"Skip advanced security checks?" (Recreated - read why)

Hi, (:WAV)

[i]Someone merged this topic with another earlier, because they were about the same thing u.[/u]
I understand why the person merged the topics, but I still recreated this topic as “alone” topic.

I have already read these FAQ’s about the problem, but I did not read anything explaining my question. I ask about the consequences about this specific feature, and not just telling a bug.
I am aware that there has been a lot of discussions about this, but I ask for some consequences when disabling a thing.

“What consequences are there, disabling skip advanced security checks for skype and/or firefox?”[/i]

Please answer to this specific question.

/ Here is the old post

I’ve been using comodo for a few days now, and I must say: (R)
There is only one thing that makes me (:AGY)
When no connection to the internet, cmdagent.exe goes near 70-100% CPU
I found out, that skype caused this. (As they write in the forum it often happens with P2P)
Afterwards I found out, after reading on the forum, that while surfing on the internet, cmdagent.exe reaches about 30-50% CPU while downloading a website.
Disabling “Monitor DLL injections” did work, but seems to be a bad solution.
Now you might ask: “What is the point according to the subject?”
Well, I found out, that checking “Skip advanced security checks” for firefox and skype, also solves the problem.

The big question is: What is the risk to skip these checks?
What do I disable?
Would it be with a high risk, to “skip advanced security checks” for skype?
What about firefox?

I guess it is better than disable “Monitor DLL injections”, right?

What would you suggest?

Is this fixed in comodo 3? When will it be released? :THNK

It should be pretty easy to anyone knowing Comodo, to explain what a feature does.
No answers?

Sorry no one has responded directly to your question, amews_aj.

Setting an application to ‘Skip advanced security checks’ is basically disabling Application Behavior Analysis and/or other Advanced checks (things like protocol analysis, etc) for that application. I say ‘basically’ because it seems a user may still see a few alerts related to this, but not all.

If you elect to disable “Monitor DLL Injections” this is applied globally - for all applications, all the time. Definitely not good.

‘Skip Advanced…’ is for application only. This is, IMO, the better option, if such a thing is needed.

Hope that answers your question.


Thank you for your answer.

Of course SKip advanced security checks is better, but is it good at all.
I consider checking this for firefox (browser) and skype (Instant Messaging)
Would it be a bad thing to do?
I do trust these applications, but could it be with security risks anyway?

I mean, couldn’t other applications (bad applications, spyware etc.) use either skype or firefox if I check the “skip advanced security checks”?
Or is it safe to do that if I trust the application itself?

I have only had to set a few applications to Skip advanced checks, such as email scanner, remote access software, maybe a couple others.

But, I don’t use any IM or p2p applications that might cause some connection issues. I have read where it’s not uncommon for things like Skype to need to skip those checks. However, not everyone seems to do it, and it works anyway. If yours won’t work without it, then I say go for it and don’t worry too much.

You might check the logs (without skipping the advanced checks) to see if there are entries pertaining to Skype or Firefox that indicate something is blocked which should be allowed, and create necessary rules for that. Depending on what you do with Skype (such as voice) you may need Inbound Network Monitor rules. If you know how to interpret the logs, they can be very helpful…


PS: I’m also thinking something you can easily try is to remove All Skype & Firefox rules from Application Monitor. Reboot the system. Then one at a time run those applications again. Any alerts you get from the Firewall, select Allow w/Remember to create the necessary rules. Then see what the rules are…

Well, I don’t have any problems with the app. itself.
It is working just fine.
The problem is, like told in my first post, that when internet connection is lost, and skype is trying to connect, it makes a lot of attempts to log in all the time, and cmdagent.exe cpu usage is about 80%.
If checking “Skip advanced security checks”, the problem with the CPU usage is gone.

I am just worrying about, if checking this option could make my computer less secure?
Could fx spyware use this?
Or is it safe to check the option if I trust the application?

I know that the risk might be very low, and you would say that I should not worry, if skype is working better with this option checked.
But I would like to know if there are any risks at all if I fully trust the application?
Can other malware/spyware use skype for anything, if I check this option?

Sure, there are risks to skipping those checks. If, for instance you did somehow get a malware on your system, it is possible that it could then exploit Skype to gain access back out to the 'net. The risk may be low (not something I can advise on), but a lot of that is user-dependent, and what you are comfortable with.

This would be why it is important to have layered security, and watch what is going on. An active, up-to-date antivirus and antispyware, for instance. Something like CBO, that watches and waits for malware, so it can pounce and destroy. :wink: And even better, a HIPS application that would alert you to the change in the first place. There is also a free application from Javacool software called FileChecker; it monitors files you specify and notifies you of any changes…

Also, within Skype, is it not possible to set the port(s) it uses? Can you set those for its access either direction (Out, In)? If so, then do that, then modify your Application Monitor rules to include that information. This would limit it to just those ports; if it did get hijacked, you have more of a controlled scenario. Same thing with FF - in a normal scenario it probably only needs access to remote/destination ports of 80, 443 (for browsing), and maybe 53 (for DNS).


Yes I can do that for skype.

Thank you for your fast answers now :slight_smile:

I have another question (a totally different), created in another topic :wink:
Maybe you can help me there too… ? (:WIN)