Need Comodo Firewall to ALLOW Whole FOLDER

I am in the 30 day trial for ExpressVPN and Comodo firewall has been blocking some files in the ExpressVPN folder. I have whitelisted 3 files so far, but another file was flagged today. I want to whitelist the whole ExpressVPN folder. I know how to block/allow individual files, but not whole folders. How can this be done?

Edited to add: I know how to add a FOLDER exclusion for the anti-virus module but not for the firewall, which is what I assume I need in this case.

Edit 2: See reply# 1 and 7 for the ANSWER to the issue.

So this is not as intuitive as block/allow a file. Someone please tell me if I did this correctly. I went to settings, then file groups and created a new group called “ExpressVPN Folder”. I then added the ExpressVPN folder to this group. I then went to Application rules and created an application rule for the group named “ExpressVPN Folder” which was now in the drop down list. Then used ruleset “Allowed Application”, which is a standard ruleset.

PS- It would be a whole lot easier for novices if we had the ability to directly block/allow folders the same way as we do with files.

Hello CommodoUser2019,

Thank you for reporting.
For ExpressVPN product, I will check that in my portal and update you. Btw how did you whitelisted those files ? and I didn’t see any of the submission for whitelisting in forums.

Hi Dharshu,

There may be a misunderstanding. I meant that I whitelisted the files by going to firewall tasks > Allow application. Is whitelist not the same as allow? I checked the vendor rating list and ExpressVPN LLC is on the list and TRUSTED. It was added to the list on July 4, 2020 which is several days AFTER I installed the program.

At first I tried to allow the files that Comodo was blocking. The 3 blocked files were all signed by COMODO RSA Code Signing CA, good until 2021. After the 3rd blocked file, I decided to try to allow the whole ExpressVPN folder. Please advise.

Thank you.

Hello CommodoUser2019,

Alright,I’m checking in it.If possible could you please share us the blocked files or else with SHA value.

Hi Dharshu,

I had already taken these file exceptions out of CFW when I attempted to ALLOW the whole folder, but here are the SHA1 hashes:


PS- ExpressVPN asked me tonight to update to the newest version of their app (7.11.0), which must have have come out within the last couple of days. Theses hashes were taken after updating. I’m not sure if the hashes would have changed, but I would think so, if they updated the file in any way.


Hello CommodoUser2019,

Thank you for your response.No problem,We will check that.

In case anyone is looking to allow a whole folder through the firewall, I eventually found the pertinent section in the manual. Check here:

It appears you need to create your own group and then add the pertinent folder to the group, just as has been stated in post #2 above. I haven’t had any firewall blocks of the target program/folder since doing this about 2 weeks ago.

I am using latest version of CIS with custom rules policy and internet blocking by default.
And i have Figma application (it is a desktop app of which changes app folder each time after automatic update, so each time after auto update i must manually allowing web access to application from new sub-folder.
In CIS settings i can`t find how i can allow web access to all applications in folder and sub-folder, i can add only single applications one by one.
Is there any way i can allow web access to all applications in folder and sub-folders?

for allow programs in folders (NOT is recommend), you need add… example: %programfiles%\comodo*
this can be add for setting: File Groups, Defense Security Service, Internet Protection|Comodo Internet Security (case are unfamiliar)…

sorry my english!

Thanks! Problem is solved.

If I understand the question correctly, I had the same issue a while back. I needed Comodo to ALLOW everything in my VPN program folder. I created a post asking the question and it was ignored!

I’ll ask it again here; and if I understand liosant’s response: is it better to allow a whole program folder by creating a group, then placing the program folder in the group; then allow that group? Instead of whitelisting all the executables within the program folder?

Edit:Also, should a program folder be added to the group, or would it be better to add all the individual program folder files to the group?

You can create a new File Group including the .exe files from the chosen program folder, then create a new Firewall Application Rule pointing to this File Group. From a security standpoint this is a better approach than simply whitelisting the entire contents of a certain folder by using the Wildcard asterisc symbol.

Not should allowed folders, it is unsafe and can breach in your system;
is better add program for program, but add folder with conditioning can be useful for professional TI…

sorry my english!

I think I got it right. I did not use the wildcard but created a group and added a program FOLDER to the group. Some say that is not good practice, but that I should put .exe files in the group. Inside that program folder I counted 16 folders and 12 .exe files altogether. I don’t know if I should add all 12 .exe’s or just the ones that Comodo tries to block.

Regarding the * wildcard, I did set up a scan exclusion recently with the * symbol to not scan one of my external drives. I’n not sure it is working; if not I will look into setting the ext drive as a file group. Lastly, I had turned on HIPS and HIPS is blcking C:\Windows\System32\Magnify.exe. I set up a HIPS rule to allow Magnify.exe but it’s not working. Magnify still works, so it’s just another minor annoyance.

Better to insert at the custom File Group just the .exe files that Comodo tries to block.

Check the HIPS logs to see the details of the Magnify.exe block, maybe it is related to this?

It might be. Log says- Application: Magnify.exe. Action: Access Memory. Target: Cis.exe. The magnify function still works.