Comodo Reporting User's Every Move?

Frankly this is a storm in a teacup. If you don’t trust CIS then stop using it. Simple.

Read the first lines and my conclusion: Simple!

Is all in your life always so simple? Gratulation!

+1

It is all quite simple as quoted, if you do not trust it do not use it.

Everything that connects to the internet is a risk this includes your OS, browser and any other program which you may install, do use them if you do not trust them.

Dennis

So what’s wrong with what I wrote?

I really don’t understand. What you are trying to say is exactly what I have been trying to convey.

To all what I have written before is:

[b]My very personal Conclusion:[/b]

I never had problems with comodo security. I have to trust many programs whether I want or not and when I want to work with them. We have to “trust” programs …and cis very often asks me if I want to allow xxxx to connect/allow to internet/launch the program and I can choose from allow to block.

That means: I really feel very well protected by comodo. I hope everything is clear now.

prodex ports 4447 and 4448 are used for the online file rating check (FLS).

I know what has been happening to my computer since day one. On the first day I installed Comodo and locked down everything, THEN connected my lan cable. Since that day, I have been monitoring every application and every connection; it was a tedious task at first but eventually when the majority of the rules where created, things started rolling. We can probably spend days discussing the possibility of me being infected by sophisticated state-sponsored BIOS malware or having a spy chip installed on my motherboard by the manufacturer and stuff like that but I neither want to go that direction nor am I important enough for someone to want to do this to me. I lock down what I can, I leave the rest.

I don’t even remember the last time I saw that warning; I disabled it a very long time ago (mostly because it delayed application launch by quite a few seconds). Digital signatures are an outdated method of protection anyway; there have been numerous cases of malware in the past few years which had valid digital signatures (stolen from authentic authorities). Furthermore, I have also blocked all network access to all Windows services; I just open svchost partially once a month to do the monthly update and close it again. Nothing other than browsers require internet access on my machine and I have also locked them down using the appropriate methods.

You are wrong; I use them but block their internet access, or else why would I need a firewall in the first place if I wanted to trust every single application that I installed on my machine?

Some people around here seem to be missing the point: I (and many others here) don’t trust ANYTHING; if we did, we would just use insert any ■■■■■■ free antivirus (or maybe not even that), instead of Comodo. However, the reality is that there is always a single point of failure, in this case Comodo itself. I need to be sure that, one, Comodo correctly blocks what I ask it to block, and two, Comodo itself does not invade my privacy. So far, I have been blindly trusting Comodo. From now on, I am going to be a little bit more careful.

If you don’t want to have CIS connect to check certificates then simply don’t use the white list and disable all related settings under File Rating Settings. It will basically put CIS in Paranoid Mode.

People often forget how powerful and empowering a tool CIS is.

Or set up a VPN with comodo, HIPS to paranoid mode, in Dragon/Chrome a.s.o. restricted settings (I allow only few accesses and other possibilities), to look at cruelsiter’s suggestions etc. pp.

Maybe that’s the reason I’ve never had problems until now because of security.
I had someone who instructed me in the basics of the possibilities of comodo and told me that’s there are many more possibilities to protect my computer but I had to read about by myself. I many tasks didn’t understand and it’s still not simple for me (it’s my mistake for various reasons).
F.e. I only know now what killswitch is for. Rather late! :-[ I always thought it’s the same as task-manager.
In av-test August 18 comodo’s protective effect got 100/100 ! :-TU

https://mashable.com/roundup/best-free-antivirus/?europe=true

BY JENNIFER ALLEN
2018-11-02 21:41:06 UTC

In recent times, Comodo has gone from strength to strength with its protection statistics. The most recent test results from AV-Test shows an impressive 100% record, although with a couple of false detections thrown in. That’s remarkable for a company that a year ago was faltering a little.

I would not bother Eric, if you cannot trust your Security Software to behave just disconnect from the internet

There are a lot more experienced users of Comodo products who find any problems it may have or had.

Dennis

Spot on! :-TU

Can we just draw a line under this? It has seen its day. If you don’t trust your protection . . . don’t use it

Let’s just concentrate on the more important . . .

