I regularly monitor the log-files of connections from my modem. Since a few days I noticed that - every 30 seconds - my PC connects to an IP-address (22.214.171.124:443) that appears to resolve to ‘cmc.comodo.com’ in the UK. I suspect that this phenomenon started when I updated to the latest version of your free Comodo Firewall.
Can you please explain what this connection is all about? How can I stop my PC from making this connection?
Can you please explain what this connection is all about? every 30 seconds ? you have a boy-friend who is working for boing at the airport and you refuse to call him so he took the mask of comodo to incoming a love affair …
How can I stop my PC from making this connection?
close the door or better black-list him : take care you have 29 seconds to do it !
i read ACCESS PERMITED : only you have given this permission or you are infected/ hacked & i do not know how you have configured your cis/firewall and you are speaking about a modem.
you have these tools : killswitch & end point & web site filter
you think that it is a trouble-shooting about the update … have you clicked " update " ? it is maybe that you have done and it was perhaps a little mistake ; you should have had to uninstall the old version, clean up your pc then install the new version.
I’ll consider switching to another product if this isn’t resolved.
i am not a comodo employe
i will let now someone else answering to you.
I will consider a clean install of Comodo Firewall. But it seems a bit silly when software allows you to update from within itself, that a fresh install would be necessary. The configuration of the firewall is pretty much ‘out of the box’. It’s this strange connection that brought me to tinkering with the settings.
I had already found that setting (Send anonymous program usage statistics to COMODO) and disabled it. It didn’t help.
That was a setting I had missed. I disabled the ‘Show messages from COMODO Message Center’ but it did not help. I even rebooted my system but there is still data leaking.
I have included a new screenshot from the Comodo interface. It shows the outbound traffic and it shows that every few seconds there is a transmission of 194 bytes and it is the Comodo ‘cmdagent.exe’ that is responsible for it. Now, when I right-click on that line and I select ‘Terminate connection’ then the leaking finally stops! But after a reboot of my system it starts again. I don’t see myself setting this manually every time I boot up my system.
At you all options are disconnected.
But! It is maybe can be simply go constant requests for the IP address.
Something tries to make. ???
I would block if there is no understanding for what. This my opinion. You can simply block in global rules.
Edit: Or only for cmdagent.exe
More ideas aren’t present. As I don’t use the new ( 6 -7 ) version.
It were my assumptions.
streetz. Unfortunately I cannot ‘just ignore it’. I try to keep my system clean from malware and when I notice something weird, I can’t just let it go. I am sure that Comodo would agree that users of their software should feel safe using it. When my data is leaking towards Comodo and there is no fix or explanation for it, then I don’t feel safe.
I’ve been allowing cmdagent to make any connection that it wants because of another issue that I am having (I don’t want to change the subject). I get the connection one time at startup. My firewall program is allowing it. I suspect that you have a firewall rule blocking the connection, which is why you get the connection attempt every 30 seconds. If Dennis2’s suggestion doesn’t work, I can stop the connection by editing the following registry key:
HKEY_LOCAL_MACHINE: SOFTWARE: COMODO: CIS: Options
Right-click “Options” and export the key, in case you change your mind. Edit CmcHost & UsageStatHost.
I would guess that the site is just counting the number of users running the program.
To make a long story short, I had a need to look at some Comodo files. There is an XML document in the folder “C:\ProgramData\Comodo\Cis\cmc2\local_trees”. The cmc site may be how Comodo gets paid for the optional installations.
I enabled “Show messages from COMODO Message Center”. I got a pop-up about $5 waiting for me in the Comodo bank - similar to the contents that I saw in the XML document, which led me to my Comodo payment theory. No connection to the cmc server. I’ll assume for now that the XML document was downloaded during installation. When closing the message, I got a message from my firewall program asking me to allow a connection to www.comodo.com (126.96.36.199), which I blocked one time. The files in the local_trees folder was not deleted after seeing the message, so I deleted them myself.
I’m going to leave the “show messages” option enabled. All I ever see is the 194 bytes uploaded, nothing downloaded. I have set my firewall program to alert me when a connection to the cmc server is made, so I’ll know when something is actually downloaded.
At this time, I think that the XML document is coming from the download server, and I see no reason to allow the cmc server connection.
P.S. I just checked for updates. A connection to the cmc server was made (again, 194 bytes uploaded, nothing downloaded). The XML documents that I deleted has returned. After a couple of minutes deciding what to try next, I blocked the cmc server, deleted the files, and updated again. The files returned, and in addition I got a signature update, so no update problem when blocking the server.
Haarlem - Now that I am blocking the server, I restarted my machine, and I am not getting the connection attempts every 30 seconds, so I have no idea what is your problem.
I’m going to move on, so this is my last message, unless I actually see bytes downloaded. When I first saw the XML document, I’m pretty sure that there was some ID information in it. The file I have now does not have this info, so I probably lost my $5 credit. I think that CMC stands for Comodo Money Center or Credit.
The message for Comodo Money is one of possible messages of Comodo Message Center. If you had read the the friends.comodo.com page you would have seen that you would have to sign up to be eligible for Comodo Money. So you did not loose any Comodo Money.