New Update New Version 12.3.3.8152 Available for Comodo Internet Security 2025

[ErzCrz]

Workaround found by any more experienced person. In the HIPS Settings (even if you have disabled) you need to remove "Windows Sockets Interface" from Protected Files. You'll then be able to allow internet connection with sandboxed browsers. I don't run browsers sandboxed myself so leaving it there at my end.

Spoiler: HIPS >>Protected Files >>Windows Sockets Interface

 

[Halp2001]

Workaround found by any more experienced person. In the HIPS Settings (even if you have disabled) you need to remove "Windows Sockets Interface" from Protected Files. You'll then be able to allow internet connection with sandboxed browsers. I don't run browsers sandboxed myself so leaving it there at my end.

Spoiler: HIPS >>Protected Files >>Windows Sockets Interface

View attachment 286913

Hi, I followed your advice and it worked for me (I don't have “hips” enabled). Thanks for your help.

 

[porkpiehat]

OK, I installed CIS2025 on my wife's laptop, and forgot to uncheck the AV option.. uninstalled with REVO, installed again with AV unchecked but it still installed the AV option and not the FW only option.. what am I missing? Is there something in TEMP or somewhere that is allowing this to happen? thanks in advance.

 

[Vitali Ortzi]

OK, I installed CIS2025 on my wife's laptop, and forgot to uncheck the AV option.. uninstalled with REVO, installed again with AV unchecked but it still installed the AV option and not the FW only option.. what am I missing? Is there something in TEMP or somewhere that is allowing this to happen? thanks in advance.

You have to download the premium version not the other one

 

[porkpiehat]

You have to download the premium version not the other one

I believe it was the Premium version..

 

[rashmi]

I believe it was the Premium version..

To the best of my memory, the pro installer doesn't offer custom install options. You appear to be using the free or premium installer. On that same screen, click "agree and continue" once you've unchecked the antivirus. Instead of uninstalling, you can also try selecting 'Change' and unticking the antivirus.

 

[ErzCrz]

I believe it was the Premium version..

All detailed in this video, it's quite straight forward: Comodo Firewal 2025 Setup and Commentary
The direct download for the latest premium (Free) version is: Comodo Premium 2025.

 

[porkpiehat]

yep, did everything as I should.. option-uncheck AV-install.. but each time I get the AV installed.. only thing I do differently is uncheck the DNS option.
I really don't know why, but everything went smooth as silk when I installed it on my PC..

 

[ErzCrz]

yep, did everything as I should.. option-uncheck AV-install.. but each time I get the AV installed.. only thing I do differently is uncheck the DNS option.

You can change what's installed by going to Windows apps - Installed Apps and clicking Uninstall and then Selecting Change and deselecting AV. See below.

Spoiler: Comodo Changed Installed Options

 

[porkpiehat]

You can change what's installed by going to Windows apps - Installed Apps and clicking Uninstall and then Selecting Change and deselecting AV. See below.

Spoiler: Comodo Changed Installed Options

View attachment 287025

View attachment 287026

View attachment 287027

aah.. I shall give that a go first then.. Thanks.

 

[porkpiehat]

@ErzCrz .. it worked an absolute treat.. thanks for the tip..

 

[rashmi]

Does the startup list in your Task Manager include Comodo? My SSD laptop, running CF 12.3.4.8162, has Comodo in its startup, unlike my HDD laptop.

 

[porkpiehat]

Does the startup list in your Task Manager include Comodo? My SSD laptop, running CF 12.3.4.8162, has Comodo in its startup, unlike my HDD laptop.

yes, on my PC and wife's laptop.

 

[rashmi]

yes, on my PC and wife's laptop.

Both my HDD and SSD laptops had "cis" entries listed in the Windows startup with the previous Comodo version. Following the Comodo update, my HDD laptop's startup lacks a Comodo entry; however, my SSD laptop displays a "cmdinstall" entry. Comodo functions well on both laptops.

 

[New_Style_xd]

Hello everyone, I made a recording that shows what is happening with my CIS.

When I try to open KillSwitch, it tries to update, a window opens, but closes quickly. Is this happening to you?

If anyone here is using COMODO Internet Security 2025 Premium and knows what this is, could you tell me how I can fix it?

 

[rashmi]

@ErzCrz, Comodo's default containment setting was "partially limited" when it lacked full virtualization. Does setting containment to "restricted" and the restriction level to "partially limited" replicate older behavior (i.e., will Comodo run unknown programs with the "partially limited" containment setting)?

 

[ErzCrz]

@ErzCrz, Comodo's default containment setting was "partially limited" when it lacked full virtualization. Does setting containment to "restricted" and the restriction level to "partially limited" replicate older behavior (i.e., will Comodo run unknown programs with the "partially limited" containment setting)?

This was explained some time ago but see this video for the containment level variations and their implications. (Comodo 2025 Containment Variations)

Setting as Restricted or higher is best as it will automatically block network connections of unknown or malicious files whereas you'll see a firewall alert when it's set to partially limited.

