uninstalled CIS and yet still the firewall interface is here

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
1

HI,
Thanks for your great product, for some reasons after month of use i had to uninstall CIS …
i’m on windows 10, uninstalled cis using the defaullt windows uninstaller … rebooted … etc …
everything went fine …

now it seems that my connection still passing throught comodo firewall, using anothter firewall it always say : “COMODO ConnectV4” outgoing or “COMODO ConnectV6” outgoing
for exemple:

translate.googleapis.com/216.58.208.234:443(62040)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe

it seems that the comodo firewall interface is still here ! i"ve checked the registry all is clean, the lan adapter / interface properties are ok !
re-installed the re-removed … i also tryed to uninstall then reinstall the lan adapter … renew and flushed connections dns etc … , nothing to do…
I Suppose that CIS as modified a file that didn’t go to its original state after uninstalling …?

Please how do i remove this comodo interface from my connection ?
Thanks you per advance…

2

What other Firewall are you using? “COMODO ConnectV4” outgoing or “COMODO ConnectV6” outgoing do not ring an immediate bell. Do the alerts of the other firewall point to a specific application (cis.exe, cmdagent.exe, cavwp.exe, cmdvirth.exe …)?

Can you see if Geekbuddy is still installed?

In case traces of CIS are still around try following Most Effective Way to Reinstall CIS to Avoid/Fix Problems by my colleague Chiron.

3

Thanks for your reply Eric …

I’m still investigating, i was able to reproduce the issue in a vm…
Perhaps a conflict between my firewall and the cis post uninstaller dunno really for now.

i’ve already done all steps discussed on your collegue’s thread and i’m pretty sure that there isn’t any trace left by cis :
registy seems clean, all folders programdata/ AppData /program files / program x86 etc… are clean, no geekbuddy/chromodo/av left
system32 seems ok too … that’s just weird to see my firewall tell me these comodo outgoings each time a connection is allowed.

i’m currently using my old frend firewall ‘windows10firewall from sphinx software’ wich is just a gui for the windows core firewall.

To be clear, my intention was to use the comodo antivirus that i like a lot and switch off the comodo firewall to continue using my old friend wich i know well.
but perhaps it’s have done some conflicts…
anyway, imo everything is clean … i’ve used process explorer, process monitor, autoruns etc also reinstalled my firewall… no trace about cis that’s just crazy something didn’t go back properly.

4

HI,

maybe the Windows Firewall wasn’t turned off properly as the Comodo Firewall was installed so the Windows Firewall made rules about the Comodo Firewall.
I don’t know the Windows Firewall (it’s the first thing I turn off after installing windows) but can you see any rules about Comodo?
Can you set the Windows Firewall back to default (flush all rules and start over again)?
When you go into “C:\ProgramData”, are there traces of Comodo (you have to turn hidden files ON to see that folder)?

Thanks

LordRayden

5

Can you specify what specific executables Sphinx Firewall is alerting for? Please provide me with the name and path.

6

Lord thanks for your comments… i had the same idea at first, so i’ve checked all rule from windows firewall, reseted to defaut and also removed all rules to test and nothing changed.
i also checked all rules form sphinx firewall into the software and into the windows registry nothing found.
yes i’ve enabled display of hiden files and also protected system files that’s the first thing i do :slight_smile: and nothing from comodo is left.
strange isn’t it ?

Hi Eric,
to reply to you sphinx firewall didn’t show any alert for any cis executable. in fact it’s in the log file and also in the pop up balloon, that it tell me each time a connection is allowed:
“datetime dns/ip protocol processname |WindowsFirewall: COMODO ConnectV4 Outgoing| executablepath” even after uninstalling and re-installing sphinx firewall multiple times"

here a piece of log:

