Persistent data being sent to Comodo servers after uninstall

I recently installed Comodo antivirus on my windows 8 tablet. After about a week, I decided I was not happy with it and performed an uninstall.

Even after uninstalling Comodo software completely, Wireshark, a network traffic monitoring program, still shows data being sent to Comodo servers.

On the Comodo forums, there are instructions towards how to uninstall the software. After following these instructions, there is still evidence of my computer sending data to Comodo servers.

To remedy this, I reinstalled windows 8. After reinstalling windows 8, there is still traffic being sent to Comodo servers.

This is unacceptable. Provide me with instructions on how to stop this.

To which Comodo servers is traffic being sent to?

Peerblock shows

The host of that IP is supposedly where OCSP probably stands for Online Certificate Status Protocol and the “comodoCA” probably means it has to do with Comodo’s Certificate Authority business and not any of their other products. By the way, do you use any other Comodo products like Comodo Dragon or Chromodo etc? If so then it could also be originating from those.

Maybe you’re still using Comodo Secure DNS?

Not using any Comodo software. Again, this is after a reinstall of windows 8 on the tablet.

All software was uninstalled, the traffic persisted. After that, I reinstalled windows 8, and the traffic remains.

When you reinstalled, did you wipe the tablet or restore the OS? If you chose to use Comodo DNS when you installed CIS, uninstalling CIS may have not returned your machine to its default DNS setting. You may still be using Comodo DNS. You should check to be sure:

While the following link is about an unrelated and outdated issue it still contains technical information relevant to your issue. InfoSec Handlers Diary Blog - SANS Internet Storm Center

That leads me to believe what you are seeing is caused by visiting a website using a Comodo certificate which points to the OCSP in question and then your browser sends a request to the OCSP in question which results in you seeing the traffic. Looks normal to me.

I don’t know how else to say it. Windows 8 was reinstalled. DNS settings did not persist. I have them manually set to OpenDNS.

OK. Just mentioned it to be sure.

if you are seeing any Comodo certificate (if you are in this forum, you will of course see a Comodo SSL certificate), then it will check the status of it using OCSP protocol.
Considering that over 40% of the ssl certificates in the world are Comodo certificates Usage Statistics and Market Share of SSL Certificate Authorities for Websites, April 2023 , you will see the communication with our OCSP protocol 40% of the time when visiting an HTTPS secured site.