Does Comodo use Datability Software Systems Servers?
Why would Comodo be contacting this companies server when I was visiting a website with NO affiliation or advertising?
I was visiting VeeHD website, these servers are in Honk Kong and have no affiliation with any other site, I realise Facebook is hosted on this server along with 3500+ other websites however as I was visiting VeeHD for over 2 hours why would Comodo be trying to contact another website for all that time?
and no, I have no spyware and other Malicious software on this PC, and you do have to be careful these days with big businesses as these are the worst offenders.
Comodo > Datability Software Systems IP Address 140.99.94.175
It also tried to contact BBC, Hosteurope GmbH and Time Warner?
I noticed it in the resource monitor as the connection was trying to be made, I have had them open recently while visiting some sites as I have noticed some interesting hits recently and needed to eliminate comodo from my list so to speak.
This is from the PB list, I presume the other can be gained from the event viewer
This doesn’t say too much but the underlined one I noticed because it had been trying it for a long time, when I looked at the resource monitor I noticed it was Comodo out to that source.
P.S. I have never and would never use Facebook. I also clear cookies and LSO’s regularly
Unfortunately, the information you’ve posted gives us some information about the connection but not which process was responsible for making that connection.
If you can open the CIS control panel from the system tray and go to:
Firewall/View Firewall events
You’ll find the firewall logs. Click on the ‘More’ button and you can export the log from the file menu. You can either attach the exported file to a post here, or take a screen shot of the suspect events and attach that to a post. You can also use the Firewall/View Active Connections to see which process is making the connection.
Use Additional options just below this dialogue box to attach your files.
But isn’t this going to give us the Blocked outgoing for the Comodo, when it was PeerBlock that caught it?
Comodo waved it through and we wouldn’t be having this post otherwise?
It had been doing this all night on and off, only when I pressed play on a video and the underlined one is the one we need to look at as THAT one was the one I went over to the resource viewer and saw that it was comodo making the connection.
What peerblock doesn’t show you is which process was responsible for making the connection, it simply shows a connection being made from your IP address to a destination IP address. Without knowing which process was responsible for making the connection, you can’t determine if the connection is legitimate.
For example. most modern browsers use features called DNS pre-fetching and/or link pre-fetching, which basically means that when you visit a web site, any links found on the page you’re visiting can be loaded by the browser in the background. hence, if you see a connection to Facabook, there may have been a Facebook link on the page. The idea behind this is to facilitate faster navigation.
Comodo Free,
Win7 Premium
Avast, Spybot + a few more
Radaghast, please excuse my ignorance in parts as I have not worked in some areas and I’m learning on the fly, bit like finishing off someone else’s colouring book,
I use my Laptop just for watching videos from the net on, I use PB as a second Firewall.
Of late I have had some bandwidth problems and was monitoring things to find a culprit, as I watched the video I noticed from time to time the computer was freezing so off I went to see if I could locate it.
I only had PB and Resource Monitor open as the issue I suspected as the problem only required these tools when I noticed an (unrelated) issue which confused me enough to ask.
PB had been blocking this server repeatedly and I flicked over in time to notice the IP was using a cmdagent.exe, it was the only Process using the IP and was using 468 Process ID. Problem is I think it was 468 and I’m about 80% sure it was cmdagent.exe which is why I have not mentioned it till now. All I am sure is when I checked it, it was a Comodo file.
I’m was looking forward to finding a log somewhere
OK so if we lack the required information we can do the next best thing.
If you was to do this how would you log it, the next time I spot it I will bring the information over and post it here on the same post (Plan B)
Because we now know the process involved, it’s easier to determine the cause of the connection. In this case the connection is being made to Cachenetworks (Cachefly):
Cachenetworks is a CDN (Content Delivery Network) and is used by Comodo for load balancing and software distribution. By default, cmdagent will periodically check for updates, it also has the task of performing ‘cloud’ queries against unrecognised files. These options may be disabled.
I'm was looking forward to finding a log somewhere :(
OK so if we lack the required information we can do the next best thing.
The default firewall rule for cmdagent.exe (Comodo Internet Security - see image) allows a number of processes related to CIS, to make outbound connections, to any location on any port, without logging. If you want to track events related to this group, enable logging on the firewall rule.
If you was to do this how would you log it, the next time I spot it I will bring the information over and post it here on the same post (Plan B)
There are two ways I’d use depending on the information I was looking for. If I wanted detailed information I’d use either Wireshark or Microsoft Network Monitor The Microsoft offering is useful, as it can capture process names. If I just wanted to capture basic process and network connection information, I’d use CurrPorts Logging can be enabled from the file menu and the log capture may be customised. See the download page for details.
