cmdagent.exe connect

Why cmdagent.exe asking to address, when you turn on the system? Automatic updates are disabled everywhere. Threatcast disabled.
Not good that, and I do not like (:AGY)

Welcome to the Forums, ChronoAngel.

Did you also disable Check for software updates?
More/Settings/General tab
The AV signature updates are found under the AV Scanner Settings. Real Time Scanning, uncheck the ‘Automatically Update Virus Database Before Scanning’ box.

I’m telling all off, not the first year I was dealing with Comodo.
Everything you named is made from the outset.
In Sheduled Scans just empty all.

This is a known issue, the GUI still checks for updates for language and trusted vendors list.
They will fix this in the next version.

If you don’t trust it you can remove the default firewall policy for cmdagent.exe and block as you wish.
Or you can use wireshark to capture the network traffic and see that it will access the update URL.

You can wireshark at Wireshark · Download

It’s a comodo address;
; <<>> DiG 9.7.0-P2 <<>> -x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25476
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2



[url=]RIPE Whois output[/url]

Thank Ronny.I got a clear answer.Question resolved. I’ll wait for bug fixes :slight_smile:

It has not been fixed yet.

Comodo still tries to connect without the user’s consent.

Which is kind of an irony because Comodo is a FIREWALL.

That totally depends on how you installed it, I assume you downloaded the Comodo Firewall Installer?
Which option did you choose during install with regards to the leak protection?

If you have leak protection active it’s basically Defense+ monitoring your system and that has cloud features.
Next to that there are ‘check for updates’ that take place.

Please let us know which settings you are running.

Create rules for safe applications OFF in both Defense+ and Firewall
Perform cloud based… OFF
Automatically scan files in cloud… OFF
Updates, message center OFF

I have CIS forced over a local proxy and see no concerting traffic in there.
Only thing I can think of is that CIS verifies the Certificates of several executable files that can also cause traffic, that can’t be ‘disabled’.

Are you worried it’s ‘phoning home’ or are you just looking for a connection less install?
If your worried about phone home I’d suggest to setup a local logging proxy to capture the traffic that goes out on these requests so you can ‘see’ what it is.

Which is kind of strange because I have disabled all features concerning “trusted” vendors.

I have simply blocked Comodo without logging.

But I don’t like the fact that I have to block my own firewall.