CIS strange activity

Hello everyone!

First I would like to say that I am very pleased with comodo products, especially with firewall. I consider Comodo firewall to be the best firewall (free or not free) on the net. Antivirus need some work, but its ok for now, still one of the best free antivirus available on the net. Defense + is AWESOME period.

Recently, I started to use ‘http block’ option in peer guardian which I use with CIS on my home computer, And soon it came to my attention the blocked connections to comodo site , IP: port 80 in peer guardian log.
For the record, I never use update in any of my programs, and ALL updates are disabled in CIS setings as well as not use Threatcast or submission of suspicious files to comodo or any connection to comodo site.
So, for the experimental reasons I have disabled all update options available in CIS antivirus, but still those connections are popping up on regular basis and get blocked by peer guardian.

Can you tell me why CIS is trying to connect to comodo site, and how to disable this?
I dont like any info about me to go to any database on the net without my knowledge.
Dont get me wrong, I do trust comodo, I’m using comodo firewall with def + more than two years and now CIS, just getting annoyed by those connections and flashing of peer guardian in the tray.

Cheers and thanks for this great defense for personal computers.

Welcome. :slight_smile:

CIS connects to the internet for many reasons. Even though all updates are disabled, every time you get an alert from CIS, it checks the file’s signed certificate by contacting the COMODO website, Microsoft servers, etc. The only way to stop this would be to create a block rule in the firewall settings for ‘cmdagent.exe’ which I would not recommend. cmdagent.exe is CIS’s core process and could lead to unknown stability issues.

Ok. Thanks for this explanation. I will then exclude comodo site from my peer guardian blocks.
I was aware of this issue for some time, but was too lazy to ask…
Mainly, I use free and open source programs that do the job, and like I said before, I trust comodo much more then some another program vendor of free programs.

I have however some other questions:

  1. Can you tell me why comodo have online database for file signatures?
  2. What purpose of online file signature database is for CIS on a client computer?
  3. File signature on file access that are send to comodo site, are they or would be shared with third party?
  4. Any chance of ofline file signature database in CIS update in a future (never mind the size)?
  5. What part of CIS use file signature feature?
  6. Any chance comodo firewall or CIS goes open source any time in the future?

I would love a peak in code …

Hope I dont sound too nosy about this issue … its just basic curiosity about the features of program a love. Any chance in creating some different themes for skin of CIS ? I like my programs to have classic windows look and feel, and classic windowXP skin of CIS would be much appreciated :wink:

Cheers mate, and thanks for quick and detailed answer about my question.

By file signature, I’m guessing you mean the file’s signed certificate? Mostly all files have signed certificates nowadays, which can be used to make sure that that file, is in fact, what it says to be (e.g. if there is a file called “iexplore.exe” and it has a signed Microsoft certificate, you know that it is the real IE file and not malware that is called iexplore.exe. Every time CIS alerts you of a file doing something, it checks its certificate online to see if it is the real file. That’s why in a CIS alert, when you see “Process.exe is a safe application” (process.exe being the name of the file), you know that CIS has check that file to make sure it is the legit file from MS, Adobe, etc (whatever is on your Trusted Software Vendors list). No personal information is sent to any server. Just the file’s certificate being checked for legitimacy with COMODO’s whitelist. Both the firewall and Defense+ in CIS check files this way.

And no, I highly doubt any COMODO products will ever go open source. :wink:

CIS has the ability to change skins under Miscellaneous > Settings > Themes. There are some themes posted on the forums somewhere. I don’t think any are classic XP though.

Ok. I just wanted to make sure we are talking about the same thing.

I’m sorry, I have one more question about this issue …

Application Recognition Database (Extensive and proprietary application safe list) can be good , but can also be used for spying activity of user programs or activities. Why CIS dont have option in setings to disable file signed certificate cheek with online comodo server?

It is not crucial function of firewall, defense + or antivirus, because every advanced user have set of rules applied to every program on client computer. Defence + makes it very hard for process to do something user did not allowed. Second, firewall is almost impenetrable in any situation, and believe me i tried to break him down. Except from couple glitches with rules config, firewall does the job.
Comodo aims to be firewall for novice as well as for advanced users, but lack of this option to control fully CIS is discouraging to advanced users. Advanced users must have this option in setings to deactivate or activate file signed certificate cheek, dont you agree?

After all, if comodo use that information only to protect end users, end users must have option to enable or disable this defense as they like or choose, like any other option during instalation or use of any other program or CIS in consistency with privacy policy.

Cheers mate and thanks for quick reply.

No reply so far. ???
I will ask no more questions about this. I guess I have my answer now.
Sorry if I have offended someone. bye.

It is extremely important. Can you tell the difference between legit files and malware disguised as legit files? (e.g. if you use IE and you get an alert from iexplore.exe and D+ doesn’t say it’s a safe application because it doesn’t match the white list, you can say that it is most likely malware). Yes, D+ makes it hard for processes to do something not allowed, but only when the user knows to allow it or not. This is what CIS is built on: whitelisting, not blacklisting.

You can add this to the wishlist.

Sorry for not replying sooner.Was busy, busy. Thought nobody would reply to my question … :-[
… And I can tell the difference. It is easy like multiplying 2 and 2. All 'iexplore.exe 'are trojan no
doubt about it(joke).I dont use windows if I have a choice(not joke).
The main reason for my posting here is my lack of faith in companies, since I know how they function (much too well) and the profit like thinking in minds of company executives …
So, I will install wireshark, to find out the truth…oh well, maybe I will,I already solved my problem.

Dont know what to post in the wish list, lol ?? This is comodo problem and if you people dont see this fact, it is not my problem.
Let me say that I know how important online cheek is for comodo fwD+, but this is not crucial part of the program, and it can be easily converted in to option in setings.Mean,not so much coding required, only good will.

I will continue to use comodo (I love the program :D) but
I will make sure he dont ‘call’ no one :wink:

Cheers m8 and thanks for reply. :slight_smile: