Why is cmdagent.exe constantly connecting to the internet to a third party site. What is it saying and why. This is the kind of activity I block with my FW and now my FW is doing it.
PLEASE stop this activity or at ;east give me the option to do so…
What IP address is it connecting to? Is it communicating on ports TCP 4446 and
UDP 4447? Those are the ports used by the File Look Up Service of the cloud component of CIS.
Valentin: Updates disabled, do not have Cloud scanner. I am only using, and have installed, the FW (which comes with D+, which was disabled at installation).
EricJH: Everything but the FW is disabled, and was from the start. COMODO still acts like SPYWARE and connects to third party sites.
AdvancedTag: You have got to be kidding, that is a lot of clicks to remove that list . UPDATE: I found the file, and the backup, and deleted them. Not so bad after all.
EricJH: cmdagent.exe is trying to connect to a Microsoft websites on port 80 (207.46.206…) Since I only have the firewall enabled there should be no reason for this activity.
Why is Comodo FW communicating with a Microsoft website?
I am using Comodo Firewall to monitor this activity, and the second part is irrelevant, cmdagent.exe should not be talking to a Microsoft web site…ever.
I am not sure you can stop cmdagent.exe from doing look ups with certificate authorities. If that behaviour includes your definition of spyware then we have vastly different opinions about what defines spyware.
Now that I know what it is doing, now I have to ask why?
There is no need for a firewall to look up certificate validity, my virus scanner does that, and so does Windows. All it needs to do is to control network activity.
I only installed, and use, Comodo Firewall. If there are still components of Defense+ active, there is a problem with the software. I have everything in Defense+ disabled.
It seems I am back where I started from. This should have been in the Feedback section, since it is a problem I would like to see rectified.
PS. I think any undocumented network activity is spyware-like. Nowhere in the Comodo Firewall settings, or help documentation does it mention this activity.
The two most recent ones were 207.46.206.9 and 207.46.206.10
I just noticed that there were also connection attempts to Akamai .(184.84.243.58, 184.84.243.24)…hmmmmm, that could be just about anything, but 58 is also used for windows updates.
There is another option to block connecting to IP addresses. Go to Firewall → Network Security Policy → Blocked Zones and add the IP addresses you want. That way any program cannot connect to nor be connected by the IP addresses in the list.
I know how to operate this firewall, I have been for years…I don’t need help with the configuration, nor did I ask for it, EricJH moved this post here!
You guys are missing my point! I don’t want a workaround, I want the program fixed. That is why I posted in the feedback section. Let the FW be just that, a FW and nothing else. Let Defense+ do the certificate checking, and since I have that disabled, defense+ should stop doing anything.
There is a point in giving full details with a process log over what gets in and out.
Comodo itself is NOT talking to a Microsoft web site, so you got some other ■■■■ that triggers that behavior.
As I can see the IP goes for MSN, so check your MSN or Windows Live products and services.
So you say, I did not see anything from you that confirms it though, not even a screenshot.
Neither can I replicate your issue with my current CIS installation.
So you need to provide something more, probably why your post was moved to the HELP section in first place.