Nah… It only seems to disconnect Comodo ONE Client - Communication and remove the selected computer from ITSM. It doesn’t seem to actually remove anything from the client. The applications (Comodo ONE Client - Communication, Comodo One Client - Security) don’t seem to get removed from the client computers (Windows).
In ITSM please go to Devices > Device List > select the specific device > go to the Procedure Logs > click on Details. From there please provide us the reason why the procedure did not work.
In addition, a Service Desk ticket is created that contains additional information to the one that you see in ITSM. We should be able to figure out what happened from the ticket details.
I just tried to check the procedure log after running the procedure “Uninstall Comodo Clients (Warning!)”, but unfortunately I get a 404 error when trying to access the device’s procedure log. This is probably because the device has been removed from ITSM.
Although the device is removed from ITSM, I still see the Comodo clients (Comodo One Client - Communication, Comodo One Patch Management Agent, COMODO Client - Security, RMM Agent Service) installed on the device that were (in theory) supposed to have been removed. Also, when the procedure was run, I did notice that the “Comodo One Client - Communication” icon in the Systray disappeared.
I also checked for corresponding tickets for the procedure run in Service Desk, but I couldn’t find any.
I have forwarded the information you provided to the appropriate staff for further investigation. We will reach back to you with updates as soon as possible.
Please run the below script and let us know if it worked (please keep in mind that the script must run as system user and not as logged in user(s)). Please let us know if the script works.
import os;
import re;
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
k=[];
with disable_file_system_redirection():
guid=os.popen('powershell.exe "get-wmiobject Win32_Product | Format-Table Name,IdentifyingNumber" | findstr /i /c:"Comodo One Client - Communication" /c:"COMODO Client - Security" | sort').read();
print (guid);
k.append(re.findall("{.*",guid));
j=[];
for i in k[0]:
j.append(i);
print j;
ccc=re.findall("COMODO Client - Security",guid);
if ccc:
command=r"reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmdAgent\Mode /v ModeEsm /t REG_DWORD /d 1 /f";
with disable_file_system_redirection():
process=os.popen(command).read();
print(process);
with disable_file_system_redirection():
for i in reversed(j):
process=os.popen('msiexec.exe /x '+i+' /quiet REBOOT=ReallySuppress REMOVE=ALL').read();
print (process);
Thank you for the assistance! Does the endpoint have to be rebooted in order for the change to take place?
I tried running the procedure (imported it and all), but it doesn’t seem to do anything. I do see the little circle in the center of the “Comodo ONE Client - Communication” logo in the systray disappear for a bit, which seems like it’s processing the command. However, everything is still as it was before: CCC and CCS are still installed and running. Also, the endpoint is still listed in ITSM.
That being said, I did check the procedure log details for the procedure run and this is what it showed:
CCS will require a reboot in order for the program to be completely removed. We will continue our investigation on this and provide you a better script.
We appreciate your patience and understanding in this matter.
Hmmmm… Unfortunately, this last one doesn’t appear to be working either. I just tried running it as the System user and then rebooted the endpoint afterward. CCC is still installed and connected to ITSM (the endpoint is also still showing in ITSM).
Thank you for getting back to us. We have contacted you by email (specifically in ticket ID HRS-800-35523 ) regarding this and we will provide new information there.