Running Comodo Firewall 5.0.163652 on XP. I have Defense+ disabled. Firewall is set to Safe Mode.
Since I installed this version I’ve noticed that my browser connections (especially ie8) are occasionally horribly slow. I’ve just noticed that cmdagent.exe is using over 900 outbound connections! WTF??? That could well explain my browser slowness. What is cmdagent doing using all those connections and how can I stop it?
Are these outbound connections on ports TCP 4446 and UDP 4447? Then you are seeing Cloud traffic.
Do the incidental slowdowns correlate with cmdagent.exe having more outgoing connections than when the browser runs fine?
I have also noticed a few times hundreds of outgoing connections always to 91.209.196.27.4447. Why is cmdagent making these connections? What is cloud traffic?
cmdagent.exe makes those connections because it can.
IF you block those connections, cmdagent will not make those connections. Cmdagent.exe is a component of CIS: you block its actions at your own risk.
Normal CIS traffic will include:
TCP/UDP out from [NIC] to [CIS agent] dest port [4447/4448]
TCP/UDP out from [NIC] to [CIS agent - co.uk] dest port [4447/4448]
TCP out from [NIC] to [CIS agent - theplanet.com] dest port [2116/50302]
TCP out from [NIC] to [CIS agent - co.uk] dest port [co.uk - dest]
TCP out from [NIC] to [CIS agent] dest port 80
TCP out from [NIC] to [msecn.net - SVCHost/CIS/AAWService - 80] dest port 80
TCP out from [NIC] to [CIS - cfpupdt] dest port 80
TCP out from [NIC] to [CIS cfpupdat / agent - Cachefly] dest port 80
TCP out from [NIC] to [PCCWGlobal.net] dest port 80
:-[ In my initial message i entered the wrong ip address. the one that had several hundred connections was 208.116.56.25.44488, which seems to belong to Fortressitx.com. Is that a Comodo Partner or something?
Yes; Comodo Uses Fortressitx
Jake
Thank you
Had to wait until it happened again to check. No, the cmdagent connections were not responsible for the slowdown. After a lot of digging (and screaming ;D) I discovered it was a parental control setting on my new modem.
So no problem, thanks for your help.
Congrats with finding the solution.
Users must be cautioned against adding IP ranges to hosting sites. Just as most other websites, Comodo uses hosting provided by Internet routing companies. For example, traffic from you computer would look like this (in simplified form): Your device - Your ISP - Internet Hosting Company (essentially a router) - website.
In other words, DO NOT allow traffic to specific IP’s unless you can guarantee from the website owner themselves that those IPs are static and not dynamic (in other words, make sure the IPs don’t change). This becomes even more important when someone wants to allow specific IP access to Microsoft.com IPs or Google IPs for Google services, as almost every large corporation provides hosting to other individuals for their websites. Just because an IP is listed as owned by a specific company does not meet that IP is used by said company.
So, looking at the hosting addresses above, only those owned by Comodo AND verified with Comodo the IP ranges they use for CIS and other services they offer would be safe to add… again, I cannot stress enough the importance of verifying with Comodo (or any other company) what IP ranges they use for their services.