Dear Comodo,
I regularly monitor the log-files of connections from my modem. Since a few days I noticed that - every 30 seconds - my PC connects to an IP-address (178.255.87.14:443) that appears to resolve to ‘cmc.comodo.com’ in the UK. I suspect that this phenomenon started when I updated to the latest version of your free Comodo Firewall.
Can you please explain what this connection is all about? How can I stop my PC from making this connection?
Kind regards, Peter.
Can you please explain what this connection is all about?
every 30 seconds ? you have a boy-friend who is working for boing at the airport and you refuse to call him so he took the mask of comodo to incoming a love affair …
;D
How can I stop my PC from making this connection?
close the door or better black-list him : take care you have 29 seconds to do it !
;D
are you living in uk or is your vpn always adjusted on london/bradford ?
maybe it is the same for everyone but i never noticed it
Yes, every few seconds there is an exchange between my PC and that IP-address. No, I don’t live in the UK. I’m from the Netherlands.
I’ll attach a picture with a few lines from the log-file of my modem.
I’ll consider switching to another product if this isn’t resolved.
Regards, Peter.
[attachment deleted by admin]
hello to the netherlands
i read ACCESS PERMITED : only you have given this permission or you are infected/ hacked & i do not know how you have configured your cis/firewall and you are speaking about a modem.
you have these tools : killswitch & end point & web site filter
you think that it is a trouble-shooting about the update … have you clicked " update " ? it is maybe that you have done and it was perhaps a little mistake ; you should have had to uninstall the old version, clean up your pc then install the new version.
I’ll consider switching to another product if this isn’t resolved.
i am not a comodo employe
i will let now someone else answering to you.
bye to the netherlands
At you the option is included ?
Send anonymous program usage (e.g. clicks, crashes, errors etc) statistics to COMODO in order to improve the product's qualityCan be. ??? Edit: Most likely this IP is connected with it. ( option ) It is visible that a 443rd port.
Cmc may stand for Comodo Message Center. You can disable it under Show messages from COMODO Message Center
Thank you all for your replies!
merke
I will consider a clean install of Comodo Firewall. But it seems a bit silly when software allows you to update from within itself, that a fresh install would be necessary. The configuration of the firewall is pretty much ‘out of the box’. It’s this strange connection that brought me to tinkering with the settings.
jenny66
I had already found that setting (Send anonymous program usage statistics to COMODO) and disabled it. It didn’t help.
EricJH
That was a setting I had missed. I disabled the ‘Show messages from COMODO Message Center’ but it did not help. I even rebooted my system but there is still data leaking.
I have included a new screenshot from the Comodo interface. It shows the outbound traffic and it shows that every few seconds there is a transmission of 194 bytes and it is the Comodo ‘cmdagent.exe’ that is responsible for it. Now, when I right-click on that line and I select ‘Terminate connection’ then the leaking finally stops! But after a reboot of my system it starts again. I don’t see myself setting this manually every time I boot up my system.
Regards, Peter.
[attachment deleted by admin]
At you all options are disconnected.
But! It is maybe can be simply go constant requests for the IP address.
Something tries to make. ???
I would block if there is no understanding for what. This my opinion.
You can simply block in global rules.
Edit: Or only for cmdagent.exe
More ideas aren’t present. As I don’t use the new ( 6 -7 ) version.
It were my assumptions.
i have the same problem sometimes, just ignore it 
it’s from the update.
Regards, Peter.
I understand
Just the problem is as I believe you have unticked all the options message centre/ Data sending logs/Cloud it should not be happening.
Did you just install CIS no Dragon or Prividog as each of these will have a updater.
Dennis
haarlem,
I’ve been allowing cmdagent to make any connection that it wants because of another issue that I am having (I don’t want to change the subject). I get the connection one time at startup. My firewall program is allowing it. I suspect that you have a firewall rule blocking the connection, which is why you get the connection attempt every 30 seconds. If Dennis2’s suggestion doesn’t work, I can stop the connection by editing the following registry key:
HKEY_LOCAL_MACHINE: SOFTWARE: COMODO: CIS: Options
Right-click “Options” and export the key, in case you change your mind. Edit CmcHost & UsageStatHost.
I would guess that the site is just counting the number of users running the program.
Thanks for suggestion about a blocking rule
Please check your firewall logs for blocked connections, as this would explain why it attempts to connect every 30secs.
As I use TCPView it shows a blocked connection as such.
Dennis
To make a long story short, I had a need to look at some Comodo files. There is an XML document in the folder “C:\ProgramData\Comodo\Cis\cmc2\local_trees”. The cmc site may be how Comodo gets paid for the optional installations.
Comodo Message Center is only for messages from Comodo. Not for third parties.
I enabled “Show messages from COMODO Message Center”. I got a pop-up about $5 waiting for me in the Comodo bank - similar to the contents that I saw in the XML document, which led me to my Comodo payment theory. No connection to the cmc server. I’ll assume for now that the XML document was downloaded during installation. When closing the message, I got a message from my firewall program asking me to allow a connection to www.comodo.com (91.199.212.176), which I blocked one time. The files in the local_trees folder was not deleted after seeing the message, so I deleted them myself.
I’m going to leave the “show messages” option enabled. All I ever see is the 194 bytes uploaded, nothing downloaded. I have set my firewall program to alert me when a connection to the cmc server is made, so I’ll know when something is actually downloaded.
At this time, I think that the XML document is coming from the download server, and I see no reason to allow the cmc server connection.
P.S. I just checked for updates. A connection to the cmc server was made (again, 194 bytes uploaded, nothing downloaded). The XML documents that I deleted has returned. After a couple of minutes deciding what to try next, I blocked the cmc server, deleted the files, and updated again. The files returned, and in addition I got a signature update, so no update problem when blocking the server.
Haarlem - Now that I am blocking the server, I restarted my machine, and I am not getting the connection attempts every 30 seconds, so I have no idea what is your problem.
The Comodo payment theory is for rewarding users who bring on other users with virtual currency: Earn Comodo money by putting your Link here. Also see http://friends.comodo.com/ how that virtual currency can be used to acquire paid Comodo products.
I’m going to move on, so this is my last message, unless I actually see bytes downloaded. When I first saw the XML document, I’m pretty sure that there was some ID information in it. The file I have now does not have this info, so I probably lost my $5 credit. I think that CMC stands for Comodo Money Center or Credit.
The message for Comodo Money is one of possible messages of Comodo Message Center. If you had read the the friends.comodo.com page you would have seen that you would have to sign up to be eligible for Comodo Money. So you did not loose any Comodo Money.
Comodo Message Center can be easily disabled with the Show messages from COMODO Message Center setting.