I need help here... please provide the test

hello Comodo friends,

I try to find way how to backup the Firewall application rules and/or other settings. Because I am not at home now I can not test it by myself, so I would ask you to help me by providing the test below. I want to be sure that this backup method works so when I come back home I need/must back up Comodo at first.

Here the steps of the test to provide:
(1) save some Firewall rules (if you dont have any in the FW Appl rule list). Do the same for D+. Set the "keep an alert on a screen for " to 999 sec in FW and D+
(2) make a backup of HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO
(3) delete HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO (or if it not a big problem for you, uninstall Comodo)
(4) reboot (or install Comodo again if you have uninstalled it in 3 and reboot)
(5) check if the changes made in (1) are present (they should be gone???)
(6) import HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO you already had backed up in step (2)
(7) reboot
( 8 ) check if the changes made in (1) are present (now they should be there)

If this backup method works then all the changes should be back again and Comodo’s settings and FW and D+ application rules lists should be in the situation as how they were at the beginning of this test.
Could someone confirm this?

I hope someone of you could have time and wish to help me with info if this backup method works.


That should work. In fact I know it’ll work because I’m aware of those entries when I was looking for other stuff (and its obvious your technique would work). But the question is: why would you want to do that? ???

Just export your configurations. Then import them when needed. I’ve found that the best procedure is to import either firewall, or internet (first one then the other) and activate each in turn. Import proactive last and activate it last. Everything gets carried along except trusted files. For all practical consideration: what makes you think CIS isn’t backing that registry key when you export your config in the same fashion you’re trying to do manually?

For the trusted files, I suggest to take a screenshot of your trusted files. After re-installing and importing configs, recreate the trusted files manually for those apps you know CIS will balk and sandbox. That step isn’t really absolutely necessary, but without those trusted files the system will run like ■■■■ until all those apps are encountered for the first time again. Over time as you use the system virtually evrything ends up in trusted files (transparently). If its determined to be safe via either cloud lookup, local safe files, or trusted vendor list it gets put into trusted files w/out you being alerted; otherwise it sandboxes it. Then you have to say ‘dont do that anymore’ and it ends up in trusted files. But sometimes big files can’t be submitted and you know, and if they get sandboxed the app crashes and its a mess (you could even lose data relevent to the app).

why would you want to do that?
well I did this some times and every time I went crazy because the application tules list in the Firewall was not backed up (or not imported again)... so every time I had to define the rules for each allpication again and again, that that is **** So I am looking for a securer way to backup everything in the complete Comodo.

I am glad to read what you wrote that this should work, but I will appreciate if you just follow the steps to be 100% sure that it works. PLEASE!


Config export / import does work. I absolutely know it does. I can lament with having to recreate all of the stinkin’ network zones and rules. Its a pain in the derriere. I have never resorted to your technique. I have seen the phenomenon that you refer to, however it is due to not activating the profile imported.

This procedure works:

Import firewall or network config (first one and then the other) and activate each in turn. Then import proactive config and activate it last. Importing them is insufficient you have to [i]activatei/i] each in turn.

This procedure works:

Import firewall or network config (first one and then the other) and activate each in turn. Then import proactive config and activate it last. Importing them is insufficient you have to activatei/i] each in turn.

I describe:
After fresh install of Comodo the only config I have used is the firewall config, so I have exported it. In this situation why should I export the internet and the proactive config too??? Must I do this to have a full backup?
So while using only the firewall config it was the only one ever active and modified, so I have exported it and then imported it by giving it the same name as the previous active (so I overwrote it by renaming it) and Comodo shows me that it was active. BUT still the FW appl rules were not imported. I dont think that in that case an explicite activation was/is needed…

As you can not convince me 100% that the standard backup way by exporting works, it is just better if you try following the steps and we will see. Or if this is a big risk for you and you dont want to do it, just well me… I will understand it, no problem.


