cmdagent.exe - is it necessary? Wants to connect to all sorts of IP's.

Running CIS Premium on Win 8.1. Cmdagent.exe wants to connect to all sorts of domains that don’t make a lot of sense once looking them up.

  1. Is cmdagent.exe necessary?

  2. Which connections/ports does it have to have allowed?



maybe it’s sort of web protection/scanning process

Yes cmdagent.exe is necessary, its the component that does most of the protection i.e. HIPS, firewall, etc. cis.exe, cistray.exe, are GUI components, and cavwp.exe is the anti virus component.

Its uses:

TCP OUT 80, 443
UDP OUT 4447 File Lookup Service
TCP OUT 4448 File Lookup Service Fallback

If you use CIS to upload files to Comodo for analysis it will use a really random port kinda like ftp. I haven’t been able to figure out the whole range for that service yet, nor I have seen it in the documentation or forums posts.

Thanks aim4it - does that mean, for all practical purposes, that it should be allowed unfettered access to go out, at least the ports you mentioned?

It is possible to complete the post of aim4it by :

UDP OUT 4447
TCP OUT 4448

If you make use of the trusted file list & signatures, cloud lookup, then you should allow at least those rules or just use the default of allow outgoing. If your a HIPS only kinda person then you may only need the standard web ports 80,443 for program updates.

CIS is very flexible, it’s however you want to use it, but then it’s your responsibility to know what your doing. :wink:

A side effect that may happen when blocking cmdagent.exe from having proper internet access, see this thread here: cmdagent.exe is delaying apps from loading

Thank you all for chiming in. Thanks for the link to the drawbacks of disabling cmdagent.exe

Yes, CIS is very flexible at the risk of having to know what one is doing - I’ve learned that the hard way, but now appreciate it!

I’ve actually got HIPS disabled. I also have cloud lookup disabled - wondering if that is a poor idea, given that you (aim4it) talked about cloud look up OR HIPS…

I should confess that one thing that had made me uneasy (prior to talking to you all about it) about cmdagent.exe is that I couldn’t make sense of all the IP’s it was trying to connect to - couldn’t find rhyme or reason among them after looking some of them up…

Many thanks.