Playing with and exploring CIS 6882 and 7036

I will tell you about my experience with CIS and perhaps, to my great regret, it will be the last …
Last night I tried to activate the HIPS function with the 6882 version, so I downloaded a malware from the MalwareBazaar | Browse Checking your browser website for which Comodo still does not detect almost even one with the AV definition. So I relied on HIPS and containment … I blocked the malware, so the PC did not get infected but something went wrong with the HIPS because when I restarted the PC the PC did not start anymore. I had to restart it in provisional mode and I had to uninstall CIS (which had errors that cannot be repaired with its error repair system). After uninstalling CIS (6882) the PC started without problems and returned to work. To be on the safe side, I analyzed the second-hand PC which was reported to be clean and fully functional.
So I decided this morning to switch to the new version by doing a clean install. I also used the Comodo uninstall tool to remove any trace of the old version.
After installing the new version, the windows 10 protection system does not see CIS for both the firewall and antivirus part. If I deactivate the Windows firewall it remains in error and the antivirus remains active Windows Defender. So I repeatedly deactivated and reactivated the components of CIS, restarted several times, turned off and on again but nothing always the same problem.
So I decided to uninstall it and switch to Kaspersky Security Cluoud Free, which works beautifully and is integrated perfectly with the Windows security system.
Now I understand that with Windows 10 Micrsofot “enjoys” releasing various updates that create problems with antivirus applications but I am so sorry that Comodo also with this latest version has not solved this problem, at least in my case I continue to have problems. So after the experience of the HIPS malfunction (which was like suffering a malware attack) and the instability of the new version of CIS, for now I have decided to move on to another protection solution. I’m only sorry to leave CIS / CAV because its strong point is the containment in case of zero day attacks … but its instability from worse problems than malware …

I have the impression that all these releases are coarse and do not create a reliable and stable product that if it is free goes bane, but I would not pay anything for having such an unstable program that creates problems.
Then I probably won’t be a great computer expert, but I think such software shouldn’t cause problems even for not very expert users.
Obviously this has been my experience and I repeat I’m so sorry because I trusted in the protection of Comodo but also this release has disappointed me. :frowning:


Thank you!
To me the 6882 worked, the new version does not go … it is not detected. I also tried to force clicking on activate Comodo Antivirus or Comodo Firewall but nothing happens.

I have
Windows 10 2004 (19041.208) Pro x64

I try to uninstall Kaspersky again … I clean with CCleaner and reinstall CIS
I have Windows 10 Pro v.1909 (build 18363.815) 32-bit Pro x64

Let’s see if I can solve …

I just installed it from scratch yesterday. Before that, there were no problems in 1909.

I don’t know how you have your system set up or what Configuration you are using; but I just tried the first 4 on the list from that website. None were recognized, which isn’t surprising since they’ve just been around since today. HIPS warned on every one giving me the choice . . .

Just for interest I allowed the last one to run as contained, which of course treated the File manager as contained (which would have been Windows Explorer if I used it). That naturally blocked access to the drive where the data on this machine is stored as it is set as a Protected Folder . . . even after a reboot which worked fine otherwise. Removing the HIPS entry for my File Manager from the Rules which had it as contained, restored everything to normal as expected.

If you had a similar HIPS entry, then Windows Explorer wouldn’t run on startup

Plus, I’ve never had a WSC warning for this CIS version and very rarely for the previous versions. Windows Firewall is turned off and stays turned off, but is still running as a Service

Hi Nunzio,
I have the latest licensed CIS Pro version, I tried to download Malware from the named site, none can be decompressed because Windows 10 refuses decompression (see image)
To activate the protection guarantee Comodo requires a very precise paramatrège of CIS (I specify)
I have carried out eicar tests on kasperky and CIS blocks all malware from downloading

To unzip the files you must enter the password: infected
I with 7 ZIP I unzipped them all without problems.

I reinstalled it and here is the result … a really big disappointment … I tried several times to restart to deactivate and reactivate but nothing … Furthermore if you deactivate and reactivate a component the icon in the status bar remains with the X. :-TD
Since 6882 we have waited almost 1 year for a new “stable” version and this is the truly disappointing result …
Then maybe it works for others but I believe that a security application should work on all PCs and without great efforts to make it work …
I go back to Kaspersky … at least they are more reliable in stability and frequent updates of new releases if something does not work well.
I’m sorry to leave COMFORTABLE but in these conditions I can’t do anything else. :frowning:

The user needs to keep in mind that HIPS alerts in Comodo apply to the object being mentioned at the LEFT side in the alert. If they choose the option to treat as: Blocked Applications, then explorer.exe which corresponds to Windows Explorer will be blocked from running other executables and this will cause problems in the system.