2015:09:08|19:34:50|Allowed|1|IPv4 TCP forums.comodo.com/91.199.212.149:443(56911)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:34:59|Blocked|1|IPv4 TCP ocsp.entrust.net/23.206.33.41:80(56912)|Processus hôte pour les services Windows|Local+DNS+DHCP(svchost)/http-WindowsUpdate Outgoing|C:\windows\system32\svchost.exe
2015:09:08|19:34:59|Blocked|1|IPv4 TCP pdlvimeocdn-a.akamaihd.net/80.236.32.170:80(56913)|Processus hôte pour les services Windows|Local+DNS+DHCP(svchost)/http-WindowsUpdate Outgoing|C:\windows\system32\svchost.exe
2015:09:08|19:34:59|Blocked|1|IPv4 TCP www.www8-hp.com/80.236.32.144:80(56914)|Processus hôte pour les services Windows|Local+DNS+DHCP(svchost)/http-WindowsUpdate Outgoing|C:\windows\system32\svchost.exe
2015:09:08|19:34:59|Blocked|1|IPv4 TCP pdlvimeocdn-a.akamaihd.net/80.236.32.170:80(56915)|Processus hôte pour les services Windows|Local+DNS+DHCP(svchost)/http-WindowsUpdate Outgoing|C:\windows\system32\svchost.exe
2015:09:08|19:34:59|Blocked|1|IPv4 TCP www.www8-hp.com/80.236.32.144:80(56916)|Processus hôte pour les services Windows|Local+DNS+DHCP(svchost)/http-WindowsUpdate Outgoing|C:\windows\system32\svchost.exe
2015:09:08|19:35:07|Allowed|1|IPv4 UDP translate.googleapis.com/216.58.211.106:443(50839)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:08|Allowed|1|IPv4 TCP forums.comodo.com/91.199.212.149:443(56917)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:27|Allowed|1|IPv4 TCP fonts.gstatic.com/216.58.211.99:443(56918)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:27|Allowed|1|IPv4 UDP fonts.gstatic.com/216.58.211.99:443(53417)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:37|Allowed|1|IPv4 UDP translate.googleapis.com/216.58.211.106:443(53419)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:54|Allowed|1|IPv4 TCP clients2.google.com/216.58.211.110:443(56919)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:35:54|Allowed|1|IPv4 UDP clients2.google.com/216.58.211.110:443(62492)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:36:07|Allowed|1|IPv4 UDP translate.googleapis.com/216.58.211.106:443(62494)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:36:37|Allowed|1|IPv4 UDP translate.googleapis.com/216.58.211.106:443(62496)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe
2015:09:08|19:37:07|Allowed|1|IPv4 UDP translate.googleapis.com/216.58.211.106:443(62498)|Google Chrome|WindowsFirewall: COMODO ConnectV4 Outgoing|C:\program files (x86)\google\chrome\application\chrome.exe

Anyway, at first glance except that stange behaviour, everything seems to work well, if i can’t repair that, i’ll live with that.

Thanks
Vincent

7

May be your DNS serves are still set to the Comodo DNS servers? Can you check?

8

Yes i’ve already checked , and also used commands

ipconfig /flushdns to clean dns cache
and dns is set to automatically…

nothing seems wrong as you can see on this screenshot

[attachment deleted by admin]

9

I am out of ideas for the moment. I asked the other mods to come and take a look.

10

i"m out of idea too :slight_smile:
anyway it’s not a top list trouble, thanks you for your help Eric.

11

Hi,

just a thought, uninstall Chrome and install it again (uninstall remove it completely and then install it again)…

Thanks

LordRayden

12

Hi Lord,

The behaviour is the same for any software/process that is allowed to go out, so logically chrome is not involved,
anyway, in de boubt, I’ve already tried that few days ago I’ve removed chrome and firefox then used ccleaner to clean registry.
next rebooted and downloaded a portable chrome that i’ve launched from my desktop.
and as expected this “comodo outgoing” still appear…

i"ve done some tries, by installing “private firewall 7” from privacyware, wich is also a powerfull firewall
and according to its log files everything seems fine.

At first i thought the comodo interface was still here, but after all, i’m pretty sure that this is a rules that was made
by windows firewall like you said previously, but impossible to put my hand on it.

Thanks Lord
Vincent.

13

May be the Microsoft support forums can tell how to determine what is meant with the Comodo Connect entries.

14

Did you ever find out how to stop this? Microsoft forum told me it’s a Comodo problem and comodo tells us its a MS problem. So please for the love of God and all that is Holy, let me know if you found a solution. Did you have to go back to Windows 7? I am starting to hate Windows 10.

15

Use Windows-Kernel-Explorer clear all these!


https://thumbs2.imgbox.com/3e/99/vzGhFIue_t.jpg