Comodo av updater eating up my monthly limit?

This is my first post and I wonder if you good people might give me some advice?

I am getting a little long in the tooth so try to keep things fairly simple if you can but today COMODO, which I’ve been using quite happily for some months, has downloaded about 3.3 Gb on me in several different “drops”. Slightly annoying as I have a monthly limit of 10 Gb and I’m now up to about 12.5 Gb. Still that’s my problem.

I watched the little COMODO Internet Security Premium (free) logo showing a download at regular intervals and checked on NetMeter and was astonished at the size of the files.

Is this normal? Can I check the size of the files before being downloaded? Have I messed something up and COMODO has decided to take revenge ;D ?

I now have Product Version 5.5.195786.1383 and Virus Signature Database Version 9927 but haven’t a clue what I had before today.

Thanks in anticipation of your help/advice.

Hi BazP, welcome to the forums. Sorry it’s under such circumstances though.

I have the same version as you, AV updates are on automatic and CIS updates are on manual. I’ve just checked CIS’s Tasks Launched Log and it seems that I’ve only seen four AV updates today. I did a manual update and CIS had nothing to download (I’d usually see any TVL updates here). But, I don’t think this would be any near 3.3GB in size, in fact… I don’t think any update ever should.

However, I did note you said that your AV database version was 9927. My Logs say 9927 was updated to 9929 at 10:41 UTC today. I’m currently on 9931 following another update at 14:14 UTC. So, I think that you should check your Tasks Launched log (see “More” button on any CIS event log) to see what’s been happening.

Thanks for getting back to me Kail.

I’ve had a look at the area you advised and under “Tasks Launched” it shows 30 for today.

Three of these: 0x80072ee7; Old database 9927; New Database 9927
One of these: 0x80072f78 with same database info as above
Twenty two of these: 0x801f0007 with same database info as above
One of these: 0x84000005 with same database info as above
One which is Code (Empty) with old database 9920 and new database 9927
and two of these: 0x00000001 Old database 9927; New Database 9927

They went from 10:11:19 this morning until the last which was at 5:15:28 this evening (I’m not sure whether the times are GMT or BST

Perhaps the thirty downloads explain why my monthly Broadband usage has been busted :slight_smile:

But even 30 downloads of this type wouldn’t amount to 3.3Gb IME.

In my log the only Code I see is 0x00000001 which afaict means simply “database hasn’t changed, do nothing in this case” and then a Code of [blank, nothing, no entry] when there is a new one and it has been downloaded. In the last two days i.e. 8/29 and 8/30 I have eight updates.

Never seen Codes like you have; hopefully kail will advise their meaning. Have you run a Diagnostics scan (“More”)?

Thanks for your help.

I’ve just ran the diagnostic Scan and received the following response “The Diagnostic utility did not find any problems with your installation”.

I’ve just had another thought.

I notice that the updater uses Internet Explorer’s Internet connection settings. As I never use Internet Explorer is it possible that, for some bizarre reason, Microsoft intervenes to update all of my Microsoft updates (which I always ignore when prompted on “boot up”)?

There is no connection between your IE settings and Windows Update settings

just to say
20-30 times 100 to 180 mb would lead to 3,3 gb

Sure, but the individual incremental updates are nowhere near that big.

While waiting for someone to explain the bizarre “Codes” BazP, have you tried to find multiple large files created after ? Maybe the bizarre codes owe to CIS failing while your PC was busy downloading xyz for example.

I suppose it’s possible CIS tried to DL the whole flippin’ database 20 times or someting (bases.cav I mean) but I seriously doubt it.

Well, I’m on database 9945 now so it seems to be working OK as far as AV is concerned.

I can’t think what massive files there would be loading in the background. I never download music or stuff like that - I’m a vinyl man. I haven’t updated OpenOffice for ages and it always asks for permission anyway as does my browser Opera (new version loaded today).

I’ve just done as you suggested and looked for multiple large files from the past week and from yesterday’s date, when the problem first manifested itself (I’d only used up 9 Gb of my monthly allowance until yesterday), there are only a couple of “tiddlers” - one of 8365 Kb and the other of 25,728 Kb. Very strange as around 3.4 Gb was shown on both my ISP’s usage page (I check almost daily) and on NetMeter for yesterday so whatever they were (and as I pointed out in my original post the COMODO Internet Security Premium logo was continuously showing the little arrows crossing it as if to indicate some Web activity) they didn’t get loaded to my computer.

