Just started my Vista pc and I noticed that half way through windows booting that it was uploading at the rate of around 1.7Mbits/s. I open Comodo CIS to see what was going on and it was cmdagent.
Comodo indicated that the virus database was being updated but the traffic was in the wrong direction.
The remote IP started with 199 (unfortunately I didn’t think quickly enough to not eh full address and closed the Comodo window :embarassed:).
Is this behaviour normal?
Doesn’t look normal, but then again no one knows what exactly gets sent to Comodo from your system. ???
Unless you have media sharing on your network, but wouldn’t that be 192.x.
But that’s a lot of “data”.
PS: I’m not an expert.
Can you please double check that the IP address. If it actually started with 91.199… then it’s the Comodo update server, although 62MB being uploaded (as opposed to downloaded) is a bit odd.
Anyone can see exactly what traffic is going through your NIC (i.e. - see what Comodo or any other application is sending/receiving), you can install Wireshark/pcap. This app will capture all traffic going through the NIC and the captured data can then be read and interpreted.
Ewen 
Difficult to capture with wireshark as its happened during a cold boot of the system.
I might be mistaken with the address, I could swear it started with 199!