Comodo leeching data without permission / Huge Privacy Risk

bitspirit · May 24, 2022, 3:48am

have been a CIS user for more than a decade - wonderful product.

But of late - have been seeing some strange issues

Internet Security Essentials - when will we get a 64 bit version?

ISE is taking up way too much ram/resources.
Sometimes starts scanning HD without initiation for hours.

cmdagent.exe sharing data to outside IPS - even when I’ve disabled data sharing/meta data sharing with Comodo.

partial list of Receiving IPs- 104.21.80.250, 52.85.128.100, 199.66.201.17, 69.4.89.246, 162.255.24.195

The repeated pings and data sharing - sometimes 100mb+ at one go is creating havoc at my end.
Average 200-300 mb being shared every week.

NEED TO STOP THIS ASAP - please help.
NEED clarification too - why is this data leak happening?

Thanks in advance.

C.O.M.O.D.O_RT · May 24, 2022, 9:05am

Hi bitspirit,

Thank you for reporting, we will reach you through private message to get required information for investigation.

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O_RT · May 24, 2022, 9:28am

Hi bitspirit,

Could you please check your inbox for pm and respond ?

Thanks
C.O.M.O.D.O RT

CISfan · May 24, 2022, 2:03pm

[at]bitspirit,

Use “Process Hacker” or SysInternals “Process Explorer” to find out which applications have active internet connections and which applications produce this heavy data traffic.
Only IP 199.66.201.17 relates directly to Comodo the other IP do not, maybe you have some other background applications running that consume so much traffic (torrent client perhaps?).

domo78 · May 24, 2022, 3:01pm

@CISfan

Wouldn’t it be sooner the IP address 199.66.201.16 ?

CISfan · May 24, 2022, 3:10pm

Comodo owns more IP addresses.
According to https://whatismyipaddress.com/ip/199.66.201.17 the IP belongs to Comodo.

IP Details For: 199.66.201.17

Decimal: 3343042833
Hostname: cima.security.comodo.com
ASN: 35838
ISP: Comodo Group Inc.
Services: Datacenter
Assignment: Likely Static IP
Country: United States
State/Region: New Jersey
City: Clifton

domo78 · May 24, 2022, 5:49pm

@CISfan

Comodo has of course many @ Ip.

This is the case for the @ 199.66.201.16:
IP Details For: 199.66.201.16
Decimal: 3343042832
Hostname: no-dns-yet.ccanet.co.uk
ASN: 35838
ISP: Comodo Group Inc.
Services: Datacenter
Assignment: Likely Static IP
Country: United States
State/Region: New Jersey
City: Clifton

In the document referenced above only the @ 199.66.201.16 is mentioned.

bitspirit · May 25, 2022, 5:27am

All data being shared by Comodo Only - cmdagent.exe - all IP’s being shown are from Comodo Logs (Outbound Connections)

bitspirit · July 24, 2022, 12:20pm

This is definitely a Comodo thing - did some research of my own

With Telemetry and Cloud lookup disabled - why is there a need for Comodo telemetry in Scheduled tasks?
You can delete it - but it comes back on every boot.

Can anybody enlighten me on this?
This is not honest behaviour.

There are many threads across the web - even I’m getting doubts on Comodo now after more than a decade of use.

User Peerblock to check Comodo behaviour - its pinging 199.66.201.16 every few seconds?
Why the need to ping Comodo DataCenter even when Telemetry is disabled?
Why are there so many malware with Comodo certificates?
would like a comment from the CEO on this?

C.O.M.O.D.O_RT · July 25, 2022, 12:14pm

Hi bitspirit,

Thank you for reporting. In order to investigate on this issue kindly provide us the below detail so that we will check and update you

Windows Version & CIS version.
Can you reproduce the problem & if so how reliably?
If you can, exact steps to reproduce. If not, exactly what you did & what happened.
Any software except CIS/OS involved? If so - name, & exact version.
Is there any other security product installed on your machine?
Any other information, eg your guess at the cause, how you tried to fix it etc.
If possible, any related screenshots.

Thanks
C.O.M.O.D.O RT

bitspirit · July 28, 2022, 10:43am

Hi Comodo RT,

I appreciate your interest, which I feel is just hogwash - this issue has been posted by others too, even as far back as 2019.
Still no solution from your end.

Excluding 3rd party forums, even here there are similar threads older than mine - no one received a solution till date.
Which points to this being deliberate…!

I’m yet to receive any answers to my queries - this thing about OS version / CIS version is another hogwash.
Task scheduler is deliberate and has nothing to do with os /cis versions.

C.O.M.O.D.O_RT · July 28, 2022, 11:29am

Hi bitspirit,

Thank you for reporting, kindly provide us exactly what you did and what heppened or provide us steps to reproduce so that we will check and report this to the team.

Thanks
C.O.M.O.D.O RT

DecimaTech · July 28, 2022, 12:54pm

What are you on about? If you actually did search the forums you would notice this thread that explains the telemtry task: https://forums.comodo.com/ and if you are really worried about it you can disable the task and then set the task to read only in the windows task folder.

Atyth · July 28, 2022, 1:26pm

The post linked to explains that no data should be sent by the scheduled task if data collection is disabled in the settings. This doesn’t answer the OP’s question as to why CIS connects to several server IPs when telemetry is set to disabled.

domo78 · July 28, 2022, 2:06pm

On my laptop (see attachment) the 3 sites on which cmdagent.exe has connected since this morning.
The setting “Send anonymous program usage statistics to COMODO” is unchecked on my laptop.

One question: do you ask yourself the same type of questions about your AV?

DecimaTech · July 29, 2022, 1:11pm

Not all IPs are for telemtry so there is no proof that contacting different IPs has to do with telemtry when it is turned off.

Atyth · July 29, 2022, 1:28pm

I agree, but still the post linked to is unfit to explain away the OP’s concerns.