I have just upgraded to the latest Comodo firewall (4.1.150349.920) and noticed that cmdagent.exe is showing connections to 208.116.56.20:4448 (and possibly 208.116.56.21:4447) sometimes. These IPs show up as belonging to Fortress ITX - not sure if that is right. Is this normal and expected or is this a problem (malware, virus)? The connections seem to disappear, if I turn of the automatic submission of unrecognised programs in the sandbox settings - not sure if that is just coincidental.
Same here, on both machines that I upgraded CIS from v3 to v4. Even though I only installed the firewall, the sandbox was also activated and seems to be responsible for this attempt.
comoodo IP, ( cloud part of 4.1 is what you are seeing)
208.116.56.20 - Geo Information
IP Address 208.116.56.20
Host 208.116.56.20
Location US US, United States
City Clifton, NJ 07014
Organization FortressITX
ISP FortressITX
AS Number AS48447 Comodo CA Ltd
208.116.56.21 - Geo Information
IP Address 208.116.56.21
Host 208.116.56.21
Location US US, United States
City Clifton, NJ 07014
Organization FortressITX
ISP FortressITX
AS Number AS48447 Comodo CA Ltd
So if the sandbox is enabled and you’re just sitting on your desktop with no active connections to the internet, and just playing in Windows you’re going to get these connections?
I was just digging around in My Documents doing something, when I thought to open the firewall and it said it had 105 connections, I was like WHAT!
I was wondering the same thing when I first saw over 200 outbound connections to 208.116.56.20:4447 and 208.116.56.20:4448. I read on this thread that it was because the Comodo Sandbox was enabled so I disabled it and another 200+ outbound connections occurred again later on in the evening.
Since then I have learned that these internet addresses are the Comodo Servers and these connections are the Comodo Cloud Scanning which is optionally enabled in Defense+ Settings> Execution Control Settings…
Yesterday as a test I purposely left Cloud Scanning disabled to see if the flood of outgoing connections would cease, and they did although I have enabled Comodo Cloud Scanning once again.
Ok, what part of “Firewall only” enabled was unclear?
Please also remember that this topic was about Firewall v4, you should probably open a new topic for related issues in v5.
That has been stated before, but it’s not the point. The point is, a firewall product has absolutely no business of making any kind of connection on its own. Marketing the product as a stand-alone firewall as it’s being done on many websites like betanews or even the Comodo homepage is purposely misleading the user, when in fact the product ALWAYS try to connect to a cloud server for whatever reason.
Comodo is not doing itself a favor since the internet community can react very harshly to that kind of thing. ALL connections, including updates and this cloud stuff must be user-controllable if the product wants to succeed. Btw, I’ve disabled the update server in my v4 and it still keeps reminding me of new available updates.