Most Effective Way to Reinstall/Update CIS to Avoid/Fix Problems

I would recommend reinstalling/updating Comodo Internet Security (CIS) to the newest version by following the steps below whether you’ve had problems or not. This will likely avoid most problems you could otherwise encounter.

Before you continue with any of the following advice make a system restore point. This way if something goes wrong, which although unlikely is possible, you can easily recover.

Also, if you want to maintain your previous configuration after reinstalling you should export you current configuration before continuing to the following steps. This can then be imported after re-installation. However, note that sometimes the old configuration can cause problems after being re-added.

Section A: Always Follow These Steps (in order)

1. Disable Any Other Security Products You May Have Running
Uninstalling is usually not necessary, but if you believe that the other security software may be interfering, even when disabled, uninstalling may be a good idea.

2. Download All Software Needed For Removal Process
Download the official Comodo Uninstaller Release topic link:

For 64-Bit Operating Systems:
http://download.comodo.com/cis/download/installs/ciscleanuptool/ciscleanuptool_x64.exe

For 32-Bit Operating Systems:
http://download.comodo.com/cis/download/installs/ciscleanuptool/ciscleanuptool_x86.exe

The following section is no longer necessary but is kept for historical/archive retention.

Those running Windows 8.0, 8.1, or 10 should also download this removal tool. Users should use “Run as administrator” via alt-click context-menu.
Those running Windows XP, Windows Vista, or Windows 7 should also download that removal tool. However, in addition they should download an additional removal tool from this page. Those running Windows 8, 8.1, or 10 should not use this tool as it may cause damage to that operating system. However, it is safe for all others.

3. Uninstall Comodo Internet Security/Comodo Firewall (CIS/CF)
Uninstall normally from Windows Control Panel. If CIS is not listed in Add or Remove Programs (XP) or Programs and Features (Vista and newer), then run Microsoft Program Install and Uninstall Troubleshooter from here. if using Windows 7 or later, otherwise try this program from this page. Then run the installer and use it to try and fix the problem which is not allowing CIS/CF to correctly uninstall.

4. Clean Up Any Remnants Left of CIS/CF
Once CIS/CF is uninstalled, or at least removed as much as possible, make a restore point as a precaution, then restart the computer into Safe Mode with networking. Instructions for how to do that can be found here. Now run the offical uninstaller that you downloaded from above, it can be run in safe mode or when logged in normally.

The Following is no longer necessary but is kept for historical/archive retention.
Then those users running Windows XP, Windows Vista, or Windows 7 should run the Uninstaller Tool v0.3b which you were asked to download through section 2. To remove remnants select “Uninstall Comodo Internet Security” from the options. Then allow it to remove any remnants it can find. Once it is done you can safely close the window. Then also run the other removal tool downloaded, and follow the steps in the following paragraph.

All users, including those running Windows 8 and newer, should now run the removal tool, which is safe for all versions of Windows, to remove any leftovers from Comodo Internet Security. After opening this application first run step 1, which attempts to kill any remaining processes from Comodo Internet Security. Then, once that is done, you should run step 2, which removes any remaining files and folders. Note that there are other options provided, but that I would strongly advise that you do not use them. Only the first two are meant to remove Comodo Internet Security. The rest are for system maintenance and sometimes may cause serious problems with your computer if run.

After following the above steps you should restart your computer.

5.Clean Any Remnants Left From Former Security Products
If you ever had a different security program installed before you tried uninstalling CIS, then part of the problem could be due to interference from their leftover files. To ensure that this will not cause a problem please run the removal tool for each of those security programs that you used to have installed. A list of uninstallers for common antivirus software, can be found on this page. Please select the ones for any security programs you previously had installed and run them.

6. Now Install Comodo Internet Security
Download the latest version of Comodo Internet Security from this page and install it. Everything should now hopefully go flawlessly and you will have the latest version installed on your computer. Once it’s installed you may want to follow my guide about How to Install Comodo Firewall for advice on how to configure it.

Once CIS/CF is successfully installed you can now re-enable any other security programs you may have disabled at the beginning. However, note that you should never run a separate antivirus program alongside CIS. If you wish to use a different AV you should instead use CF.

Section B: Follow These Steps If Problems with CIS/CF Continue Even After Following Section A Advice

1. Run the Windows Installer Cleanup Utility
Download this program from this page. Then run the installer and use it to try and fix the problem which is not allowing CIS/CF to correctly uninstall.

1.a Run Microsoft Program Install and Uninstall Troubleshooter from here.

