I have my extra paranoid hat on today so apologies in advance
CIS6 calling out within the IP range:
220.127.116.11 - 18.104.22.168 (Unizeto Technologies in Poland)
Is this necessary traffic and for what purpose.
and what affiliation do they have with Comodo ???
Thanks for any info :-TU
For the time being i will block and log all this cmdagent.exe traffic until I’m sure it’s genuine.
Looking at Unizeto on Wikipedia (translated from Polish) it says “…specializes in solutions and services related to trust and security in the network, using digital signatures and PKI . Under the brand CERTUM - General Certification Center conducted a public certification authority providing certification services related to electronic signatures”
So at a guess I would imagine it’s probably checking for a Certificate Revocation List from Certum (which is a Certificate Authority). I guess the only way of knowing for sure would be to packet sniff using something like Wireshark or Microsoft Network Monitor to see what it’s requesting.
Thanks anabna for your thoughts, i also searched and found similar.
Still unsure why cmdagent.exe needs to connect to anyone but Comodo ???
I am logging intently, today we have no connections to unizeto attempted.
Will keep a close eye on things, maybe use the methods you suggest :-TU
Cmdagent.exe will check certificate authorities to see if certificates are valid or revoked.
I understand that Eric but there’s no harm in being extra careful
CIS is a very empowering tool that will give the users homework when choosing high security settings.