Depending on the options chosen when you install CIS, one of the three base files:

COMODO - Firewall Security.cfgx
COMODO - Internet Security.cfgx
COMODO - Proactive Security.cfgx

is used to populate the registry. The information in these files is cumulative and not incremental, so if you have the Proactive Security Policy activated, you have all the settings from the Firewall Security Policy, plus those settings specific to Proactive. You can easily see this by using a file compare utility on the files above, as they’re only text files. You can also see how the registry is populated after installation by using Comodo Firewall Pro/CIS Configuration Reporting Script [Latest Version is 0.723]

So, to answer you question, no, you don’t have to backup all the security policies, just the one you are using. Likewise when you import a new policy. If at any time you want to get back to a clean policy, just remove the one you want to replace from Manage my configurations and load one of the files above. Once loaded, activate it.

With regard to the standard import/Export, I’m not really sure what problems you’re having, as I use this process very often without problem. The only thing I’d suggest, is naming your exported configuration to something other than one of the above, likewise, when you import the configuration, use a different name, such as myconfig. The names are only identifiers and have no bearing on the actual settings. Once imported, activate the policy. It’s also worth rebooting, even if not prompted to do do.

If you insist on using the registry method, it will work as I have used this process in the past. Just remember to exit CIS before you merge the key and run a CIS diagnostics directly after rebooting the PC.

Then NOT having firewall rules after importing proactive.cfgx is due to registry corruption? Becaue I’ve seen that. The firewall rules only showed up AFTER importing firewall.cfgx AND activating it. Then I import proactive.cfgx and activate it. Then I’m golden.


When you install CIS you’re presented with a series of options, depending on how you answer those options one or the standard security policies will be chosen:

From the ‘Select the products you would like to install’ screen: (image 1)

Firewall plus Antivirus - The Comodo - Internet security configuration is used

If the firewall alone is chosen an addition configuration screen is presented: (image 2)

Firewall only - The Comodo - Firewall security configuration is used
Firewall with Optimum Proactive Defence - Comodo - Firewall security configuration is used
Firewall with Maximum Proactive Defence - Comodo - Proactive security configuration is used

Regardless of the options selected, the firewall is populated with the same basic rules (image 3) if you’re not seeing these rules after installation, there could be a problem.

Clearly, the basic configuration can easily be replaced with previously saved security configuration, by importing and then activating this configuration. Importing a configuration in this way will overwrite any existing settings.

[attachment deleted by admin]

Clearly, the basic configuration can easily be replaced with previously saved security configuration, by importing and then activating this configuration. Importing a configuration in this way will overwrite any existing settings.
and to specify and clarify: if the previous saved security config has specific firewall rules saved in, importing this configuration and activationg it will add this firewall rules to the Firewall application rules list, YES or NO or MAYBE? Because that is what is importent for me: [b][u]to backup the firewall application rules [/u][/b]

It doesn’t add, it replaces.

predefined configs:

firewall.cfgs = configuration when the user has installed only the Firewall
Internet.cfgx = configuration of Antivirus and Firewall components (if both are installed),
Proactive.cfgx - AV, Firewall & D+ rules

Regardless of what you’ve installed, if you export your active config as MyConfig.cgfx, whatever is relevant to your installation of CIS is exported. The different default CIS configs described above are mutually exclusive.

If you only have Firewall installed thats all that’ll be in exported cfgx. If you have both AV & Firewall, items relevent to both of those components will be contained. If you have EVERYTHING installed, then ALL rules will be backed up (AV, Firewall, & D+). If any component is disabled, it still backs up EVERYTHING. When you import MyConfig.cgfx and activate it, it will restore CIS to that state, e.g., even if AV & Firewall are disabled all the rules for those components will be restored [b]but the security level for AV & Firewall will show ‘disabled’ If you only have firewall installed, then only firewall rules can be exported, and so only firewall rules are exported.

In my case I have proactive security config enabled. If I make a firewall rule, select, and then export firewall.cfgx, the rule won’t be in firewall.cfgx. If firewall is the active config, and I make a firewall rule, I’ll lose it when activating proactive config. Does that make sense? In my case, per my lament above, I must’ve done something screwey.

For peace of mind you can open MyConfig.cgfx with notepad and search for one of your app rules. It should be in there.

Good to know you only have to backup the config that is active and when in proactive donig it backs up everything. 8)