COMODO has downloaded two files today - a “Repair” CAV file of 204,081 Kb and a “Scanners” file of 204,110 Kb and they are by far the two biggest files which have been downloaded in the past week.

Well I have only 5Gb/mo ISP so I watch my usage too, and I can only say that despite that those 2 files of 204Mb do show as “created” today, I am certain beyond-a-doubt that I did not download them afresh; not 408Mb and not 204Mb. So I’m comfortable, at least with my setup, that CIS is only DL’ing small updates and not the entire file(s).

I suppose something could be amiss/broke with your CIS but I’m at a loss to help–dunno Netmeter myself but I’ve used an app called ShowTraffic which has helped me in the past to pinpoint “road hogs” in my network.

May be the av database got corrupted and CIS started downloading the latest full database again. There is one serious problem with this and that is when the download of the latest full database gets interrupted CIS will start from the beginning again next time it tries to update the database.

The above ingredients can produce a lot of traffic in a minority of scenarios.

I’ve just this moment received another 160 Mb or so (i.e. getting on for half of my average daily allowance) and it was all from COMODO.

As soon as I saw the arrows on the logo I clicked on COMODO Firewall’s active connections and it was 99.8% COMODO and 0.2% Opera (my browser). I was then able to click on the “Outbound Connection(s)” to see that the traffic was all (if I remember correctly) CMDAGENT.EXE (I could be wrong about the exact designation but it was definitely from COMODO) and I watched it go up from around 120 Mb to 150-155 Mb).

I don’t want to get rid of COMODO as I think it does a great job and is well developed but this download business is driving me a little frantic.

My AV database version is now 9956.

Then your database is up to date.

Reboot your computer and see what happens when you download the latest av database. Keep an eye on the updater dialogue. Start the updater manually.

I recommend reinstalling cis, something is happening that is corrupting the database, this will be the easiest way to fix it. do you have any other security software installed on the machine at this time or is it comodo only?

Thanks EricJH and languy99.

It’s just done the same thing again (at 1345 British Summer Time) - 143.2 Mb download from CMDagent.exe TCP OUT.

The only other security software I have is IObit Advanced System Care v4.0.1.200 which has a malware scanner (if that counts as security software) which I run manually very occasionally and I suppose whatever the ISP provides security-wise.

AV database is now 9966.

I’m going to delete COMODO and reinstall and see if that helps.

Being paranoid about ISP usage myself, I have un-checked every Comodo setting I could find that has the word “cloud” in it, suspecting (without knowing for sure) that these settings will upload stuff to Comodo which I want to avoid. Might want to try this as maybe CIS is trying to send-up some file(s) for Comodo analysis?

BazP is talking about download traffic, not upload traffic.

Keep us posted on the reinstall.

How did you get on with this BazP?

I’ve had exactly the same problem - except CIS downloaded 10GB + worth of AV definitions over a 24 hour period.

I’ve now disabled the update, as I don’t have time right now to re-install Comodo, but does anyone know what has caused this to happen? Because of Comodo going mad, I’ve also racked up big fees with my ISP for going over my download limit.

I read somewhere that this may have happened because the bases.cav got corrupted, but checking the “tasks launched” log I dont see why or how this would have happened.

It certainly appears that is the case though. At this point, what you should do is just un-install and then re-install the new version 5.8. I think it has a new bases.cav format anyway i.e. you’ll have to download its 80Mb file anyhow to start afresh.

I have multiple PCs, and limited ISP bandwidth too. At least with new 5.8 it does not instantly start downloading the big bases.cav file right away, so it’s easier for me now to update multiple PCs:

  1. Update one PC, download the big bases.cav and its minor updates

  2. Save the bases.cav somewhere

  3. Update another PC, but before the reboot which starts the new 5.8, just copy-in the saved bases.cav to the scanners (and repair) directories.

Good luck… 10Gb omg! >:-D

EDIT: Oops I lied about the ease of replacing the bases.cav in step 3. Some of my PCs have allowed this, and others have not. The “install over an existing setup” software seems to be flawed, as sometimes it says “reboot to continue” and then it doesn’t continue–you have to launch the installer again manually. Maybe a UAC thing, though it seems to me this happened on an XP PC as well. :frowning: