CIS Acting like spyware. This is why I use a FW and CIS is doing it.

Why is cmdagent.exe constantly connecting to the internet to a third party site. What is it saying and why. This is the kind of activity I block with my FW and now my FW is doing it.

PLEASE stop this activity or at ;east give me the option to do so…

Hey and warm welcome to comodo forums!


1) Updates

2) Could scanner

disable the cloud scanner in AV,FW and D+

Valentin N

What IP address is it connecting to? Is it communicating on ports TCP 4446 and
UDP 4447? Those are the ports used by the File Look Up Service of the cloud component of CIS.

How to disable all cloud functions of CIS?

In the AV:

In Defense +

And you also have to empty the TVL :wink:;msg487483#msg487483

Valentin: Updates disabled, do not have Cloud scanner. I am only using, and have installed, the FW (which comes with D+, which was disabled at installation).

EricJH: Everything but the FW is disabled, and was from the start. COMODO still acts like SPYWARE and connects to third party sites.

AdvancedTag: You have got to be kidding, that is a lot of clicks to remove that list . UPDATE: I found the file, and the backup, and deleted them. Not so bad after all.

EricJH: cmdagent.exe is trying to connect to a Microsoft websites on port 80 (207.46.206…) Since I only have the firewall enabled there should be no reason for this activity.

Why is Comodo FW communicating with a Microsoft website?

Can you provide how you are logging the activity together with other processes running and doing connections at the same time?

I am using Comodo Firewall to monitor this activity, and the second part is irrelevant, cmdagent.exe should not be talking to a Microsoft web site…ever.

Then make a custom rule for cmdagent.exe and add the Microsoft address as a blocked IP addres.

So, are you saying Comodo Firewall is SPYWARE and I should block it? Is there a better explanation as to why cmdagent.exe is talking to a MS website?

I am not sure you can stop cmdagent.exe from doing look ups with certificate authorities. If that behaviour includes your definition of spyware then we have vastly different opinions about what defines spyware.

Now that I know what it is doing, now I have to ask why?

There is no need for a firewall to look up certificate validity, my virus scanner does that, and so does Windows. All it needs to do is to control network activity.

I only installed, and use, Comodo Firewall. If there are still components of Defense+ active, there is a problem with the software. I have everything in Defense+ disabled.

It seems I am back where I started from. This should have been in the Feedback section, since it is a problem I would like to see rectified.

PS. I think any undocumented network activity is spyware-like. Nowhere in the Comodo Firewall settings, or help documentation does it mention this activity.

Can you give us the full IP please.

The two most recent ones were and

I just noticed that there were also connection attempts to Akamai .(,…hmmmmm, that could be just about anything, but 58 is also used for windows updates.

There is another option to block connecting to IP addresses. Go to Firewall → Network Security Policy → Blocked Zones and add the IP addresses you want. That way any program cannot connect to nor be connected by the IP addresses in the list.

Not bad for spyware, isn’t it? :wink:

OMG, I give up…

I know how to operate this firewall, I have been for years…I don’t need help with the configuration, nor did I ask for it, EricJH moved this post here!

You guys are missing my point! I don’t want a workaround, I want the program fixed. That is why I posted in the feedback section. Let the FW be just that, a FW and nothing else. Let Defense+ do the certificate checking, and since I have that disabled, defense+ should stop doing anything.

No response necessary.

There is a point in giving full details with a process log over what gets in and out.
Comodo itself is NOT talking to a Microsoft web site, so you got some other ■■■■ that triggers that behavior.
As I can see the IP goes for MSN, so check your MSN or Windows Live products and services.

You can also run Process Explorer: Process Explorer - Sysinternals | Microsoft Learn, and determine the process relation.

Mineria, you are incorrect. It is not another process, it is cmdagent.exe I am talking about.

So you say, I did not see anything from you that confirms it though, not even a screenshot.
Neither can I replicate your issue with my current CIS installation.
So you need to provide something more, probably why your post was moved to the HELP section in first place.

if you only want firewall then click on CIS tray icon → config → firewall security.

Valentin N