2. Run A Registry Cleaner
You should also try cleaning your computer with a registry cleaner. This may help fix some problems. Whichever registry cleaner you choose, you should make a full registry backup before removing anything. Once it’s finished cleaning you should restart your computer. After running the registry clean you should go back to the beginning of this topic and follow the steps to remove any remaining components.

3. Manually Remove Leftover Drivers
For Windows XP, Windows Vista, and Windows 7 Users
To locate any Comodo drivers which may still be left on the computer go to the windows device manager. For help in how to open this please see this page. Then go to view and make sure that the option to Show Hidden Devices is enabled. Then look under Non-Plug and Play Drivers for drivers called Comodo Internet Security Firewall Driver or Comodo Internet Security Helper Driver. If either of these still remains right click on it and select uninstall. Note that this should only be attempted if every other attempt to uninstall it, and remove all relevant files, has proved insufficient. After removing these you should then go back to the beginning of this topic and follow the steps to remove any remaining components.

For Windows 8 and Windows 8.1 Users

1. Download Autoruns - http://technet.microsoft.com/en-us/sysinternals/bb963902
2. Right click the zipped folder and extract all to a known location.
3. Right click and select run as administrator for the ‘autoruns.exe’ file found in the extracted folder.
4. Look under both the ‘services’ and ‘drivers’ tabs for the following entries (CmdAgent, cmderd, cmdGuard, cmdhlp, cmdvirth & inspect).
5. Take note of the associated file and location for each (Hover over image path).
6. Right click and delete each of the mentioned Comodo entries.
7. Using Windows explorer navigate to the previously noted file locations and delete any remaining associated files.

4. Go through Section A advice again
Once the above three steps are complete please restart your computer. Then go through all steps in Section A and see if that solves your problems and lets you successfully install CIS/CF.

Section C: What To Do If Advice In Sections A and B Were Not Able To Solve Your Problem

1. Ask For Assistance In The Help Section Of The Comodo Forums
If none of these methods work then please start your own topic in the Install / Setup / Configuration Help - CIS section of the Comodo forums. People will examine your specific case and try to help you figure out what’s interfering with the installation. Just make sure you supply the information suggested in this post. Also, please note which of the methods discussed above you have already tried and what the results were.

I updated the download link of the second tool. Eric
I updated the download link of the Microsoft Windows Installer Clean up Tool. Eric

[attachment deleted by admin]

Just had this issue: V3 update function always said the the update download failed in the middle of it. So I downloaded V4 directly and started the installer.
It takes you to uninstall V3, then installs V4. V4 runs fine now, but ALL MY SETTINGS ARE GONE. I had about a hundred fine-tuned firewall rules. How do I get them back?

If I’m not wrong unless you had first exported your settings from V3 before you uninstalled it your settings are gone.

It’s possible, however, that they may be located under More / Manage My Configurations. If it’s not there then I don’t know where else to look.

If I'm not wrong unless you had first exported your settings from V3 before you uninstalled it your settings are gone.

Wow, that sucks big time!

The installer suggests that it can keep your settings. There should be a clear alert that they all get deleted!!!

Well, at least it gives me the chance to try some other software, if I have to re-enter everything anyways.

I do have a registry backup, though. Any chance to get my firewall rules from there and take them to V4?

I would not export my settings, I have seen them cause more problems then anything. Version 4.0 is so different from version 3 that it would be best to start over. Remember that version 4 does not really need the amount of rules version 3 needed, it is much smarter and works much better.

I don’t get this “slowing down CIS” business.

Yes, the cfg files when exported are in a different format. This new v4 cfgx file is imported and exported much faster than the old format.

BUT, as far as I can see, CIS’s configuration is stored in the registry and not in the cfgx file. It doesn’t load the cfgx file every time it starts up - it uses the data stored in the registry. So the format of the configuration file doesn’t come into it.

Besides, if I’m wrong and CIS does load the cfgx file at start-up, then the problem is solved easily by importing the old v3 cfg file, then export it to the new cfgx file. Then import that back in again!

Thanks for pointing that out. I actually wasn’t sure about that particular part of my advice. I had read about a few problems people had that were related to the V3 config.

Can someone else please confirm this so I can change the guide?

For me the question is still if there is a registry key I can export from a V3 backup and then import into V4 so the firewall rules will be back?

no configurations are stored in a file. That file is now gone. Sorry.

Which file is it? I have a backup of my whole computer.

