Yes cmdagent.exe is necessary, its the component that does most of the protection i.e. HIPS, firewall, etc. cis.exe, cistray.exe, are GUI components, and cavwp.exe is the anti virus component.
TCP OUT 80, 443
UDP OUT 4447 File Lookup Service
TCP OUT 4448 File Lookup Service Fallback
If you use CIS to upload files to Comodo for analysis it will use a really random port kinda like ftp. I haven’t been able to figure out the whole range for that service yet, nor I have seen it in the documentation or forums posts.
If you make use of the trusted file list & signatures, cloud lookup, then you should allow at least those rules or just use the default of allow outgoing. If your a HIPS only kinda person then you may only need the standard web ports 80,443 for program updates.
CIS is very flexible, it’s however you want to use it, but then it’s your responsibility to know what your doing.
Thank you all for chiming in. Thanks for the link to the drawbacks of disabling cmdagent.exe
Yes, CIS is very flexible at the risk of having to know what one is doing - I’ve learned that the hard way, but now appreciate it!
I’ve actually got HIPS disabled. I also have cloud lookup disabled - wondering if that is a poor idea, given that you (aim4it) talked about cloud look up OR HIPS…
I should confess that one thing that had made me uneasy (prior to talking to you all about it) about cmdagent.exe is that I couldn’t make sense of all the IP’s it was trying to connect to - couldn’t find rhyme or reason among them after looking some of them up…