2 questions - cmdagent & Forums

I hope some light can be shed on my questions.

Q1. Why does cmdagent.exe require internet access?

CPF’s help file, in this case, doesn’t help :slight_smile: and forum search is ambiguous.

If it has to do with CPF?s updates or auto check certified updates, both these are turned off in the ?Miscellaneous? window.

Q2. Why does access to the forums require secure access (CPF prompts for port 443)?

If I don?t allow port 443 the forums do not display correctly. They display as text boxes and there are no images. Whether I?m logged in forever or just accessing the forums as a guest the same problem exists.

When I do allow port 443 what information is being sent from my machine?

Cheers,
Paris

As far as I know, cmdagent.exe does not require internet access at all. What has lead you to think it does?

Q2. Why does access to the forums require secure access (CPF prompts for port 443)?

If I don?t allow port 443 the forums do not display correctly. They display as text boxes and there are no images. Whether I?m logged in forever or just accessing the forums as a guest the same problem exists.

When I do allow port 443 what information is being sent from my machine?

Port 443 is used for SSL - secure data transfer over the web. The comodo forums both secured and unsecured logins. If you go to http://forums.comodo.com, it will use port 80, btu if you go to httpS://forums.comodo.com, it uses port 443 for a secured login. The only additional data sent if you do a secured login is the encryption data added to whatever you send/receive to/from the forums.

Hope this helps,
Ewen :slight_smile:

Hi Ewen,

I’m at work so i do not have acces to my PC at the moment.

When I get home this evening I will post screenshots I made relating to this.

I am using CPF 2.4 and the IP address cmdagent tries to contact is a Comodo related IP.

Cheers,
Paris

Curiouser and curiouser said Alice. I’m yet to see it attempt an outbound connection or receive and inbound one.

Ewen :slight_smile:

I only have an UDP Out to my router on port 53.
I’ve not seen anything to port 80,443

I have TCP out on port 80 to a Comodo IP. I’m on a stand alone computer.

Once a pop-up asked me and I allowed it. Now I have TCP out on port 80 to a single IP plus UDP out to my ISP DNS server in apps monitor.

My alert settings set to very high and “do not show any alerts for trusted applications by COMODO is unchecked”.

Shall I delete them to see if I get an alert again?

hilmi

Hi Ewen,

Both forum links request port 443, whether I’m logged in or not. But that?s not the real problem.

Posted below is the log with cmdagent accessing the web.

I don?t have ?applications certified by COMODO? enabled, in case you ask.

COMODO Firewall Pro Logs

Date Created: 21:51:57 23-01-2007

Log Scope:: Today

Date/Time :2007-01-23 21:48:32
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (cmdagent.exe:195.92.253.137: :http(80))
Application: C:\Program Files\Comodo\Firewall\cmdagent.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 195.92.253.137::http(80)

Date/Time :2007-01-23 21:48:24
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 10.1.1.2
Destination: 224.0.0.22
Reason: Network Control Rule ID = 6

End of The Report

I hope this helps to solve the mystery.

Cheers,
Paris

You only need cmdagent to connect through port 53 to your router or ISP on UDP out.

About Paris, I don’t know why you get that on port 80. I think I got it during install, and that should be normal since the activation/registration is built in now and is done during install. I deleted it and have not got it back since…
Sorry I couldn’t help.

Before I blocked access in the Applications window, it asked every time I booted or rebooted my computer.

It has never asked for port 53 for my router.

Should I submit a ticket on this one or does anyone else have any ideas?

Paris

Yes do that.

I get alerts for cmdagent for UDP out to my 2 ISP DNS servers and TCP out on port 80 to 195.92.253.137 when I reboot as well. But I never had a log entry for cmdagent or a log entry for TCP out to 195.92.253.137. At least the tcp out should have been logged.

Any ideas?

Paris, could you let me know the response for the ticket.

Hilmi

195.92.253.137 is the Comodo’s website. Maybe it’s checking for updates?

I have submitted a ticket for this.

djet, I don’t have updates enabled.

How do I get a responce for the ticket? When I have submitted in the past I have received no responce even though it lists the ticket status as closed.

Cheers,
Paris

Paris, they responded to me by sending an email to me.

Hilmi

Received this from Comodo… now if someone can explain it to me :slight_smile:

“cmdagent.exe is a service from firewall and when it checks if exe (i.e. cpf.exe) which is communicating with it is signed or not, APIs involved with the verification of digital signature may connect to Internet for verifying if cert is valid or not. Even if you deny cmdagent.exe, it may not hurt as it’s an extra check.
It doesn’t happen in all the system, if you have all root certs installed, it may not connect to Internet
Hope this explains.”

This seems contrary to what most have posted relating to cmdagent and connecting to the internet. I did a clean install of my system (XP Pro) last weekend so all the root certificates should be in place.

I can find no mention this anywhere on the Comodo site or documentation. Wouldn’t it make more sense for cmdagent to access secure port 443 rather than port 80.

No sure I like this :-\

Absolutely correct Paris - certs should never be validated over port 80. Can you please, asa matter of urgency point this out to them on another support ticket at support.comodo.com. I’m not 100% certain on this, but would have thought that certs needed to be validated over a secure connection, as the keys would need to be exchanged, wouldn’t they?

Let us know how you go.

Thanks for pointing this out.

Cheers,
Ewen :slight_smile:

Hi Ewen,

Submitted another ticket, will post the reply as soon as I get it.

Cheers,
Paris

Hi, forgive me for being out of my league here but isn’t this the ip of the update server when CPF checks for updates or you download an update? Yes, I am probably wrong, lol, I know. But the update does go over port 80 , no?

Paul

Only two rules (UDP out to my two IPS DNS servers) in my app monitor for cmdagent (parent=services). In the connections window, I saw a connection made by cmdagent to 195.92.253.137 on port 80. Checked my log, but could not find any logs in relation to 195.92.253.137.
Isn’t that strange?

Comicfan no it’s not for update. Plus, Paris had the updates disabled.

By the way, Ewen it was pouring today in Gold Coast. It was much needed though.
Take care
Hilmi

I ran the updater and got 195.92.253.17 and yesterday the updater WAS 195.92.253.137, However, doing a whois both are the same info. Not only that but I don’t show anything in my logs of it either so can’t be of any help there. I did peg the correct addy by running update “yesterday” however being paris has no updates going and has actual logs of this, really isn’t making sense. Either way, i’ll bow out and let the tech support handle this one. 8)

Sorry Paris, thought I pegged it for you.

Paul