This is my first post and I wonder if you good people might give me some advice?
I am getting a little long in the tooth so try to keep things fairly simple if you can but today COMODO, which I’ve been using quite happily for some months, has downloaded about 3.3 Gb on me in several different “drops”. Slightly annoying as I have a monthly limit of 10 Gb and I’m now up to about 12.5 Gb. Still that’s my problem.
I watched the little COMODO Internet Security Premium (free) logo showing a download at regular intervals and checked on NetMeter and was astonished at the size of the files.
Is this normal? Can I check the size of the files before being downloaded? Have I messed something up and COMODO has decided to take revenge ;D ?
I now have Product Version 5.5.195786.1383 and Virus Signature Database Version 9927 but haven’t a clue what I had before today.
Hi BazP, welcome to the forums. Sorry it’s under such circumstances though.
I have the same version as you, AV updates are on automatic and CIS updates are on manual. I’ve just checked CIS’s Tasks Launched Log and it seems that I’ve only seen four AV updates today. I did a manual update and CIS had nothing to download (I’d usually see any TVL updates here). But, I don’t think this would be any near 3.3GB in size, in fact… I don’t think any update ever should.
However, I did note you said that your AV database version was 9927. My Logs say 9927 was updated to 9929 at 10:41 UTC today. I’m currently on 9931 following another update at 14:14 UTC. So, I think that you should check your Tasks Launched log (see “More” button on any CIS event log) to see what’s been happening.
I’ve had a look at the area you advised and under “Tasks Launched” it shows 30 for today.
Three of these: 0x80072ee7; Old database 9927; New Database 9927
One of these: 0x80072f78 with same database info as above
Twenty two of these: 0x801f0007 with same database info as above
One of these: 0x84000005 with same database info as above
One which is Code (Empty) with old database 9920 and new database 9927
and two of these: 0x00000001 Old database 9927; New Database 9927
They went from 10:11:19 this morning until the last which was at 5:15:28 this evening (I’m not sure whether the times are GMT or BST
Perhaps the thirty downloads explain why my monthly Broadband usage has been busted
But even 30 downloads of this type wouldn’t amount to 3.3Gb IME.
In my log the only Code I see is 0x00000001 which afaict means simply “database hasn’t changed, do nothing in this case” and then a Code of [blank, nothing, no entry] when there is a new one and it has been downloaded. In the last two days i.e. 8/29 and 8/30 I have eight updates.
Never seen Codes like you have; hopefully kail will advise their meaning. Have you run a Diagnostics scan (“More”)?
I notice that the updater uses Internet Explorer’s Internet connection settings. As I never use Internet Explorer is it possible that, for some bizarre reason, Microsoft intervenes to update all of my Microsoft updates (which I always ignore when prompted on “boot up”)?
Sure, but the individual incremental updates are nowhere near that big.
While waiting for someone to explain the bizarre “Codes” BazP, have you tried to find multiple large files created after ? Maybe the bizarre codes owe to CIS failing while your PC was busy downloading xyz for example.
I suppose it’s possible CIS tried to DL the whole flippin’ database 20 times or someting (bases.cav I mean) but I seriously doubt it.
Well, I’m on database 9945 now so it seems to be working OK as far as AV is concerned.
I can’t think what massive files there would be loading in the background. I never download music or stuff like that - I’m a vinyl man. I haven’t updated OpenOffice for ages and it always asks for permission anyway as does my browser Opera (new version loaded today).
I’ve just done as you suggested and looked for multiple large files from the past week and from yesterday’s date, when the problem first manifested itself (I’d only used up 9 Gb of my monthly allowance until yesterday), there are only a couple of “tiddlers” - one of 8365 Kb and the other of 25,728 Kb. Very strange as around 3.4 Gb was shown on both my ISP’s usage page (I check almost daily) and on NetMeter for yesterday so whatever they were (and as I pointed out in my original post the COMODO Internet Security Premium logo was continuously showing the little arrows crossing it as if to indicate some Web activity) they didn’t get loaded to my computer.
