updates automatically, even while disabled?

I disabled the updates from downloads.comodo.com, but cis pro loads an icon in taskbar and updates from some other source.

I do not want to update unless i tell it too.

So if this is disabled, how is it updateing?

Having this ticked as far as I know just tells the preferred location.
Disable program updates in More, Preferences and untick Auto check for program updates.
Disable Database updates in Antivirus, Scanner settings , Manual, Real time and Scheduled scanning untick auto update virus Database. Kind regards.

205.234.175.175 vip1.G-anycast1.cachefly.net City Region/State Postal Code CHICAGO ILLINOIS 60606 Country Name Country Code Time Zone UNITED STATES US -06:00 ISP Latitude Longitude CACHENETWORKS INC 41.85003 -87.65005 Domain Name Net Speed IP Decimal CACHEFLY.NET DSL 3454709679

Read more: http://www.whatismyip.com/tools/ip-address-lookup.asp#ixzz1SYzBUx00

is the only other ip. during these updates

91.199.212.171

is the other one, i believe vip is hijacking the updates or doing something other then cacheing internet traffic.

205.234.175.175 vip1.G-anycast1.cachefly.net is from an unknown location
and appears momentarily, from windows\system\ svchost.exe

thank you captain, lets see how this works. xD

So this icon, that no loner succeeds in updateing, is these auto updates?

Comodo is using Cachefly hosting company to distribute the CIS updates. So, it is expected to see CIS connect Cachefly when it is looking for an update. 91.199.212.171 belongs to Comodo and is the IP address belonging to the download.comodo.com url.

Does disabling the program update as capatainsticks suggested the trick for you?

the anti-v updated yesterday, without consent. it doesn’t update as often now. in the past when it did this would be nearly constant. and eventually comodo would stop functioning properly. alerts would disappear under the mouse as soon as it moved over it, while at other times when an alert should pop up, it wouldn’t even if the process and files were not trusted or allowed. I’m starting to think maybe pro, has remote support constantly connected? or there is another one. netstat should always report active and pending connections,services, and processes? When it reports nothing or hangs, it usually indicates a ddos or other issues, and my logs did show such things.

Why would a connection from the UK to the east coast of the us, be cached from the middle of the states? Then later from an unknown, untraceable ip? it seems very strange to me :-\ even if it were routed via satalite…maybe i should look at more then just the start and end points. Cachefly seems to be tied into the networks, and i don’t think anyone can choose to use it or not. There always seems to be issues when i see it in my ping and hops lists. It normally isn’t there. but if i block it, it just finds another way…

images are a list of hidden devices installed on the pc. isataps can not be disabled, and reinstalls and creates more adapters. If i try to uninstall it.
from wiki ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 cannot pass through the firewall… how do i do this?

Some sort of ip6 remote thing was there before i snapped these, i removed it and it has stayed away.

There are also multiple shadowcopies of the hardrive. i don’t need this and have attempted to remove and stop it’s services. I have not succeeded… these can be used to see what is installed and what you are doing remotely…without needing authorizeation, or causeing alerts, snapshots are being taken, but not by me or any software on the pc.

The automatic update of the AV can be done under Real Time ScanningNotice there are two different settings for updating. One for the AV and one for the program.

it doesn't update as often now. in the past when it did this would be nearly constant. and eventually comodo would stop functioning properly. alerts would disappear under the mouse as soon as it moved over it, while at other times when an alert should pop up, it wouldn't even if the process and files were not trusted or allowed.

Please be more specific about what is happening. I am having a hard time to find head and tail in what you are trying to say; it seems you are mxing up various things into one big tangled mess. Please separate the events and provide clear descriptions for each incident thathappened, what and how you analysed and what your conclusions are.

I'm starting to think maybe pro, has remote support constantly connected? or there is another one. netstat should always report active and pending connections,services, and processes? When it reports nothing or hangs, it usually indicates a ddos or other issues, and my logs did show such things.

Without anything like screenshot all you are saying is highly speculative. Please provide us with solid information to help analyse the situation. With speculations we are not going anywhere.