By the way, what is so different about the Firewall in V4? At Firewall/Advanced all, including the Network Security Policy screen, looks pretty much the same to me.

Do you mea the
COMODO - * Security.cfg in C:\Program Files\COMODO\COMODO Internet Security?

These 4 files are all of the same size, even though I had in one configuration 100 firewall rules and never used the other configurations. Also, from the change date it does not look like these files have been modified in the last 8 months.

Sure the firewall rules are in there?

should be try importing that file into version 4.1

I did, it does not contain ANY firewall rules. So where are the rules stored?

I don’t remember on the old one. Maybe someone else remembers sorry.

Even in V4 these files do NOT contain the current configuriations. As it appears they are the default configurations. If I create a new configuration (or import one), CIS does NOT create a *.cfg or *.cfgx file.

So these files are used to copy configurations from one installation to another, but they are not where CIS stores the current available configurations.

Where are those stored? Comeon Comodo guys, someone of you must know where your product stores its configuration

Looks like I have to answer my own question:

All configurations that an installation of CIS has available are stored in the registry, in the following directory:

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

This is the same for V3 and V4.

I could access my backup registry (load hive in regedit) export those keys and there I had my rules. The question was only how to get those into V4.

Well, surprise: If I imported them into the registry of a system with CIS V4 installed, the configurations are there (the former configurations of V4 get overwritten, though).

As in this case I am actually afraid that V4 might ■■■■■ up things, I exported the configuration through the CIS GUI and will now try to import it into a fresh V4 installation.

Now I can confirm: Importing the cfgx file into V4 worked, all my rules are back. (I installed one Comodo Firewall this time, as the Antivirus was slowing down my system, opening applications or drives in explorer took significantly longer).

I would still like to know what the big difference in handling firewall rules is between V3 and V4.

@languy99: Are you sure about that difference? You weren’t right about where the config is stored, so may I ask you what precisely the difference is that makes rules much easier now?

It depends how you use CIS 4, [Edit: and mostly affects Defense plus]

If you switch the sandbox on, you’ll mostly either leave files in the sandbox, make them safe, or they will be automatically declared safe. Both ‘states’ (safe and sandboxed) have ‘one size fits all’ fixed policies. You’ll only end up making CSP rules for the exceptions, and most of these will be to declare files as ‘installer-updaters’ - also a fixed policy in V4. You won’t make many customised rules via alerts because the sandbox will suppress the alerts. Compare this with v3 - most files ended up with customised rules due to answers to alerts, and all the policies were themselves customisable.

So its probably best to say that ‘rule complexity’ will be reduced if you use v4 as intended.

If you import [Defense plus] rules from v3, then you have two sets of rules working in different ways - the sandbox-related fixed policies and the v3 variable policies and customised rules. Working out the ‘resultant set of policy’ as M$ would have it, will be a challenge & and the greater total number of rules, policies and policy instatiations that will result will probably slow things down (which was Chiron’s point).

Incidentally there is no documentation of what over-rides what in terms of Defense plus/sandbox fixed policies and variable rules & policies. I have asked for feedback from the devs on this but have still to receive it. Anyone who wants to experiment, please tell me what happens! (I will ask again today!).

What have I done re Defense plus and the sandbox? Pretty much what Chiron recommends. Clean install, no import, Proactive security. Sandbox on, for a quieter life once you get over a few files that don’t want to be un-sandboxed. This latter may take a bit of work. Everything I know to be safe and which isn’t auto-detected goes into My Safe Files. I don’t use the CSP hardly at all, except for the few files that need unlimited access and are not automatically detected by CIS4. These go in the CSP as installer-updaters.

(NB I have a very complex software installation!)

Basically this is working with the grain of CIS4, not trying to turn it back into v3. It gives pretty high security with low to medium hassle, and will be even better when the sandbox is mature.

For the greatest possible security you can turn CIS4 into a more secure version of V3. Sandbox off, paranoid mode etc etc.

Hope this helps

Best wishes

Mouse

Thanks for the explanation. It doesn’t make life much easier for me, though, as my rules basically consist of the following:

• all applications shall be able to access anything in my local network 192.168.x.x
• all applications shall be able to access anything in my VMWare LAN
• all applications shall be able to connect to my rootservers on the Internet (two dedicated IPs)
• some applications are trusted and can do what they want
• most others shall only be allowed to contact a certain IP and/or use a certain port
• for anything else I should be asked

Sorry should have clarified that I was talking mainly about defense plus & the sandbox.

Mouse