Please tell me why CIS connects to oscp.comodoca.com via explorer.exe at windows startup? I have set up explorer.exe to “ask” and don’t want it to establish connections.
It connects to the oscp server to see if a certificate is revoked or not. It is described in more detail in the Wikipedia artikel Online Certificate Status Protocol.
But why explorer.exe needs to launch it? I mean when doing CIS updates it connects directly to comodo servers without explorer.exe. Sorry, I’m noob at such kind of stuff, if I block explorer.exe from accessing internet then what happens?
Because its windows certificate store that is mostly likely being updated. Comodo is CA Certificate Authority, so even people without Comodo software have to check Comodo’s revocation list.
You mean it’s Windows who launches this connection not Comodo? but imo windows should do this via svchost, which I also notice sometimes there is svchost connection at windows startup and it is associated with DNS cache, Cryptsvc, NLA services and connects to akamai (BTW this I also would like to confirm). Still explorer.exe connection seems to me somewhat confusing.