Hello,
Yesterday I did a fresh install of XP and COMODO firewall and I have been getting requests from cmdagent.exe to connect to the following IPs 65.55.12.249 and 207.46.193.254 (wwwtk2test2.microsoft.com) which belong to microsoft, why is this happening?
Thanks in advance.
Hello sfgyrus,
This is because CIS is verifying Certificates with CA servers.
Thank you very much for your swift answer :).
Could you explain a bit more about the process, what kind of certificates and what is a CA server? And more importantly is there any way to disable this, is it ok if I simply permanently block cmdagent.exe access to the Internet?
Has to do with Defense+ and the “Trusted Software vendors” i would not block that.
If defense+ detects a new process started it will check it’s code signed certificate to see if it’s (still) valid.
And depending on your settings automatically create rules for it if it’s trusted.