CIS, connections with comodo servers

Why CIS is still conected (cmdagent.exe, TCP 2 connections, state “established”) with comodo servers (download.comodo.com and eu5.download.comodo.com) remote port 80)?I turned off updates, etc in CIS.

CIS still needs to access the Comodo whitelist. Whenever you get an alert and it states “This is a trusted application” or “This is an unknown application”, CIS had to retrieve that information from the main white list database (which contains millions of programs that have been analyzed already).

Is it possible to configure CIS to prohibit all internet activity from CIS?

I remember a few topics a while back regarding this, but can’t seem to find them. Basically, CIS is going to try and contact the COMODO white list whenever an alert is triggered. The only real option that might work is by adding a block rule for “cmdagent.exe” (CIS’s core process) in the network policies. I’m not sure if this even works, but it is surely not recommended because instability will most likely occur.

It’s irresponsible for a firewall to not have a way to disable all contact that the firewall itself makes.

That being said, I’m not sure why it would cause instability to add a network block rule, since Comodo should be functional on a machine with no internet access or if behind a corporate firewall preventing that type of traffic.

Can anyone speak authoritatively as to what the deal is, and how to keep CIS from making any internet connections on its own?

Because cmdagent was not meant to be blocked. You are putting a restriction on a process, and that process will then be trying to control itself, when it was obviously not intended to be controlled by any rules, let alone itself. If you would like to try, be my guest.

I saw it as no different than not having internet access in the first place (as might be the case with a laptop), but I see your point.

If Comodo can’t run in a stable fashion blocking itself, then it must have a way to disable ALL self-initiated communication. I won’t run it otherwise, and neither will my clients.

If there is another way, I’m not aware of it. It would be nice if they had a toggle switch for it, but I guess the majority of users want it enabled anyway.

May not be looking carefully at the CIS settings but in new version I not see options to prevent send any file to comodo servers(?)

Disable cloud in defense plus settings, execution control settings, perform cloud based behaviour analysis of unrecognized files and Automatically scan unrecognized files in the cloud. Also manual and scheduled scanning in antivirus have cloud lookup. Untick to disable lookup on Comodo servers. Note Comodo recommends leaving these enabled, it is your choice. Kind regards.