COMODO has downloaded two files today - a “Repair” CAV file of 204,081 Kb and a “Scanners” file of 204,110 Kb and they are by far the two biggest files which have been downloaded in the past week.
Well I have only 5Gb/mo ISP so I watch my usage too, and I can only say that despite that those 2 files of 204Mb do show as “created” today, I am certain beyond-a-doubt that I did not download them afresh; not 408Mb and not 204Mb. So I’m comfortable, at least with my setup, that CIS is only DL’ing small updates and not the entire file(s).
I suppose something could be amiss/broke with your CIS but I’m at a loss to help–dunno Netmeter myself but I’ve used an app called ShowTraffic which has helped me in the past to pinpoint “road hogs” in my network.
May be the av database got corrupted and CIS started downloading the latest full database again. There is one serious problem with this and that is when the download of the latest full database gets interrupted CIS will start from the beginning again next time it tries to update the database.
The above ingredients can produce a lot of traffic in a minority of scenarios.
I’ve just this moment received another 160 Mb or so (i.e. getting on for half of my average daily allowance) and it was all from COMODO.
As soon as I saw the arrows on the logo I clicked on COMODO Firewall’s active connections and it was 99.8% COMODO and 0.2% Opera (my browser). I was then able to click on the “Outbound Connection(s)” to see that the traffic was all (if I remember correctly) CMDAGENT.EXE (I could be wrong about the exact designation but it was definitely from COMODO) and I watched it go up from around 120 Mb to 150-155 Mb).
I don’t want to get rid of COMODO as I think it does a great job and is well developed but this download business is driving me a little frantic.
I recommend reinstalling cis, something is happening that is corrupting the database, this will be the easiest way to fix it. do you have any other security software installed on the machine at this time or is it comodo only?
It’s just done the same thing again (at 1345 British Summer Time) - 143.2 Mb download from CMDagent.exe TCP OUT.
The only other security software I have is IObit Advanced System Care v4.0.1.200 which has a malware scanner (if that counts as security software) which I run manually very occasionally and I suppose whatever the ISP provides security-wise.
AV database is now 9966.
I’m going to delete COMODO and reinstall and see if that helps.
Being paranoid about ISP usage myself, I have un-checked every Comodo setting I could find that has the word “cloud” in it, suspecting (without knowing for sure) that these settings will upload stuff to Comodo which I want to avoid. Might want to try this as maybe CIS is trying to send-up some file(s) for Comodo analysis?
I’ve had exactly the same problem - except CIS downloaded 10GB + worth of AV definitions over a 24 hour period.
I’ve now disabled the update, as I don’t have time right now to re-install Comodo, but does anyone know what has caused this to happen? Because of Comodo going mad, I’ve also racked up big fees with my ISP for going over my download limit.
I read somewhere that this may have happened because the bases.cav got corrupted, but checking the “tasks launched” log I dont see why or how this would have happened.
It certainly appears that is the case though. At this point, what you should do is just un-install and then re-install the new version 5.8. I think it has a new bases.cav format anyway i.e. you’ll have to download its 80Mb file anyhow to start afresh.
I have multiple PCs, and limited ISP bandwidth too. At least with new 5.8 it does not instantly start downloading the big bases.cav file right away, so it’s easier for me now to update multiple PCs:
Update one PC, download the big bases.cav and its minor updates
Save the bases.cav somewhere
Update another PC, but before the reboot which starts the new 5.8, just copy-in the saved bases.cav to the scanners (and repair) directories.
Good luck… 10Gb omg! >:-D
EDIT: Oops I lied about the ease of replacing the bases.cav in step 3. Some of my PCs have allowed this, and others have not. The “install over an existing setup” software seems to be flawed, as sometimes it says “reboot to continue” and then it doesn’t continue–you have to launch the installer again manually. Maybe a UAC thing, though it seems to me this happened on an XP PC as well.
