hello, have been searching the forum but can’t seem to find an answer relating to my version.

I’m running Comodo firewall 5.12.2562 on win7-64 with defence plus disabled (not a fan of the 6.xx GUI).

I’ve opted to block Comodo. I don’t want to participate in any cloud based analysis or receive automatic updates or whatever the purpose of those processes are, I’m just after a firewall that gives me complete control.

If it is ok to use Comodo as a firewall keeping that in mind, why when I have disabled/blocked the aforementioned does cmdagent.exe continually try to connect to ip’s in the 99.199.* & 99.209.* ranges?

How do I disable this?

Thanks a load to anyone who can help…

Have you tried to disable the automatic detection networks?

I’m sorry but we are not accepting most 5.x bugs anymore so I am transferring you to a help forum.

From the information you have given I am not clear whether this is a bug/issue.

For the moment I will transfer you to help so you can work through this issue with users and mods in this forum and hopefully resolve it. I hope that is OK.

Please ask any mod to move this report back to the bugs forum if it becomes clear that it is a bug/issue.

Best wishes


One of the reasons i am back on 5.
Cmdagent is not trying to phone much, up to stopping it at all.

If you disable

Version 6 did not stop. It felt like facebuk, “publishing” your doing.

If you want to block connections from CIS services, as already suggested, turn off the various update/cloud features in the interface. You should also change the firewall rules to block Comodo Internet Security. You might also want to remove/change the rule for Windows Updater Applications, as that allows cfpconfig.exe and cmdinstall.exe.

[attachment deleted by admin]

Is this confirmed as a bug then?

I have tried to disabled everything everyone has mentioned in this thread and cmdagent.exe still trys to connect?

I had already turned off everything in the interface and blocked the ‘comodo internet security’ policy.

The only way I could figure to change the windows update policy was to export and edit the config file with a text editor… and reimport it…

& cmdagent.exe continues to try to connect…

This all seems like either really sloppy writing due to the wasted CPU cycles of something continually trying to connect while being blocked or… in 2013 even my firewall is trying to data mine me :-\ …

Either way could someone at Comodo please provide some information on this process and how to disable it?

I’ve been using the method I described above for a long time and cmdagent.exe doesn’t try to connect at all. Even if it did, it would be blocked. Out of interest, did you install the AV component?

It still does here.

Guess I will have to make some more noise… to get a response!

If it’s still trying to connect it’s likely something is still enabled that requires it. If you want, you can export your configuration and attach it to a post.

Hi, sorry took a while to find time to look into this further but below is my config:

As you can see I have edited comodo out of the windows rules. I have also reinstalled to make sure I have cloud etc. disabled… yet cmdagent.exe persists!

Anyway very grateful to anyone who can look into this…

[attachment deleted by admin]

In the configuration you’ve posted you have:

Defense+/Defense+ Settings/Execution Control Settings/Automatically Scan Unrecognised files in the cloud



Enabled. So, even though you’re blocking the connections (they will show as blocked in the log) they’ll continue until you disable these options. As an aside, you may also want to remove Trusted files and the TVL.

Thanks for the reply, strange as defence+ & updates are disabled in the GUI… will try all the above, TBC

Yeah so… can confirm non of those things are enabled in the GUI…yet aren’t actually disabled… this could be viewed as pretty convenient given Comodos interest in building an virus database

If anyone has the time could they point out where the options pertaining to what was mentioned above reside in the config file, obvious search terms don’t reveal them?

Corporate interests aside this is still a pretty nifty firewall given all the configurability and the cool community support, not giving up on it yet… ;D

In the configuration file you posted, these settings are enabled in the GUI.

If anyone has the time could they point out where the options pertaining to what was mentioned above reside in the config file, obvious search terms don't reveal them?

The settings are a little obtuse. Values below are for off:
Cloud lookup:
SBSettings - SBMode=1750

Automatic Updates and Comodo Message Centre:
Settings - AutoUpdate=“false” CmcEnabled=“false”

However, once the configuration is activated, the settings are written to the registry. If you wanted to manually change the configuration file, you’d have to make the changes, then reimport it or edit the registry directly. None of which should be necessary if you’ve made the appropriate changes in the UI. If the changes made in the UI aren’t ‘sticking’, you may have an installation problem.

Thank you for the explanation, very much appreciated.

I wonder… could the settings in the GUI not be sticking because I am changing them from a User account as a pose to an Administrator account in Windows 7?

I always do my daily tasks as a User?

Either way I will try a reinstall and registry clean up and re-set everything from the Admin account.

Have now tested on a separate laptop with a stock Windows 7 install…

& have tried Comodo versions:


Same problem no matter the set-up combination, computer or Comodo version… I have everything disabled in the GUI, exported edited and reimported config & tried editing the registry settings directly on two different machines with:

Cloud lookup:
SBSettings - SBMode=1750

Automatic Updates and Comodo Message Centre:
Settings - AutoUpdate=“false” CmcEnabled=“false”

Is there anything else in the config I posted that could effect this?

also is there any config documentation?

To pick up on a detail in your topic start. Can you post the full IP addresses with which cmdagent.exe is connecting? It could be revocation servers of certificate authorities.


Are you using any other comodo products? Also, which ports are being used by the connections?