Big uploads by cmdagent.exe - Unacceptable!

Please, what is going on? Recently, once in a while cmdagent.exe would upload some large quantity of data, which takes an age on my system, with an upload speed of close to 400mbps, and makes it difficult for me to do anything online during that time. Today I tried blocking all, but when I unblocked again the upload resumed or restarted, and was a flaming nuisance for me. Also, such a covert big upload is highly suspect. It doesn’t show in the CIS Event Log, but I did find the upload showing in the View Active Connections window. I then found that I could use the right-click menu on that item to close the connection.

The upload was to 199.66.201.27 .

I have to say, such uploads, without any notification or option to stop them (i.e. apart from ‘going into the works’ as I did), are quite unacceptable and indeed quite suspect in their own right, and I am seriously considering abandoning the otherwise excellent CIS because of this.

I would much appreciate some words about what these big uploads (at least tens of MB) contain, and any means by which I can prevent them from happening without hurting my system. If it was downloads I’d have assumed that it was necessary updates, but uploads are another matter.

The IP address resolves to cima.security.comodo.com

I would assume that this is a cloud upload of unrecognized files for analysis.

Check if “Enable Cloud lookup” and “Analyze unknown files …” are enabled under

Tasks → Advanced Settings → File Rating → File Rating Settings

If they are enabled, turn this off and check if the online activity ceases.

Hope this helps,
Ewen

Thanks indeed, Ewen, for your explanation, which, on consideration, I’ve little doubt is correct. I’d clean forgotten about cmdagent doing useful things like sending unrecognised or suspect files for analysis, and I would not want to obstruct that. My only problem is when it hogs my full available Net traffic capacity, so it interferes in my work. I tried out NetBalancer, but it doesn’t seem to work effectively on my system, so I’ve got rid of it again. I’d like to be able to tell cmdagent to limit its traffic to a very low speed, so that it doesn’t interfere with my work. That facility of course should be available in any security program that uploads / downloads significant amounts of material, as a security program that gets in the way of one’s working is really not fit for purpose.

Ah, I tried again with NetBalancer, and I got it working fine this time, so cmdagent’s big uploads no longer interfere with my online activities.

Glad to hear it’s resolved to your satisfaction.

I had to turn that off after it uploaded my entire C:\Windows\Assembly folder (~1GB). 88)

Are you developing in DOT NET or do you have lot’s rare program written in DOT NET?

How can you find out which exact files have been uploaded to the cloud?

UnderSubmitted files.

I don’t develop in DotNet but I use various utilities coded with it. Comodo uploaded all of it. :o

EDIT: I should add that this was on a different computer with v5.12 under Windows 7. I use Comodo v6/Win8 on my main computer and keep that feature disabled.

Every time I look in “Submitted Files” there is nothing there. I have never seen any entries there. I have the cloud functions fully enabled too.

There is the issue though that in v6 submitting files manually doesn’t seem to work. At least it never does for me. Maybe that’s why I never see anything. Maybe it just doesn’t work period.

I don’t think automatically submitted files show up in that list, but I’m not sure… I just think that because I’ve never seen anything there that I haven’t manually sent.

Maybe not on the topic.
But “Submitted Files” displays the files that are sent only manually from quarantine.

Edit: Where it has been my theme, but in the new f… I can not find. ;D
As far as I can remember. Topic about - cleaning records from window.

In v6, maybe, but not in v5.