I do think it’s legitimate to look for good protection or security and ask for help if there are problems with any settings or you found a leck or so. Comodo staff’s and administrators are surely interested in it and will try to eliminate such problems.
But it’s not so useable to tell how vulnerable the software is and you are not very well protected. In that sense I follow the hint not to use it and to look for an alternative (there are enough of it).
But it is also legitimate if someone is afraid to have a problem after reading such a post, or to have had a problem without knowing it beforehand.
I think it was futuretech who wrote somewhere to an user: “You only have the intention to spread doubts.” And that’s really is not a good behaviour if it should be the intention (not referring to the thread opener here).
That’s all for me now and I draw a line now.

Not sure what you mean by “whitelist” here but I had already disabled everything under “File Rating” before opening this thread, and yet those connections happened. In fact that is the first thing I did when I saw those connections for the first time because that module was the only one I could think of that might be making the connections.

I see I overlooked you had said "I also disabled “Cloud Lookups” " in your topic start.

and yet those connections happened. In fact that is the first thing I did when I saw those connections for the first time because that module was the only one I could think of that might be making the connections.

To take things one step further. Could you see what happens when you set the HIPS to Paranoid Mode?

I have Auto-Containment and VirusScope set to disabled and HIPS is already in Paranoid mode.

I have been carefully watching the IP Addresses Comodo connects to via port 80 in the past two weeks. I can trace most of them to some SSL certificate issuers but not all. I am still looking for a way to disable this check to make sure no other traffic is being generated. I was contacted by Comodo’s developers over a week ago but they never got back to me.

Just thinking along without reading the topic again. Can you confirm you disabled Comodo Message Center, check for program updates, check for AV updates (in case you are using the AV) and website filtering? Other sources I could not think of at this moment.

What were the Comodo devs interested in?

Comodo Message Center is disabled, the rest are not. Those connections are NOT going to Comodo’s servers, hence, they have nothing to do with program/AV updates. I have already singled out the IP addresses for Comodo’s update servers and allowed them manually; all other connections will generate an alert so that I can decide whether to allow them or not.

The dev that contacted me on the forum wanted to know my ticket number so that he can escalate it. No other contact after that.

Hello everyone,

Interesting subject, for my part in case of doubt I work like this:

• Is Windows integrated (sfc)?
• Is CIS OK (support> diagnostics)?
• Windows process CIS> PID (analysis)
• Network adapter configuration associated with CIS
• To define connections> wireshark

When I have a problem with Comodo I make a report and send it to the team

Have a lovely day everybody

ZorKas

Comodo is using third party hosting providers is the last that I know from a while ago.

In case anyone is wondering, it has now been two months since I opened a ticket with Comodo’s developers and so far, the only information I have received was that the ticket has been escalated and they will get back to me when they have an answer. Needless to say, Comodo is still doing certificate checks (and maybe other stuff that I cannot isolate due to the sheer number of connections) every other minute on my machine and I have not found a way to disable these checks.

Just making an observation on the behavior of version 11 in my case. Personally for me it’s unusable and reverted back to version 10. I noticed that upon launching any application it would connect to the web and this was to be expected for the first launch. I assumed it was signature verification at work. After a little time I noticed that was nowhere near the case.

Looking closer a bit closer discovered that it was connecting to Akamai, Level 3, Microsoft, Fastly, Centurylink (my ISP), Highwinds, wayport, and other servers. Now if you try and block these connections the system bricks for 5 to 10 seconds while the firewall beats the hell out of my DNS servers.

Firewall only with cloud lookup, website filtering, VirusScope and all update features disabled. I opted out of telemetry during the install. So just trying to wrap my head around all this non-stop traffic generated to these various servers.

Just wondering if anyone from staff or development might take the time to enlighten a humble user on why so much traffic is being generated and for what purpose.

Can post a Wireshark capture if requested. I’m not complaining about version 11 because I don’t have to use it. I will just rock version 10 until I die along with Windows 1507/10240 , but I am curious and v11 seems to be the lightest version so far in my opinion and from motioning load/boot times vs 10.