I posted in another area about trying to shut down the service to create a minimal system configuration for intense file/music/game usage…all completely clean files, no internet, many services shut down, as few tray items as possible. You know, no server, printer, etc.
I get it that it is a protection from malware to prevent the service cmdagent.exe (not cfp.exe) from being killed, but it is a slowdown with it still running. Several people wrote back to me saying it was not possible, for safety reasons.
I tried elevating rights, special permission, with everything I could think of blocked.
So, I went at it sideways, if you will…two commands: disable service, reboot. I could not Stop the service, but I sure could disable it.
The system rebooted and loaded cfp.exe into the tray, with the only notification being a small null indicator on the tray icon. The service was disabled, and the firewall was not functional. Most users would be unaware…and the system would, in fact, be vulnerable.
SUGGESTION: a-squared uses a CAPTCHA to indicate the approval to shut down was human. Could something like this be put in place for users like me who occasionally want to operated their system clear of all possible running elements.
I don’t know, or want to know, how easy those two commands could be snuck in…
You always can kill the service previously setting Defense+ in Disabled mode. And probably disabling Defense+ will be enough for doing everything without killing the service (and you still will be protected against Network attacks and viruses)
Note others comments about slowed defrag, etc. This is measurable, not trivial, especially during backups, etc.
Bottom line to me: this should (and turns out to be!) the users choice, or some may switch to another product.
I’d just like to see it be easier.
Don’t get me wrong, CIS is a great product, but the attempt at making it invulnerable left another way to disable the protection, with inadequate warning to the casual user.
I don’t know but i think this may be of some use to you
Open Defense + → Advanced → Computer Security Policy ->Edit ‘Comodo Internet Security’ ->Protection Settings(Make sure it has custom policy) ->Select ‘Yes’ ->Add taskmgr.exe as exception of Interprocess Memory access and Process termination.
(Instead of taskmgr.exe you can also add the process that needs privileges to terminate the cmdagent.exe)
Thanks Vicky, you actually got what I was asking for.
I did step through the custom settings, both for task manager and process explorer, which I substitute for task manager.
They both worked before and after on all the allowed services, resident and running programs.
But, not on cmdagent.exe. I suspect this has been compiled with the ability to be shut down denied.
Without the ability to alter the .exe, I 'm at the end of possible answers. I even played with command line elevated tools like supershell, etc.
Since I can reboot with the service not running, I’m satisfied, and was able to fly through backups.
Thanks for your suggestion, it’s the closest answer yet.
Underneath everything is guard32.dll - which is a kernel level driver designed to prevent cmdagent.exe being interfered with. Unfortunately, it’s an all or nothing approach. This has obviously been decided from a security viewpoint.
BTW, I’m able to terminate the cmdagent.exe thru the task manager with the mentioned settings on the previous post. Please also try adding taskmgr.exe(task manager) as trusted application under Defense + → Advanced → Computer Security Policy.
OS:WinXPx32 SP2
CIS: 3.5.54375.427 with Defense + in Safe Mode
[quote author=panic link=topic=28997.msg211765#msg211765 date=1225342473]
Underneath everything is guard32.dll - which is a kernel level driver designed to prevent cmdagent.exe being interfered with. Unfortunately, it’s an all or nothing approach. This has obviously been decided from a security viewpoint.
Right, exactly as I supposed.
Don’t feel like compiling one with modification enabled, do you? Then again, that could be strange released into the wild.
