FYI, I was in Wireshark yesterday and noticed Comodo pushing out malformed packets when trying to contact threatcast.comodo.com. There were no local Threat casts popup messages at this time. Just general browsing and paying my garbage bill at https://wmezpay.wm.com/.
I’ve attached a short Wireshark exported text log of the TCP/IP packets. It looks like Comodo makes a DNS lookup of threatcast.comodo.com, gets response of 220.127.116.11 and then sends malformed packets to 18.104.22.168.
The system here:
- CPU = AMD 32 bit
- OS = Win XP Pro SP3 fully patched
- Other active security = Eset NOD32 AV, AVG Linkscanner
- There are no overt symptoms visible to the user other than seeing the malformed packets in the Wireshark log. Bug happens during general browsing.
- I have no way to get into the Comodo’s TCP/IP requests to try to resolve the malformed packets.
- Comodo configuration: Firewall & Defense Plus were installed with “Maximum Proactive Security.” Firewall & D+ are both running in “Safe Mode.” No special restrictions on F or D+.
- No BSOD
- Running under a Limited User account
[attachment deleted by admin]