Comodo ver 5 Defense+ Cloud Scanner - Up To 70 ports open before I killed it!

Each day since I installed ver. 5, I have watched the no. of connections by cmdagent.exe increase. Today it got up to 70 connections before I killed it. No scanner should open that many ports - period.

This activity occurred right after I booted my PC today for the first time. I have no idea what cmdagent.exe was doing but I don’t like it. My best guess is that it went bonkers over the MS security updates I installed yesterday which involved security updates to .Net 2.0 and 3.5. Why Comodo considers these files as unrecognizable is beyond me.

I like the concept of cloud scanniing unrecognizable files but this kind of in mass bulk scanning is uncalled for.

The multiple UDP connections are indeed the cloud scanner at work. To eliminate these, disable Cloud Scanning in the AV Settings window.

These multiple conneections decrease over the first few days once all unrecognized components are submitted. The highest I had on my system was 124 connections. Within 2 days, however, these had returned to a far more rational level and now it causes no real issues.

Ewen :slight_smile:

P.S> Updates may trigger a spike in the outbound connections, but once the first round of high connection numbers has occured, it should be minimal.

If I had Comodo AV installed, I would not be concerned. I only have the firewall and Defense+ installed - no AV.

My opinion is the cloud scanner should only be used infrequently in this configuration. For example, it should not be going to the cloud for MS applications and known digitally signed application software.

I will just leave the cloud scanners off until this feature “matures” a bit.

Today’s initial boot of PC much improved with cloud scanning turned off in Defense+ ver. 5.

No immediate connection to Roadrunner via Alkami servers that I definitely did not like. Connections like that are a favorite spyware/adware method to dump ■■■■ on your PC.

Boot time was much faster also.

I did fix a weird situation I noticed last night. Defense+ active processes list showed that Prevx was unknown? Now that was a bit strange given all the clould scanning that had occured previously. I manually verified via Comodo lookup which of course said it was a safe application. However, it was not shown as trusted until I rebooted.

I really don’t need Comodo’s cloud scanner with Prevx installed but I wanted to see how effective and problem free it was. However, Prevx’s SafeOnline which I use doesn’t fully protected against drive by downloads and I am not sure Comodo’s cloud scanning does.

Appears that the best new feature Defense+ ver. 5 offers is the script hueristics checking. Most of my recent infections have been Java based exploits.