Database Update

Unable to complete the Anti Virus Database Update for the past several days. It connects, then shows the status bar as progressing, but I then get a message that it cannot complete, and to check my Internet Connection. My Internet Connection is OK !

More Info: Deleted CIS and re-down loaded CIS. The Install aborted, so I restored my system to last week when things were working a-ok. But I still cannot get the DB updated. And this is the USA, not UK.

Why updating of bases AV happens from other address?
Will be more true - also used
Screenshot.

Earlier updating AV was only from sites of comodo. ( Both IP belonged to downloads.comodo.com ) ???
Earlier was the second address from Comodo 178.255.82.1

[attachment deleted by admin]

The traffic to those IP addresses are not for the cloud because the Comodo Cloud uses ports 4447 and 4448.

The second address 190.93.245.229 belongs to Cloud Flare a content delivery network (CDN).

It is a common practice for companies to use a third party CDN to deliver downloads. When I started using AVG back in 2002 I would see the updater report the updates were downloaded from Akamai a huge and well known CDN. Comodo has used at least two CDN’s for the Comodo Cloud that I noticed.

The IP address 178.255.82.1 is not owned by Comodo but by Ccanet Limited. Although according to myip.ms it is linked to http://www.dns.com/ which is now owned by Comodo and is now called DNS by Comodo.

I see an inconsistency in your reasoning. You trust when hosted by Ccanet Limted but not by Cloud Flare. Both are third party businesses not owned by Comodo.

I assume it is more efficient from a business point of view to outsource content delivery. I don’t know the reasons why Comodo choses and trusts certain CDN’s.

I hope my reply creates a bit of a background to your questions.

EricJH
Thanks for the answer.

The second address 190.93.245.229 belongs to Cloud Flare a content delivery network (CDN).
I know it. I read about DDoS attacks on Cloud Flare.
I see an inconsistency in your reasoning. You trust when hosted by [u]Ccanet Limted[/u] but not by Cloud Flare. Both are third party businesses not owned by Comodo.
But I see that there have a record is Comodo

Why I believed that 178.255.82.1 it is Comodo.
myip.ms
I didn’t mean - Owner Provider
Cloud Flare - I see nothing that is connected with comodo.
Probably to me it isn’t clear with new change (CDN).
Though I understand that in Cloud Flare shouldn’t be a record connected with comodo.

I don't know the reasons why Comodo choses and trusts certain CDN's.
It is clear. I was will think. Thanks. Edit: Probably the change (CDN) connected with problems updatings AV bases for some regions. If I correctly understood. ???

Updatings now all go with CloudFlare.

cmdagent.exe - why is necessary to Akamai? ???
It not updating of bases.
It is already not so clear. :-\

Whether it is connected with the advent of the new version 7 and additional functions in it?
Explanations for me necessary.
Thanks.

Screenshots.

[attachment deleted by admin]

:THNK
What is necessary cmdagent.exe on Akamai? ( 80 port )
I use only Comodo FW. ( At present ).
I specially blocked it ( cmdagent.exe ) for viewing of IP addresses.

Edit: Probably connection happens after to installation of any program. ???
As daily to connection isn’t present.
Who can explain to me?

At a fundamental level, questioning where cmdagent phones to is curious. You either trust it or you don’t; it is your firewall. If you don’t trust what your firewall is doing, then why are you using it?

CMDAGENT is a core component of CIS. If you only installed the FW component of CIS, then CMDAGENT is still an integrated component of CIS and will request IP access (if nothing else but to query servers for version update availability). The Comodo servers specifically will respond about such availability, but when updates are indeed available, Comodo update-server DNS will yield IP address to CDN domains - one noteable being Akamai (there being many others, e.g., Bandcon, BTN America, Level III, FortressITX, NLayer, et ali) - they being part and parcel of edge cache networkig; the specific file download server comes from the hosting server nearest to your geographical location.

