I recently installed CIS 126.96.36.19914 beta,
and whenever it finds something, it always comes up with the GeekBuddy advertisements.
You have probably seen these already; they look like this:
BTW, this is an image I found on the net. It is luckily not my pc that’s having 210 infections!
The thing is, crossing off the “Do not ask me this question again” checkbox does not work. >:(
The next time it finds something suspicious, it will show this same advertisement,
no matter if you cross off the “Do not ask me this question again” checkbox or not.
I tried to look in the settings, but there is no place where I have an option to set “Show GeekBuddy offers?” on or off.
This is rather strange, since there are, indeed, clear indications that there should have been options to set GeekBuddy offers on / off.
If you look at the file
C:\Program Files\COMODO\COMODO Internet Security\translations\cis.english.lang.template
you will see several references to tooltips for checkboxes that should set the GeekBuddy offers on / off in different situations:
Line 868: <string id="20142" value="Show GeekBuddy Offer Dialog when realtime malware is found" /> Line 869: <string id="20143" value="Show GeekBuddy Offer Dialog when autosandboxed applications are found" /> Line 1144: <string id="24016" value="Show GeekBuddy Offer Dialog" /> Line 2311: <string id="34291" value="Show Geekbuddy Offer Dialog" /> Line 2312: <string id="34292" value="Show Geekbuddy Offer Dialog When Realtime Malware Is Found" /> Line 2313: <string id="34293" value="Show Geekbuddy Offer Dialog When Autosandboxed Applications Are Found" />
Since I now knew that there were indeed options to turn the GeekBuddy advertisements off,
it was just that they did not yet have any checkboxes in the GUI,
I instead went directly to the registry.
As you may know, any settings / options / firewall rules / other changes that you do in Comodo Internet Security,
are saved as registry values in the Windows Registry.
In CIS 5.x, the settings were saved in one place, under the branch…
Now, in CIS 8.x (I don’t know about CIS 6.x or CIS 7.x, as I have never used them),
the settings are - just like in 5.x - saved in
…but, in addition to that, there are also saved 2 copies of those settings, which are located under the branches
So, I searched for the string “GeekBuddy” under those 3 branches, and crossed my fingers…
…and lo and behold; there they were - I found them!
The registry values - that would have been changed…
- if one had clicked on the checkboxes for setting “Show GeekBuddy offers?” on or off…
- and if those checkboxes had been implemented in the GUI…!
I made this reg file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations\0\Settings] "ShowGeekBuddyOfferSandbox"=dword:00000000 "ShowGeekBuddyOfferRealTime"=dword:00000000 "ShowGeekbuddyOffer"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\CisConfigs\0\Settings] "ShowGeekBuddyOfferSandbox"=dword:00000000 "ShowGeekBuddyOfferRealTime"=dword:00000000 "ShowGeekbuddyOffer"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Settings] "ShowGeekBuddyOfferSandbox"=dword:00000000 "ShowGeekBuddyOfferRealTime"=dword:00000000 "ShowGeekbuddyOffer"=dword:00000000
Now, this one work with the default configuration number 0, that is, the top one, the one called “COMODO - Internet Security”
If you are using some other configuration, first find out which number that is:
The configuration number is found by counting from the top, starting with 0, like this:
Then, in the reg file, change the “0” into the configuration number you are using,
in all the 3 registry key lines.
That is, the lines that read, at the end:
Also, it did not work when I did this registry change while Comodo was running.
It then just switched right back to the default dword:00000001 values.
So, the trick is to first stop Comodo, and all of its processes, completely.
I first right-clicked the Comodo icon in the taskbar and chose Exit.
But, even after closing this, there are still 2 Comodo processes running.
I used Process Explorer, but you might as well use the good old Task Manager;
find the process called “cmdagent.exe” and kill that one,
and then find the process called “cavwp.exe” and kill that one, too.
I don’t have neither Defense+ nor Auto-Sandbox running…
…if you see there are still other Comodo processes left running,
it might be because of those… then kill them too.
Then, when there is absolutely no Comodo processes running,
then you can use the reg file (or if you want, manually change all the 9 values from 1 to 0)
To start Comodo again, after the change, you should reboot the pc.
(It IS possible to just start the CmdAgent service / cmdagent.exe process by typing
sc start CmdAgent
- but when you double-click the Comodo icon afterwards,
it will be running with your USER credentials instead of the proper SYSTEM credentials.
So you would instead have to start it through PsExec or similar.
So it really is much easier to just reboot the pc.)