cmdagent.exe making odd connection


I recently happened to see that cmdagent was connecting to, which seems to be related to the USAISC, does anyone know why did cmdagent attempt that connection? (sadly i cant give more details since due to a powercut my logger shutdown without saving its log so i cant state what port it was using but i’ll try and guess it was http). I’m not even american im from europe O_o

Actually im rather scared of this, totally unknown and unrelated to me ip so any help would be greatly appreciated.

thanks in advance

Hi jenrogs,

It seems to be an address of the CARLISLE group which is on the Trust Vendors List.

The connection made is surely safe, but I hope someone else could explain why cmdagent has to connect to Carlisle.


Another good reason to block cmdagent connecting to anywhere and, if used, removing all entries from the TVL.

The Whois information I retrieved is ambiguous. May be the IP range was sold from one party of the other.

The information shows Carlisle (ISP in Carlisle Pennsylvania) and Information Systems Engineering Command (USAISEC):

The United States Army Information Systems Engineering Command (USAISEC) is located at the foot of the Huachuca Mountains in Fort Huachuca, Arizon


i hope so too i’m so scared right now

may i ask you how? doesn’t seem that easy to do

in any case what would they want from me? I mean doesn’t make sense that cmdagent connects to them does it?

At what port is cmdagent.exe trying to contact that IP address?

sorry i can’t say that for sure, i havent checked the port (dumb of me) i only written down the ip for a later whois from my other pc, i can imagine 80 because most were, but as i said 1 i didnt check 2 my logger went down

err…noone got a clue?

Pretty spooky stuff. All indications I can find point to USAISC :o The Carlisle in the whois refers to mil, which is the US Army War College. It also refers to the Carlisle Barracks, which is a home of the USAISC.

You can block cmdagent by deleting the existing rule and creating another with a block out everywhere. However, doing so will remove some functionality, such as cloud scanning and updates.

i wonder why the heck it’s happening, if i use it on another pc it doesnt do it O_o either comodo hates dell or usa army is after me

I sent umesh a pm asking whether that IP address was being used by Comodo. Here is his reply:

Yes, it is one of IPs connected with

I hope that answers the question.

it was very very kind bothering yourself that much for me, thanks i appreciate it very much.

It kinda answers the question but i still would like to get why that ip, i mean we all seen the whois its not COMODO GROUP so why was it going there? If its possible id like to know still thanks to both for your time and your precious help :slight_smile:


it doesnt change O_o i hope you’ll forgive my paranoia but lol i pinged it like 40 times its soon going to pass for a DoS but stil never changed to that one

Do you have a blog?

Have you mentioned WikiLeaks or Julian assange?,_9_Feb_2009

I traded a couple of pm’s about this with umesh. The IP address belongs to Cachefly that is hosting the CIS updates for Comodo.

About the inconclusive whois information umesh said he would notify Cachefly that the IP range is not showing up as belonging to them. The IP range has probably been sold a couple of times and the information by Arin is not up to date.


thank you soooooooo much!!! although its odd that that ip got contacted only once knowing that im safe made my day, thank you! :slight_smile:

After 6 days i wonder, why isnt cmdagent.exe making that connection anymore? Ever again since then and even on multiple computers?

I have seen Comodo change hosting provider a couple of times in the past half year. May be they changed.

Hi again

Sorry if i keep bothering but im a very paranoid person.
I recently found log entries of 1 month before and after this incident and this IP was never listed actually you said you talked to “umesh” about this may i have some public official explanation from him? (unless you re in the comodo’s staff).

I’m getting really frustrated right now, if there is something that cant be discussed publicly i invite you to send me a pm. (i actually dont mind if i find my inbox with “comodo has a governative backdoor in it” even my old modem had one and the only way i got rid of it was when it broken on me and they wouldnt replace it so its np aslong as its documented, just saying, im NOT claiming comodo has such things)


it happened again but the ip is still apparently usaisc’s anyone can help me out? I’m really frustrated now