I need permission from administrators to delete files even though I am one.

Blue222

New Member
My computer has multiple files that are remains of COMODO firewall(the free version), when I try to delete them it says I require permission from administrators, even though this is my computer, I am the only user of this computer, and I am an administrator on it.
I am using windows a 11 but I dont think this is a thing only on windows 11

3rd party software like fileAssassin also failed to delete it.
In the file properties it doesn't let me change the security settings.
One of the files, cmdagent.exe runs on boot and constantly uses about 5% of my cpu but sometimes it goes higher.
Services doesn't let me stop the process, and when I try to change the properties in services it tells me the system cannot find the file specified. The task scheduler in computer management lets me disable it but after rebooting it is enabled again.
I tried doing How to Block an Application or .EXE from Running in Windows to try to stop it from running, but it still does.
 
Last edited:

Neemobeer

Cloud Security Engineer
Staff member
As a means to protect the system all users (local administrators included) operate as standard users. When attempting to perform an action that requires elevated rights the UAC prompt is invoked outside of the interactive user session to generate an administrator session token to perform the elevated operation. UAC prompt runs in the services session and can't be intercepted by malware.

Some files (security tools this is very common) only the SYSTEM account will have access to files and not even members of the admin group as a means to make the software more tamper resistant. I say resistant since an admin user can still disable anything on the computer if they know what they are doing.

What also can happen is if you are trying to delete a file in use it will likely fail since the file is loaded.

Most security vendors have enough forethought to know users may run into issues and will create special removal tools that will make necessary changes in order to remove their products. Commodo does have such a tool Comodo Uninstaller Tool Use, Internet Security, Comodo Removal Tool | COMODO
 

Blue222

New Member
As a means to protect the system all users (local administrators included) operate as standard users. When attempting to perform an action that requires elevated rights the UAC prompt is invoked outside of the interactive user session to generate an administrator session token to perform the elevated operation. UAC prompt runs in the services session and can't be intercepted by malware.

Some files (security tools this is very common) only the SYSTEM account will have access to files and not even members of the admin group as a means to make the software more tamper resistant. I say resistant since an admin user can still disable anything on the computer if they know what they are doing.

What also can happen is if you are trying to delete a file in use it will likely fail since the file is loaded.

Most security vendors have enough forethought to know users may run into issues and will create special removal tools that will make necessary changes in order to remove their products. Commodo does have such a tool Comodo Uninstaller Tool Use, Internet Security, Comodo Removal Tool | COMODO
I have tried this tool previously, it finished but the files remained exactly the same. When I try again now it crashes after I press accept and creates a log file with this in it.
18:58:5 C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CisCleanupTool2\RegTools.cpp:46 >> Can't open key (SOFTWARE\COMODO\CIS\Esm), error 2
18:58:5 C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CisCleanupTool2\CleanupOnline\CisCleanupTool2.cpp:76 >> ITSM Administrator password for Removal tool is not set, skip password verification, exiting...
 
Last edited:

ussnorway

Windows Forum Team
Staff member
Premium Supporter
and did you start with W11 or you had the software installed on w10 then put W11 over the top?

just always had 11 = I'd remove kaspersky first [restart system] and then try the comodo tool to clean out the files
but if you started on W10 I'd go for a fresh install of W11 instead... most people buy a fresh harddrive to install as that keeps the old drive as backup files and they are pretty cheep
 

WindowsPro

Senior Member
I have tried this tool previously, it finished but the files remained exactly the same. When I try again now it crashes after I press accept and creates a log file with this in it.
18:58:5 C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CisCleanupTool2\RegTools.cpp:46 >> Can't open key (SOFTWARE\COMODO\CIS\Esm), error 2
18:58:5 C:\Jenkins\workspace\CisCleanupTool2_vs19\CisCleanupTool2\CisCleanupTool2\CleanupOnline\CisCleanupTool2.cpp:76 >> ITSM Administrator password for Removal tool is not set, skip password verification, exiting...
Did you select "run as admin" when you run the tool?