I even saw a Youtube tester commit this mistake once while testing Comodo and worse of all, he initially thought that Comodo allowed an infection. In the end he had to delete his video because of this silly mistake, but the point is: If you don’t know how to properly answer HIPS alerts in Comodo, you may as well destroy your OS. So users are advised to:

a) Set HIPS to Auto-Block in HIPS settings.
b) Disable HIPS.

I really don’t see the need for all this lamentations if the user just answered a HIPS alert in the wrong way.

EDIT: Also, this:

Sorry, after decompression the latter has been deleted by the protection of Firefox in download

The HIPS I have always kept it off, I only wanted to do a test yesterday and maybe I would have made a wrong choice even if I remember choosing to start in the container (I don’t think it’s wrong) was referring to explorer.
In any case, I would never reactivate HIPS, since it always gave me problems with the functioning of the PC.
Now the important problem is that now the new version of CIS with a clean installation does not work … for the problems I mentioned above and for which I have delegated the screenshots.

If you try to manually run a file or Malware through Windows Explorer, it will generate a HIPS alert for Explorer.exe.

The correct way to Block a thing through HIPS is answering with: Block > Block Only. Or you can allow it’s execution to test if will be Contained, or if HIPS will alert for its actions (then again Block > Block only or Block and Terminate).

Selecting “treat as:” option will change the HIPS ruleset for the Object at left side in alert, in this case Explorer.exe which will cause system malfunction with any other ruleset than the default ruleset (allowed application).

If you reformat your system and install latest Win10 Build the issue with Security Center will most likely get solved.

Thanks but I prefer not to format the PC to make the new version of CIS work …
Since with Kaspersky Cloud Free I have no problem, I first change antivirus software that format the whole PC and restore everything.
Sorry but honestly it seems a bit exaggerated that to make CIS work I have to format the PC … ;D

If possible then re-format your OS (Windows 10) HD partition and re-install the OS on that partition and then wait to get all the MS updates before installing CIS and other software again. I know, this is awfull lot of work but believe me if your OS is damaged, be it on the file system or in the registry, you can never repair it by using any cleaning tools. In fact such tools can make things even worse and drag you into more problems.

Seriously, whenever you think you OS is damaged then start all over by re-installing your OS, you just can’t repair it by using cleaning tools.
The only good way to restore a damaged OS is to put back a full HD backup image on the OS HD partition but for that to work you need to have access to your HD with a Dual Boot system or take out the HD from your system and re-image it on another system where you kept the HD backup image on. You need some expertise in doing this but unfortunately it is the only good solution to repair a damaged system.

Keep in mind that Security Center is just aesthetical thing and it’s function is just to report if security programs are enabled or disabled, by colecting information from them. It does not increase security or reliability of anything.

If I were you and not wanting to reformat, I’d do the following:

  1. Manually disable Windows Defender through Group Policy or other means.
  2. Do the same for Windows Firewall.
  3. Manually shut off Security Center through services.msc or other means.

So no, you are not reformating or doing the above to “make CIS work”, you are doing this to make a Windows feature, which is flaky and prone to malfunction, work, just so it will tell you that the modules in Comodo are enabled, when Comodo GUI already does that for you. ;D ;D ;D

But if my operating system would be damaged and therefore the Windows 10 security system would be damaged why does it work perfectly well for example with Kaspersky Security Cloud Free?
I reinstalled it again and it responds perfectly (see attachment).
I tried to deactivate and reactivate the protection of KSCF and the Windows security system always works optimally and is more reactive even when the PC is restarted, KSCF is recognized within a maximum of 1 minute, while with CIS in the reboot I had to wait even up to 5 minutes to be recognized.
In my humble opinion there is something wrong with CIS (especially in this new version) with the Windows 10 security center. Then it will surely be only a graphic thing but also the X that remains on the CIS icon in the status bar despite having all the active components is a graphic but very annoying thing.
I prefer software that works without bugs.
Comodo knows that it has yet to work for compatibility with Windows 10 and predict example from other software manufacturers.
Obviously this is always my personal impression that I learned from these experiences and I start by saying that I like COMODO products if unfortunately they would not create these annoying problems. :wink: :smiley:

If I were you I would not leave Comodo just because of this simple problem. Just disable Security Center, WD and Windows Firewall and be happy.
Or even better, install KSC Free alongside Comodo Firewall, by setting mutual exception rules they work great together.

When you test with real Malware samples and KSC Free is bypassed you will want to return to Comodo. If something is not on Kaspersky’s database it will most likely allow an infection, System Watcher (and any other Behavior Blocker) may fail against Malware that act by co-opting legitimate system processes according to Cruelsister. Security Center issue is not important and other users already reported they are not facing such issues.

But what if instead of CIS I try to install only CAV?
Would I still be safer with CAV than with KSCF?