A few days ago when I was performing my daily tasks on my PC I noticed that Comodo’s tray icon is showing a lot of outbound traffic, while I had no application running with outbound traffic and I don’t allow outbound traffic in general anyway. Consulting Comodo’s Firewall logs I noticed that Comodo itself has been sending out a huge amount of data. I have attached a screenshot of the log. At the time I took the screenshot, Comodo had sent nearly 120 MB of data out. This continued for some more time until it eventually stopped. I thought maybe the antivirus engine is uploading some files for cloud-based analysis but I doubt this could possibly result in such a large amount of outbound traffic. Anyone has any idea what could possibly cause this?
I am using Comodo Internet Security v10.2.0.6526 on Windows 10 x64.
Most likely sending crash reports automatically, if you ever had an alert stating CIS has crashed and asked for consent to send crash reports while you have always send crash reports selected.
I don’t remember having a crash recently. Are crashes/crash report uploads logged anywhere?
Check C:\ProgramData\Comodo\Cisdumps folder to see if any memory dumps are present and also check your temp folder for any compress archives that references CIS. Although I think after CIS finishes uploading the report it deletes the files so they may no longer exist. You can also check the CIS logs under tasks or alerts to see if any references to send crash report is made, make sure you use no filtering for filter by date and time.
The folder is empty; if there were any logs, they must have uploaded and deleted by now. I couldn’t also find anything related to crash logs in “Alerts” and “Tasks”. Do crash logs really get so large?
Yes if you were to say create a memory dump of cmdagent process using task manager it would create a memory dump file of about 220MB in size.
Okay, that must have been the reason, then. Thank you for the help.