CPU vulnerabilities, Meltdown and Spectre

Hi everyone,

We would like to inform you about the status and effect of recent chipset vulnerabilities (Meltdown and Spectre) found on Intel and AMD.

Comodo Security Agent: Microsoft already started distributing patches for Windows 10 devices and we believe other OS versions will follow soon. While Comodo Client Security is not going to be officially vetted by Windows as compatible until our major release planned to be on 27th of Jan, our tests shows no issues that might lead to crash or BSOD on patched devices. We recommend everyone to patch their devices at their convenience. You can use ITSM - Patch Management functionality to push these patches as well.

Comodo One cloud platform: Our initial evaluation of our cloud platform shows no direct issue or risk on our applications and we are working closely with Amazon to ensure security and availability.

Edit: We are also working on registry update through procedure over ITSM. We will update everyone with the results and directions early next week.

Best regards,

Hello everyone,

We would like to inform you that we have completed our script to update the registry. Using this link: https://scripts.comodo.com/frontend/web/topic/script-to-add-key-qualitycompat you can download and run the script on your machines.

After successful completion of the script, we expect to see the following change in the registry if you want to check.

Value Name =“cadca5fe-87d3-4b96-b7fb-a231484277cc”

You can also change the registry using GPO. Here is a how to: https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx

After that, the endpoints you manage will see patches required as missing in at most 24 hours. You can learn the KB numbers of patches required according to your Windows 10 from here: https://thewincentral.com/download-links-kb4056892-kb4056891-kb4056890-kb4056888-kb4056893-windows-10/

After that you can either install the patches manually or using a patch procedure. Here is the wiki links to deploy patches manually or using procedure


Best regards,

Unfortunately this script wont run as the procedures seems to be down AND patch management, PLEASE FIX THESE ASAP!!!

Hello @dittoit ,

The problem seems to happened some of our customers. It should be fixed for now.

Could you please check it again?


Why is Comodo not on the approved list of AVs? Please advise best practice to protect devices and network.

Hi @MTekhna ,
If the list of AVs is the one in the link below, although it is not an official list, we have already contacted the creator of it and informed about compatibility of our security solutions. If it is not the list you mentioned, please share it with us.

@Can that is the list.

I would like to know why the registry changes need to be made? is it because Comodo is incompatible with the latest Microsoft patch?

I could be wrong. But the reg is required so that the Patch will be released to that endpoint by Microsoft…

But I may be way off haha !!

Hello @nikki , this registry change is needed to notify the Windows that we are compatible with the patch. Comodo is compatible with the latest patch of Microsoft without any doubt. After changing registry, Microsoft enables endpoints to receive the patch.

C1 customers are able to run this script as a procedure through ITSM on all their enrolled devices. According to our planned release schedule, our new client will come on 27th and our customers won’t need to run this script after that date.

Thank you @emrahsamdan !

Please do not reference sites that aren’t recognized by Microsoft for their patches as if could result in MS team of lawyers paying you a visit if a MS client runs into any issues and tells MS their OS is broken because they used a site that you referenced publicly. Only reference Microsoft sites. What you did is like asking people to go to TooCows (sp?).

It’s time that C1 becomes more professional and polished.

I think the site @emrahsamdan referenced ultimately directs you to MS to download.

Hello @smoothrunnings, at the time I made up that post, this page was still under construction: https://support.microsoft.com/en-us/…ectre-meltdown .But you can use it conveniently for now.

I provided that page showing which KB number should be seen by which version of Windows 10. I already checked the navigations to Windows Update Catalog and they were working as expected. (and they are still)

We are committed to help our customers as responsively as we can and hope we can continue like this.

best regards,

Hello everyone,

We have completed our tests with our environments. Please see attached our response to Meltdown and Spectre issues.

Our tests show that there is no incompatibility issue with patches and Comodo security products. We want to once again warn that there may still be problems with the endpoints due to the incompatibility of the patch and chipset.

best regards,

MeltdownSpectreComodoResponse.pdf (707 KB)

Bottom of page 4 your page break is wrong.

@emrahsamdan the PDF is invalid. Please post it again.

Hello @nikki

I see no problem. Are you sure that you are logged in while you are trying?

Hello All,

We want to notify our customers about the recent news about Meltdown and Spectre Patch. Intel announced that they identified the root cause and now working on new patch. You may prefer to wait for this patch if you still don’t install it.

See the news here: http://uk.businessinsider.com/intel-working-on-a-new-fix-for-the-spectre-meltdown-attacks-2018-1


If you have found not issues then you need to roll out the reg key that MS clearly states that AV vendors need to add in order for machines to be properly patched. I know there is a lot of confusion over this reg key as to who is supposed to install. But trust me when say the AV vendors are supposed to install it once they have confirmed their product work with the MS spectre meltdown patches. At my other job who is a MS Platinum Partner we worked closely with McAfee who thought it was up to the end-user to install the reg key until MS told otherwise as a lot of their clients were complaining to MS.