Running Comodo Firewall 5.0.163652 on XP. I have Defense+ disabled. Firewall is set to Safe Mode.
Since I installed this version I’ve noticed that my browser connections (especially ie8) are occasionally horribly slow. I’ve just noticed that cmdagent.exe is using over 900 outbound connections! WTF??? That could well explain my browser slowness. What is cmdagent doing using all those connections and how can I stop it?
cmdagent.exe makes those connections because it can.
IF you block those connections, cmdagent will not make those connections. Cmdagent.exe is a component of CIS: you block its actions at your own risk.
Normal CIS traffic will include:
TCP/UDP out from [NIC] to [CIS agent] dest port [4447/4448]
TCP/UDP out from [NIC] to [CIS agent - co.uk] dest port [4447/4448]
TCP out from [NIC] to [CIS agent - theplanet.com] dest port [2116/50302]
TCP out from [NIC] to [CIS agent - co.uk] dest port [co.uk - dest]
TCP out from [NIC] to [CIS agent] dest port 80
TCP out from [NIC] to [msecn.net - SVCHost/CIS/AAWService - 80] dest port 80
TCP out from [NIC] to [CIS - cfpupdt] dest port 80
TCP out from [NIC] to [CIS cfpupdat / agent - Cachefly] dest port 80
TCP out from [NIC] to [PCCWGlobal.net] dest port 80
:-[ In my initial message i entered the wrong ip address. the one that had several hundred connections was 220.127.116.11.44488, which seems to belong to Fortressitx.com. Is that a Comodo Partner or something?
Had to wait until it happened again to check. No, the cmdagent connections were not responsible for the slowdown. After a lot of digging (and screaming ;D) I discovered it was a parental control setting on my new modem.
Users must be cautioned against adding IP ranges to hosting sites. Just as most other websites, Comodo uses hosting provided by Internet routing companies. For example, traffic from you computer would look like this (in simplified form): Your device - Your ISP - Internet Hosting Company (essentially a router) - website.
In other words, DO NOT allow traffic to specific IP’s unless you can guarantee from the website owner themselves that those IPs are static and not dynamic (in other words, make sure the IPs don’t change). This becomes even more important when someone wants to allow specific IP access to Microsoft.com IPs or Google IPs for Google services, as almost every large corporation provides hosting to other individuals for their websites. Just because an IP is listed as owned by a specific company does not meet that IP is used by said company.
So, looking at the hosting addresses above, only those owned by Comodo AND verified with Comodo the IP ranges they use for CIS and other services they offer would be safe to add… again, I cannot stress enough the importance of verifying with Comodo (or any other company) what IP ranges they use for their services.