Unable to delete $CmdTcID streams when CIS is installed [M1935]

Comodo Firewall Bug Report
I have a standalone firewall installed only, not the entire Comodo security suite.

After rebooting twice and having UNCHECKED: Enable file source tracking (as you can see in the screenshot below) the only thing that settings affects is future downloads.
Existing ADS cannot be deleted.
I tried several programs, including streams.exe which also gives me
Error deleting :$CmdTcID:$DATA:
Access is denied.

The moment Comodo 8 is removed from the system, all programs can successfully remove Alternate Data Streams.
I am on Windows 8.1, I have a multi boot and can replicate the same bug on Windows 10.

I just checked and it seems fixed with It could’ve been fixed in an earlier release, I just happened to try due to another user that had an issue with these leftover streams on an external drive.

I wonder when they fixed it, I also heard that it was easy to fix but I stopped updating Comodo when I couldn’t figure out why security software developers would not want to remove this bug that had to do with, for lack of a better word, ‘tracking’.

It was around the same time they started promoting some sort of ‘shopping’ features on Comodo so I decided to not upgrade until this bug got fixed and then maybe start asking if these new ‘shopping’ features which by now are old features on Comodo… if they exist to somehow track our shopping habits, it just really seemed they were inserting them into Comodo for unclear reasons and the whole lack of transparency on what was going on was best left alone for a few years. Now that a few years have past, and they finally fixed this according to you, it might be time to look at Comodo again.

futuretech, thank you for posting and I hope to test the new versions fully when I have time.
My main concern about Comodo is not that it “infects” like the previous poster wrote in posts which may have been deleted from this thread?.. but that it may behave like Google or Facebook, both of which legally harvest personal information.

It was the lack of transparency on this issue combined with the topic of this thread (a seemingly easy to fix bug that appeared not to have been fixed for years by choice after so many threads have been posted about it) that made me stop updating years ago.
Streams are by definition alien data, and when you do not allow removal of alien data, and you are a security software, what does that say, not to a professional programmer but to a regular user like me?

It says that there may have been a reason for not allowing streams to be removed and it’s not about what that reason is, but that this may have been by choice of Comodo developers and then you are get in fishy territory with lawful gathering of data (we are not talking about illegal “infections.”)

So more transparency and maybe posting why it took Comodo years to allow removal of streams, if new versions as you say allow them to be removed finally?

c627627, I agree all that you siad.
Last test CIS
now You can remove ADS only in drive C: only ,for external drive you can’t.
PS1. Please don’t remove my comment and make CIS more transparency.
PS2. can’t eject drive when root folder of external drive contained by Comodo ADS file.

I have not tested it yet, when you say drive C only, do you mean Operating System drive only, or do you mean all internal hard drives and partitions but not external drives?

I understand that external drives still cannot be cleaned from unknown streams. That’s exactly where users like us stop and ask why?

I have installed a separate operating system on another partition, just so I can boot into it and remove streams, which I cannot do on my main OS, because Comodo is (still) installed on it. This is so inexplicable that we are not allowed to remove streams that it is part of every conversation about good and bad things about Comodo, maybe there is a legitimate explanation, all I know is that no one has posted it in any of the threads about this.

I’m not so sure you can, now I get access denied just like before, when I first tried I only had the firewall installed along with another 3rd-party AV installed that I wanted to check out. Now that I uninstalled it, I can’t remove CIS specific ADS, but accourding to tawusaw you can so IDK. Honestly it really doesn’t matter, if you want to remove these CIS created streams then uninstall CIS and delete the ADS.

The reason you can’t when CIS is installed is that they designed it that way and they won’t give you a reason why. Just like you can’t stop CIS drivers and services. I’m guessing they didn’t want malware from being able to delete these streams in order to prevent the malware from not being auto-sandboxed. Remember the default auto-sandbox rules were to sandbox files that had Internet,Intranet, and removable media origin. Which those streams contained such info of files as they were introduced to the system, also those streams contained info about which application created files, which you could then use auto-sandbox rules to sandbox files based on created by applications.

  • I disable auto sandbox function. but can remove ADS only in internal drive.
  • You said “it really doesn’t matter” Really!! Because this is security software!! If it for security reason just explain it. Why make it not reliable.
  • If it for security reason you should have the option to allow use to access it. Because this is User file!
  • If it for security reason just Block all user from edit it. Not!! Insert data into User file!!
  • And Comodo ADS in file were “Encrypted” That why it make ous concern about ADS.