I’m new to CIS, but I think I’ve encountered a bug. I’m using CIS on Windows 10 x64.
Since CIS updated to version 8.2.0.4674, My Windows Home Server 2011 has been reporting “The computer is not currently being protected from spyware and unwanted software.” In Control Panel / Security and Maintenance, I see “Windows Defender and Comodo Defense+ are both turned off.”
If I click “View Antispyware Apps”, Comodo Defense+ shows “off”. However in the Comodo app, HIPS is enabled in safe mode. The “Turn On” button does not change this.
I have the exact same problem. So are both spyware programs actually turned off, or is the Comodo actually still working and this is just some Windows 10 / Comodo communication glitch?
I have the same problem. In Windows 7, windows checks the WMI namespace root\SecurityCenter2 to see if it is up to date. Antivirus products need to set these values and tell Micro$oft what a “Good” set of values is. I don’t think Windows 10 changed because CIS was showing up to date until I upgraded CIS. Anyways. Below is a PowerShell script I wrote to test to see if Sophos is up to date in a login script. You can easily hack it to work with Comodo, or just use WMI Explorer and see what the values in root\SecurityCenter2 are set to. Compare old Comodo values to this new version’s values. Have fun!
JoeItSec
$objWMi = get-wmiobject -namespace root\SecurityCenter2 -computername localhost -Query “Select * from AntiVirusProduct”
foreach ($obj in $objWmi)
{ #Get Sophos State and convert to Hex. Should be 051000 #05 = AV & FW #10 = Active #00 = up to date
$HexProductState = [Convert]::ToString($obj.productState,16) #Put a Zero on the front of the HexProductState so it’s real Hex
$HexproductState = “0”+$HexproductState #Get the date in simple format
$CurrentDate = Get-Date -format g #Make a good state to compare against - Change this to test if it works!
$GoodAvState = “051000” #If we are out of date report it.
If ($HexproductState -ne $GoodAvState)
{ #Make a string Computername, AntivirusName,Productstate, Username, Date/Time
$AvInfo = $env:COMPUTERNAME+", “+ $obj.displayName+”, “+$HexProductState+”, “+$env:UserName+”, “+$CurrentDate #File to write to with the PC name in the filename. The folder needs to exist. This will be a network share someplace. #The folder must exist. This only creates a file.
$aFilePath = “\Some\Network\Share"+$env:ComputerName+”-AvInfo.log” #Display what we are writing on the screen for debugging
write-host $AvInfo #Write it to the file
$AvInfo | Out-File -FilePath $aFilePath -append -Force
}
}
Tried that, and it doesn’t seem to have fixed the problem, although the specific symptom changed. Now Windows thinks there is no antispyware software installed, instead of just not turned on.
Hi richardk,
Windows home server editions have never been fully supported as far as I know.
I wonder if this is the reason for the Windows action center issue.
[b]Important note:[/b] The auto-sandbox and Virtual Desktop features are not supported on Windows XP 64 or Windows Server 2003 64 bit.
I’s possible. Of course, CIS isn’t installed on the Windows Home Server box itself. I’m seeing the problem on Windows 10 systems that have the Windows Home Server 2011 Connector program installed. Since all of my Windows 10 systems have the Connector installed, I don’t know if it has anything to do with it. All have the same problem with CIS.
Can the other folks who are seeing this problem please confirm whether or not they are running the Windows Home Server Connector?
I have the same problem. Windows 10 Pro x64. Tried to uninstall and reinstall Comodo, but the problem persists as described. I am not running the Windows Home Server connector,and it never was installed, so that isn’t the cause.
I just ran WMI Explorer and see that root\SecurityCenter2 has productState = 397312 which converts to 061000 Hex = installed, enabled and up to date. 06 means installed, 10 means enabled, and 00 means up to date. Here is the complete MOF:
Instance of AntiVirusProduct
{
displayName = “COMODO Antivirus”;
instanceGuid = “{F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}”;
pathToSignedProductExe = “C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe”;
pathToSignedReportingExe = “C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe”;
productState = 397312;
};
It looks good to me. I know vendors need to report the various states they use to Microsoft. Maybe that’s all that needs to be done?
Following on that, I did the same thing. If I read that correctly, the product state reads installed, disabled and up to date. Also, notice the timestamp on the MOF. Hope it helps. Here is the complete MOF:
instance of AntiSpywareProduct
{
displayName = “Comodo Defense+”;
instanceGuid = “{493CE176-EB84-BC8D-9707-B3ACF7598648}”;
pathToSignedProductExe = “C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe”;
pathToSignedReportingExe = “C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe”;
productState = 393216;
timestamp = “Sun, 09 Aug 2015 07:08:41 GMT”;
};
Notice I dumped my MOF for AntiVirusProduct, and you guys did it for AntiSpywareProduct, so the values are very different. Seriously though, I think we did enough investigation for Comodo to tell what’s wrong. Well, we didn’t compare the values of Before Comodo Update to Current Version yet
Nice job though. I wrote that above Sophos WMI test to run in a logoff script at the big bank I work at. If anyone logged off of a PC and the Sophos wasn’t up to date it wrote the PC name and what was wrong to a CSV file and sent an email to Security and Helpdesk. Running it at logon was fail because it hadn’t had time to update if the PC was powered off for a while. I’d expand on it and make it for like 10 different products, but then I’d have to support it. So I just share it as a decent idea to use.
Please fix this ASAP! It’s annoying because every time you turn on the computer, you get a notification with a little sound telling you that Spyware and Antimalware software is disabled.
As a workaround disable the alerts from the security center until further notice. The security center will report what the programs themselves report. And with the programs keeping an eye on themselves you can safely disable the alerts of the security center.
