There was an Xcitium fix for this a few weeks ago but one hasn’t dropped for Comodo itself yet as it’s more targeted towards EDR. Hopefully it will get pushed through to Comodo consumer products soon.
Your best options are to Block such an unknown file rather than running it in containment in the first place. There is the option of tweaking HIPS as described in DecimaTech’s Post for at least this specific bypass. Cruelsister advises disabling UAC in her Bypassing a bypass video. and Comodo UAC
Anyway, just not downloading dodgy files and checking them with VirusTotal and/or Comodo Valkyrie and blocking an untrusted file at least initially is the best prevention.
Cruelsister makes a good point in that topic
Anyway, use what works for you, this type of attack is rare and more targeted towards businesses which is why Xcitium go the fix first.
Well, I’m afraid not, because detection and the antivirus base are no longer Comodo CIS’s panacea, so referring to Valkyrie doesn’t make as much sense as it used to… (I know, you’re going to tell me that there’s no link between Comodo’s antivirus database and Valkyrie. Really? Well, is that the problem? I’m not sure… )
Otherwise I wouldn’t have had any problems…
In any case, thank you very much for your interest in the product and its problems.
It’s amazing how often Xcitium-Comodo doesn’t make the list of those who detect something obvious on virustotal.com in the malware list.
I come here frequently to report some of them, but it’s very time-consuming and counter-productive, since on the contrary it’s not the wish of Comodo’s management…
I do it anyway in the interest of those who still use Comodo CIS, as I did until very recently.
Reported a month ago (that’s a huge delay when it comes to cybersecurity), declared positive by the profession’s main mentors, but still nothing from Valkyrie…
About 1 month before 2025 edition release and the whole certification drama my firewall “died”. Diagnostic thinks everything is fine but firewall rules DOESN’T WORK AT ALL Tried many re-installations with multiple cleaning tools and nothing happened… updated to 2025 didn’t help, clean reinstall of 2025 didn’t help either please HELP. Firewall is unable to work at all and shows only weird “system” traffic or not at al… but “block entire network” options works… and killswitch app shows network traffic perfectly… Please don’t tell me that the only option is to full/clean windows reinstall it is not an option for me. Also reinstall with preserving apps & files didn’t help. I believe this is some very stupid and very easy to fix issue… P.S. sfc /scannow shows no problems.
and follow my guide to removing CIS leftover drivers: Remove CIS Files after uninstall and manually remove the installer startup entry:
Registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If there’s still and issue try uninstalling in safe mode.
Just to clarify, your issue is not being able to remove CIS? Which version of Windows are you using? Any additional security software installed? What configuration are you running? You have a lot of Unrecognized files, can you provide a screenshot of those as well as your CIS version. This looks like you’ve installed the version with certificate issues and not the latest.
No it is not the issue related to uninstall Comodo… one day Firewall just stopped monitoring the network without any particular reason… I have latest Windows 11 Pro 24H2 (compilation 26100.2454, features 1000.26100.36.0) with latest updates… no additional security third party software… while just after “extreme clean install of CIS 2025 Premium” there is empty list of unrecognized files… I installed 2025 just after the announcement that certificate problems were resolved… before that installation was whining about “cmdhtml.dll” not properly signed. The issue with firewall not able to monitor network traffic at all popped up before upgrading to 2025, I hoped that upgrading will fix that but no luck…
I did windows reinstall preserving apps and files while having at that moment CIS (not 2025 yet but previous one) uninstalled, did couple times sfc /scannow and dism image rebuilding… nothing helps… the most frustrating thing is that totally useless builtin diagnostic tells me everything is fine and killswitch shows network traffic perfectly… but from some unknown to me reason firewall is unable to monitor traffic and because that all the rules are useless and not working. EXTREMELY FRUSTRATING
Answering to your question about configuration… i am not using HIPS at all, never… only antivirus + firewall duo.
Hey, you have Windows 11 pro CIS Premium 2025, maybe the reason lies in this build 26100.2454 and 24H2 and the CIS 2025 firewall does not function properly, I would like to know why in the Comodo Internet Security 2025 premium package you have disabled Virusscope Hips and you are using the system one, the firewall is also visible in the screenshot, the Comodo firewall is disabled, it seems to me that you have configured everything incorrectly, the system firewall should be inactive since there is a different firewall in this case from the CIS package.
Look at my first screenshot again… virusscope is enabled… i only have disabled HIPS and auto isolation (auto sandbox… cause it made me angry on multiple times… same as hips). Are you trying to say that nobody here is using latest cis antivirus+firewall 2025 with 24H2 latest windows 11? Maybe comodo firewall is broken on Polish version of windows… it wouldn’t be the first time when some English speaking programmers would broke their program on localized version of windows…
If you aren’t using auto-containment, your maybe better with just using the Firewall and have Microsoft Defender handle the AV element. Comodo’s containment is a key part of it’s protection and what sets it aside from everything else and it’s easy to simply whitelist sandboxed applications yourself. The AV element isn’t strong enough on it’s own.
Do you still get the red banner at the top after a fresh install advising you to repair installation? Does it repair the installation when you click on it?
I haven’t had any issues runnig CIS on 24H2 myself.
Hello again, I also have Comodo Internet Security in the Polish language version Premium 2025 Windows 11 Home 64xbit, but my system build is 22631.4541/ 23H2, maybe that’s your problem 24H2 in general, it is worth waiting before installing the 24H2 update because there are a lot of errors, in your case it is too late because you have already installed the said update on Windows 11 pro.
Sorry but don’t understand why you’re suggesting that without auto-containment feature comodo antivirus is totally useless… i prefer to use antivirus this way… i work in IT with combined personal and business experience of >25 years… when i have doubts about any executable i prefer to run it in isolated environment manually
That red banner on my first screenshot posted is because my manual action of manual disabling entirely broken firewall… after fresh install and restart when it is enabled (green light that suggest according to self diagnostics of comodo that everything should works) firewall STILL is unable to monitor network traffic… !!!
I upgraded manually to 24H2 because i also hoped it will fix my issue… issue occurred on 23H2 or 22H2 i am not sure now… but i did the upgrade to 24h2 with preserving apps and files through system on a stick made with “media creation tool” from ms
