloud Whitelists. I also tried Buffer Overflow with Comodo’s BO coz Buffer Overflow protection option is also under this setting but it failed the BO test. I dont know other options under Execution Control Settings works or not but Cloud surely works.

Attached is the Screenshots.


[attachment deleted by admin]

I wouldn’t know what malware is or isn’t detected by CAV since I don’t use it. I also have not had any malware detected by anything for a very long time. There are however files being added to my trusted files list but I assumed that was the Firewall doing it and not any part of D+. There are some events saying that things were scanned online and found safe so I guess you might be partially correct.

I think I am fully correct my frd. I installed CFW Only mode 3 times & every time the default settings were the same with Execution Control Settings enabled & Cloud Scan detecting malwares & adding Safe Files to Trusted Lists. Did you checked the Screenshots in my previous post??

You too can check the CFW Only mode with leaktest.exe from grc, trojansimulator.exe, keylogtest.exe from


Where are you seeing these events? In the Firewall log or in the Defense+ log?

I don’t see those two options. Maybe you paraphrased the label on the check box? Please quote the exact wording of those 2 check boxes that you are talking about.

If despite disabling Defense+ permanently, unchecking “Perform cloud based behavior analysis of unrecognized files”, unchecking “automatically scan unrecognized files in the cloud”, not having the antivirus component installed, disabling the “Image Execution Control Level”, unchecking “Create rules for safe applications”, disabling “Automatically trust files from trusted installers”, and removing every company from the “Trusted Software Vendors” list except Comodo, I am STILL asked whether I want to send the file for analysis to Comodo or the files are automatically sent without my explicit consent, this is where I have a serious problem. I don’t want to misclick and send the file, and I most definitely don’t need it sent automatically. I have done all of the above already. I mean, what more can I do?

The whole point of a firewall is to allow me to isolate my computer from the outside world and allow only the types of communications that I have explicitly allowed. The new, vague cloud features potentially undermine this model by silently uploading files containing personal information to the cloud.

I think it is the responsibility of Comodo to make it clear to users when their files are being sent and when they aren’t being sent. Yet all I see is 3 new vague features in the release notes for Version 5.0.163652.1142 with no explicit instructions on how those 3 new features can be disabled, if they can be disabled at all. With no clear documentation on these 3 features, users are left to speculate as to what might be happening.

If these 3 features can’t be disabled, or if it isn’t explicitly clear that they can be, then sadly, I have to say goodbye to a product I once trusted. I don’t want an antivirus. I don’t want a Defense+. I just want a firewall, and I had one…or at least I used to.

In the D+ log. Which is supposed to be disabled but I guess Image execution , or part of it, is still functioning. It’s okay with me as I like the way trusted files are being added and vendors are automatically being added to the trusted list. It makes Comodo much more usable than it used to be.

Could you not just change the Firewall application rule for CIS to Blocked Application instead of Outgoing Only?

Yes, it’s possible that vendors are added to the trusted list because you turned on Image Execution. I turned Image Execution off, and nothing is added to my trusted list. For me though, this is a moot point. Even if vendors aren’t added to the trusted list, it does not mean my files aren’t being secretly uploaded to the cloud. This has been and remains my only concern for Comodo.

You could, but wouldn’t this prevent updates? Besides, I don’t see any guarantee that Comodo would feel obliged to obey such a rule. After all, you can’t take Comodo off the list of trusted vendors. It’s very possible that the mere difference between Defense+ and the Firewall component is used as a justification to bypass the firewall completely when deciding whether to upload files to the cloud.

Without an official, explicit and complete statement from Comodo delineating the necessary and sufficient conditions under which files are uploaded to the cloud and under which the user can prevent them from being uploaded to the cloud, we’re just speculating.