To correct a previous Statement, if you sign in with an administrators account (have admin rights), you ARE an administrator (not a standard user) but the UAC blocks direct access to some more secure functions or files, unless you accept the UAC prompt..
Thus you raise your "higher rights" to even higher rights. So when you run a tool you might need to select "run as administrator".
 

Blue222

New Member
Did you select "run as admin" when you run the tool?

To correct a previous Statement, if you sign in with an administrators account (have admin rights), you ARE an administrator (not a standard user) but the UAC blocks direct access to some more secure functions or files, unless you accept the UAC prompt..
Thus you raise your "higher rights" to even higher rights. So when you run a tool you might need to select "run as administrator".
Yes I did, when I open the program windows asks if I want to allow it to make changes to my device, and I clicked yes both previously and now.
 

Blue222

New Member
and did you start with W11 or you had the software installed on w10 then put W11 over the top?

just always had 11 = I'd remove kaspersky first [restart system] and then try the comodo tool to clean out the files
but if you started on W10 I'd go for a fresh install of W11 instead... most people buy a fresh harddrive to install as that keeps the old drive as backup files and they are pretty cheep
I started with W10 installed kaspersky updated to W11 and while I had W11 I got COMODO, I don't want to do a fresh install because Then there would be all the work of setting the settings again, downloading programs again, etc.
this is what the tool currently outputs(it is run as administrator).

Creating system restore point. Please wait...
Removing shortcuts...
Removing installed services...
Cannot remove CmdAgentProt service. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdguard.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmderd.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdhlp.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdguard.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmderd.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdhlp.sys' file. Error 5: Access is denied.

5 of 6 services removed
Removing installed driver(s)...
Cannot remove 'C:\Windows\System32\drivers\inspect.sys' file. Error 5: Access is denied.
Cannot remove '2147483650\SYSTEM\CurrentControlSet\Services\inspect' registry key. Error 0: The operation completed successfully.

Removing registry hives...
Removing installed files...
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cis.exe' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdres.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\SecurityProductInformation.ini' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\themes\default.set' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\themes\lycia.set' file. Error 5: Access is denied.
Cannot remove 'C:\ProgramData\Comodo\Firewall Pro\cislogs.sdb' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\cmddata' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\cmddata-lock' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\cmdurl' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\cmdurl-lock' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\vcact' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\ProgramData\Comodo\Cis\lmdb\vcact-lock' file. Error 32: The process cannot access the file because it is being used by another process.. It will be removed after the system restart
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cis.exe' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdres.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\SecurityProductInformation.ini' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\themes\default.set' file. Error 5: Access is denied.
Cannot remove 'C:\Program Files\COMODO\COMODO Internet Security\themes\lycia.set' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdguard.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmdhlp.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\cmderd.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\drivers\inspect.sys' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\guard64.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\System32\cmdvrt64.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\SysWOW64\guard32.dll' file. Error 5: Access is denied.
Cannot remove 'C:\Windows\SysWOW64\cmdvrt32.dll' file. Error 5: Access is denied.

76 of 100 files removed
Removing symlinks...
Symlinks removed
Removing MSI components...
Removing registry hives...
2 of 16 registry hives removed
Removing registry hives...
1 of 1 registry hives removed
Removing MSI components...
Removing scheduled tasks...
6 of 6 scheduled tasks removed
Removing Security Center entries...
Removing fake debuggers...

Press "Restart" to restart the computer.
 

ussnorway

Windows Forum Team
Staff member
Premium Supporter
yes the tool code 'assumes' you didn't install a new OS on top of the old files after installing your software... run as Admin can only do so much
 

Blue222

New Member
I did this and now the files seem to be gone and I cannot find the process running in task manager anymore. I don't know why though because my other apps are still there.
 

ussnorway

Windows Forum Team
Staff member
Premium Supporter
your system registry will be a new one... if its working now thats great but a fresh install is still the better option
 
Top