Stopping those GeekBuddy ads (in CIS beta)..! :-)

I recently installed CIS beta,
and whenever it finds something, it always comes up with the GeekBuddy advertisements.
You have probably seen these already; they look like this:

BTW, this is an image I found on the net. It is luckily not my pc that’s having 210 infections!

The thing is, crossing off the “Do not ask me this question again” checkbox does not work. >:(
The next time it finds something suspicious, it will show this same advertisement,
no matter if you cross off the “Do not ask me this question again” checkbox or not.

I tried to look in the settings, but there is no place where I have an option to set “Show GeekBuddy offers?” on or off.

This is rather strange, since there are, indeed, clear indications that there should have been options to set GeekBuddy offers on / off.
If you look at the file
C:\Program Files\COMODO\COMODO Internet Security\translations\cis.english.lang.template
you will see several references to tooltips for checkboxes that should set the GeekBuddy offers on / off in different situations:

Line 868: <string id="20142" value="Show GeekBuddy Offer Dialog when realtime malware is found" />
Line 869: <string id="20143" value="Show GeekBuddy Offer Dialog when autosandboxed applications are found" />
Line 1144: <string id="24016" value="Show GeekBuddy Offer Dialog" />
Line 2311: <string id="34291" value="Show Geekbuddy Offer Dialog" />
Line 2312: <string id="34292" value="Show Geekbuddy Offer Dialog When Realtime Malware Is Found" />
Line 2313: <string id="34293" value="Show Geekbuddy Offer Dialog When Autosandboxed Applications Are Found" />

Since I now knew that there were indeed options to turn the GeekBuddy advertisements off,
it was just that they did not yet have any checkboxes in the GUI,
I instead went directly to the registry.

As you may know, any settings / options / firewall rules / other changes that you do in Comodo Internet Security,
are saved as registry values in the Windows Registry.

In CIS 5.x, the settings were saved in one place, under the branch…


Now, in CIS 8.x (I don’t know about CIS 6.x or CIS 7.x, as I have never used them),
the settings are - just like in 5.x - saved in


…but, in addition to that, there are also saved 2 copies of those settings, which are located under the branches




So, I searched for the string “GeekBuddy” under those 3 branches, and crossed my fingers…
…and lo and behold; there they were - I found them!

The registry values - that would have been changed…

  • if one had clicked on the checkboxes for setting “Show GeekBuddy offers?” on or off…
  • and if those checkboxes had been implemented in the GUI…!

I made this reg file:

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Settings]

Now, this one work with the default configuration number 0, that is, the top one, the one called “COMODO - Internet Security
If you are using some other configuration, first find out which number that is:

The configuration number is found by counting from the top, starting with 0, like this:

Then, in the reg file, change the “0” into the configuration number you are using,
in all the 3 registry key lines.

That is, the lines that read, at the end:

Also, it did not work when I did this registry change while Comodo was running.
It then just switched right back to the default dword:00000001 values.

So, the trick is to first stop Comodo, and all of its processes, completely.
I first right-clicked the Comodo icon in the taskbar and chose Exit.
But, even after closing this, there are still 2 Comodo processes running.
I used Process Explorer, but you might as well use the good old Task Manager;
find the process called “cmdagent.exe” and kill that one,
and then find the process called “cavwp.exe” and kill that one, too.
I don’t have neither Defense+ nor Auto-Sandbox running…
…if you see there are still other Comodo processes left running,
it might be because of those… then kill them too.

Then, when there is absolutely no Comodo processes running,
then you can use the reg file (or if you want, manually change all the 9 values from 1 to 0)

To start Comodo again, after the change, you should reboot the pc.

(It IS possible to just start the CmdAgent service / cmdagent.exe process by typing
sc start CmdAgent

  • but when you double-click the Comodo icon afterwards,
    it will be running with your USER credentials instead of the proper SYSTEM credentials.
    So you would instead have to start it through PsExec or similar.
    So it really is much easier to just reboot the pc.)

IMO this is ok.

Hello, Zbc! :slight_smile:

I am just a bit curious - would you please care to tell what it is that - in your opinion - is ok?
Thanks in advance!

This is not an aggressive advertising and can be easily closed…

I agree with you that this is not an aggressive advertising.
That the advertisements appear only when a suspicious object is found,
is as subtle an advertising strategy as it possibly can be, I think… :slight_smile:
Aggressive advertising would probably have had timed pop-ups (e.g. ever 2 hour),
and also the UI of the program would instead have been designed with large
which would lead to the GeekBuddy installer (or some other thing that was advertised for).

I also agree with you that it can be easily closed.
Just one, single click on the “No, I will try to clean this myself” made it go away!

My problem was that the “Do not show this again” checkbox,
which should have made the advertisements stop appearing

  • by switching the 9 values named
    “ShowGeekbuddyOffer” / “ShowGeekBuddyOfferRealTime” / “ShowGeekBuddyOfferSandbox”
    in the registry from “1” to “0”…
  • for some unknown reason, it did not work at all.

For a “normal” CIS user, where a suspicious object may be found maybe one time every two months or so,
this would probably not be a problem, he / she might not pay any attention to it.
However, for users as myself - who may have several hundred of false positive files,
with new ones appearing almost every day

  • that single extra click every time may be a bit irritating,
    especially since it is so easy to make it stop coming again:

Since there - in the UI - was no checkbox options to set GeekBuddy offers on / off,
I instead manually changed the registry settings directly.

BTW, as I mentioned in the subject title, this was in CIS (beta).
Maybe the “Do not show this again” checkbox function has been fixed in version or…?
I uninstalled CIS, and instead installed and started using CFW so I wouldn’t know.