Who knows how that stuff is served up. JAUCHECK - Java auto-update check - frequently connects to a domain owned by Hurricane Electric (as does SVCHost). Hurricane Electric is a major electric power provider in California. They’re serving up Java updates. And if SVCHost wants to go there, why should I question that? SVCHost is such fundamental core component to Windows, that if I can’t trust it then the system is essentially worthless. The same with what CMDAGENT wants to do. What makes you think its phoning home to Bulgaria to hand over your credit card numbers?

Thanks fo reply.
It is interesting for me.
What inquiries for updating? If all options are tune - off. Also the cloud isn’t used.
I use the 5th version.

[b]Updatings now all go with CloudFlare.[/b]
[b]Or No ?[/b] See also all my reply. -----------------------------------------------------------------------------------------------------------------------------------------------------------
Who knows how that stuff is served up. JAUCHECK - Java auto-update check - frequently connects to a domain owned by Hurricane Electric (as does SVCHost). Hurricane Electric is a major electric power provider in California. They're serving up Java updates. And if SVCHost wants to go there, why should I question that? SVCHost is such fundamental core component to Windows, that if I can't trust it then the system is essentially worthless. The same with what CMDAGENT wants to do. What makes you think its phoning home to Bulgaria to hand over your credit card numbers?
I have for svchost.exe a separate rules. And before it goes somewhere - all its inquiries are checked.

Why CMDAGENT is phoning home when cloud analysis is disabled - which is not even germane to FW functionality - and cloud analysis is disabled, as are updates, and hitting the Akamai servers is a riddle. Perhaps Adamai acts as Comodo DNS servers on behalf of Comodo. But why it does even that when all that’s disabled is a riddle.

Understand that when CIS internally requests access to, e.g., http://update.comodo.com (for example purposes). That URL is sent to your DNS servers, and is resolved to some IP address that is owned by Akamai. That URL may resolve to different IP addresses over time. Whatever Akamai server IP address the URL resolves to could be acting as corporate Comodo DNS for the specific Comodo update servers implemented at the time of the query. The specific Comdodo update servers may change - for example IT center relocates or something.

I use SVCHost as an example. By default it lives in the Windows Application Systems file-group and has God access rights; it can do anything and phone anywhere unimpeded. I took it out and created custom D+ / FW rules for it (since I know how to establish its sanity). I have rulesets for about 100 file-groups for SVCHost. EVERY IP address it phones home to is is owned by ISP provider / telecom s tier 1 providers, and comprise the internet backbone itself. These have such comprehensive networks that they never purchase transit agreements from other providers. As of 2013 there are only seven tier 1 providers in the telecommunications industry: Level 3 Communications,TeliaSonera International Carrier, CenturyLink, Vodafone, Verizon, Sprint, and AT&T Corporation.

If I can’t trust the Tier 1 providers that laid and maintain the pipes for the internet backbone itself, then I have much bigger prollems than whether CMDAGENT has been compromised, and whether I should block its IP traffic, or not.

That’s how Akamai is getting into the mix. As long as I don’t have any reason to question that any application on my system has been compromised, the IP traffic is implicitely trusted. I allow the traffic, the rules get created and eventually it stops bugging me because each application has a big enough ruleset to draw from. Periodically I maintain these and merge networks zones and allow different applications to share the same network zone.

IF you don’t trust your internet security applicaion to access the internet, then create a rule to block access to either your DNS servers, or block all IP out from MAC any

What i find odd is that when i untick the “update” box so that updates are not automatic and remove the update URL, next time i check this setting it’s automatically re-ticked and the URL is back, why have the tick option if it auto re-enables it?

My other question, if we disable cmdagent via rules will this interfere with our firewall operation, anything other than updates?

What happens when you only untick the update box and leave the url?

My other question, if we disable cmdagent via rules will this interfere with our firewall operation, anything other than updates?
You do not want to disable cmdagent.exe because it does all the protection work. In short, don't disable it.

i’m not sure what happens if i only un-tick update(i didn’t not want any reference to the update site listed as did not want to update), will try leaving this bit in and just unticking the update box and see how that goes.

Keep us posted.