Please, what is going on? Recently, once in a while cmdagent.exe would upload some large quantity of data, which takes an age on my system, with an upload speed of close to 400mbps, and makes it difficult for me to do anything online during that time. Today I tried blocking all, but when I unblocked again the upload resumed or restarted, and was a flaming nuisance for me. Also, such a covert big upload is highly suspect. It doesn’t show in the CIS Event Log, but I did find the upload showing in the View Active Connections window. I then found that I could use the right-click menu on that item to close the connection.
The upload was to 184.108.40.206 .
I have to say, such uploads, without any notification or option to stop them (i.e. apart from ‘going into the works’ as I did), are quite unacceptable and indeed quite suspect in their own right, and I am seriously considering abandoning the otherwise excellent CIS because of this.
I would much appreciate some words about what these big uploads (at least tens of MB) contain, and any means by which I can prevent them from happening without hurting my system. If it was downloads I’d have assumed that it was necessary updates, but uploads are another matter.
Thanks indeed, Ewen, for your explanation, which, on consideration, I’ve little doubt is correct. I’d clean forgotten about cmdagent doing useful things like sending unrecognised or suspect files for analysis, and I would not want to obstruct that. My only problem is when it hogs my full available Net traffic capacity, so it interferes in my work. I tried out NetBalancer, but it doesn’t seem to work effectively on my system, so I’ve got rid of it again. I’d like to be able to tell cmdagent to limit its traffic to a very low speed, so that it doesn’t interfere with my work. That facility of course should be available in any security program that uploads / downloads significant amounts of material, as a security program that gets in the way of one’s working is really not fit for purpose.