Comodo help regarding levels:

You can select the 'Restriction Level' from the following options:

• Partially Limited - The application is allowed to access all operating system files and resources like the clipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loading drivers or debugging other applications are also not allowed. (Default)
• Limited - Only selected operating system resources can be accessed by the application. The application is not allowed to execute more than 10 processes at a time and is run without Administrator account privileges.
• Restricted - The application is allowed to access very few operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications, like computer games, may not work properly under this setting.
• Untrusted - The application is not allowed to access any operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. Some applications that require user interaction may not work properly under this setting.

 

[rashmi]

This was explained some time ago but see this video for the containment level variations and their implications. (Comodo 2025 Containment Variations)

The protection containment levels offer isn't what I'm discussing.

Setting as Restricted or higher is best as it will automatically block network connections of unknown or malicious files whereas you'll see a firewall alert when it's set to partially limited.

That's incorrect. Containment levels don't automatically block network connections. In cruelsister's video, the malware may be crashing or malfunctioning because of the restricted level's restrictions. A firewall alert will appear if the malware functions successfully with the containment level, for example, partially limited, which applies fewer restrictions.

I meant containment's "Action" and "Restriction Level" settings.
Action: Run Restricted
Restriction Level: Partially Limited
I'm unsure, but I believe this will replicate older behavior (i.e., Comodo will run unknown programs partially limited), which means Comodo will allow unknown programs on the real system but limit their access rights.

 

[ErzCrz]

The protection containment levels offer isn't what I'm discussing.


That's incorrect. Containment levels don't automatically block network connections. In cruelsister's video, the malware may be crashing or malfunctioning because of the restricted level's restrictions. A firewall alert will appear if the malware functions successfully with the containment level, for example, partially limited, which applies fewer restrictions.

I meant containment's "Action" and "Restriction Level" settings.
Action: Run Restricted
Restriction Level: Partially Limited
I'm unsure, but I believe this will replicate older behavior (i.e., Comodo will run unknown programs partially limited), which means Comodo will allow unknown programs on the real system but limit their access rights.

Perhaps it's changed then since I've tested any unknowns connecting out which admittedly has been awhile.

Yes, if you do a CruelSister Setup, setting the action as Restricted or Untrusted is optimal protection otherwise it was just default to partially limited. I'm not currently using CIS or CFW on my production machine but on my other laptop, I have CFW with the CruelSister setup and it works great.

I followed your discussion with AndyFul regarding WHHL. As a test I was able to run Hard_Configurator with Recommended settings with CIS/CFW without issue. I think you're over complicating your setup. CFW/CIS will contain any unknown file and therefore any subprocesses or other files created so I don't see the need to create separate rules for known exploited DLLS give that one unknown one or one you don't have a rule for could be exploited. The same goes for LOLbins as demonstrated in her videos.

Anyway, you can also use the FirewallHardening tool which will create Windows Firewall block rules for recommended LOLbins and since Windows Firewall runs along side CFW, it'll still block those connections as intended.

I'm waiting for further CIS/CFW development and bug fixes before using it on a production machine the forum has had website issues lately displaying 503 errors. My go to choice for my production machine is CyberLock and DefenderUI to augment Microsoft Defender. For further firewall control I have used WindowsFirewallControl but CL implements the same sort of LOL blacklisting as FWH does with it's SmartFirewall feature and it creates block rules for unsafe files so I'm not sure WFC is needed unless I want more control

Anyway, sorry for rambling on. CIS/CFW works best without messing with it too much. just do the CruelSister setup and let it do it's thing. You can always use Andy's tools if you want to harden the system further as a back up default deny configuration but people here will say any hardening along with CIS/CFW is overkill and I'm sure others will remind us that Comodo is a just a blocker so I'll end it here. Hopefully you'll work out what works best for you.

 

[rashmi]

Perhaps it's changed then since I've tested any unknowns connecting out which admittedly has been awhile.

The information is inaccurate. I've reminded you of this multiple times previously. I also opened a thread to discuss it.
Thread: Serious Discussion - Comodo Containment "Restricted" Restriction Level

Yes, if you do a CruelSister Setup, setting the action as Restricted or Untrusted is optimal protection otherwise it was just default to partially limited.

From my viewpoint, cruelsister's "Restricted" configuration offers no substantial benefits. It offers optimal protection, but the default "Run Virtually" does too. Even considering your CS's video, the default "Run Virtually" setting prevented any real system damage. The "Run Virtually" video shows the designed functionality: programs or malware operating correctly in the fully virtualized containment.

Your CS's video highlights the default "Run Virtually" versus her configuration "Run Virtually" + "Restricted." The "Run Virtually" default setting fully protected the real system. Combining the default "Run Virtually" setting with the default "Partially Restricted" Restriction Level provides a higher level of default protection.

Claims suggesting Comodo's default containment is inadequate are unsubstantiated, misinformation, and potentially misleading.

I followed your discussion with AndyFul regarding WHHL.

I'm not using the setup; simply experimenting in experimental mode.