Why would a connection from the UK to the east coast of the us, be cached from the middle of the states? Then later from an unknown, untraceable ip? it seems very strange to me :-\ even if it were routed via satalite...maybe i should look at more then just the start and end points. Cachefly seems to be tied into the networks, and i don't think anyone can choose to use it or not. There always seems to be issues when i see it in my ping and hops lists. It normally isn't there. but if i block it, it just finds another way...

Again, you are rambling. Please separate concerns from facts for starters. With facts I mean stuff like screenshots from Netstat result for example.

images are a list of hidden devices installed on the pc. isataps can not be disabled, and reinstalls and creates more adapters. If i try to uninstall it. from wiki ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 cannot pass through the firewall... how do i do this?

Some sort of ip6 remote thing was there before i snapped these, i removed it and it has stayed away.

To disable IP v6 follow this or this or this.

There are also multiple shadowcopies of the hardrive. i don't need this and have attempted to remove and stop it's services. I have not succeeded... these can be used to see what is installed and what you are doing remotely...without needing authorizeation, or causeing alerts, snapshots are being taken, but not by me or any software on the pc.

Nothing to worry about as it is part of normal Windows operation. If you want to disable it then [url=http://www.google.nl/search?hl=en&client=opera&hs=RTL&rls=en&channel=suggest&q=shadow+copy+disable&oq=shadowcopy+disable&aq=0sx&aqi=g-sx1g-msx2&aql=&gs_sm=c&gs_upl=6505l7614l0l9692l8l7l0l0l0l0l140l711l4.3l7]Google[/url] is your friend.

automatic updates were disabled, i was trying to find malware and remote connections via norton and xfinity’s provided remote support. And comodo updated, this seemed to cause issues for the tech, as he quickly ended the session. I wanted to use a norton tech based in the usa, and the second time around they refused to give me a us based tech, despite there being atleast one tech available. i’ll try again today… there is definately something wrong.

There was also no ip address, and no process listed for the update. indicateing that malware initiated it from a hidden process/ip/remote not in comodo’s active cons or process lists, taskman or netstat.

sometimes windows updates, will also initiate and install stuff, even when no devices are enabled, or connected.

some how device manager was unloaded, and is being prevented from loading.

you are able to see problems, because there are no problems?
atm i am like gullipics.com

ALLWAYS a thriller

i guess, this tech was happy in the end that "something" caused issues, so he could quickly end the session…

lol @ clockwork and the n-tech’s quick departure… I’ve un-installed comodo until which time these problems can be solved… I still have the ability and am willing to recover logs or files if needed to help diagnose these issues. Unwanted/unauthorized comodo updates persisted, the most recent one there weren’t any active connections to even initiate an update… So i re-formatted the hard drive again.

I have not visited today facebook,yahoo, or used any liveperson support or sales… I was wondering what in this list seems strange or can be blocked…also notice the ack attack’s ip is also hidden. or no longer online. These are from my router logs directed at or from my pc.

crl.microsoft.com
opi.yahoo.com

l.addthiscdn.com
s7.addthis.com
log.optimizely.com
por-chr.cimcontent.net
b.scorecardresearch.com
serviceo.comcast.net

comcast.tt.omtrdc.net
l.yimg.com
pn1.bc.yahoo.com
pn1.adserver.yahoo.com
content.pulse360.com
imagec10.247realmedia.com
www.gstatic.com
crl.geotrust.com

/hc/44153975/?lpCallId=873811660139-884349587727&protV=20&lpjson=1&site=44153975&cmd=mTagKnockPage&id=3483647410

cache.vzw.com
akamai.turn.com
www35.vzw.com
tags.bluekai.com
verizonwireless.tt.omtrdc.net
view.atdmt.com

ak1.abmr.net
va.px.invitemedia.com
ak1.abmr.net
g.ceipmsn.com
pki.nai.com
www.rsasecurity.com
dss1.siteadvisor.com
[DoS Attack: ACK Scan] from source: 70.37.129.71, port 80, Monday, July 25,2011 22:23:14

70.37.129.71 is Microsoft!

Order             : 1
IP Address        : 70.37.129.71
Status            : Succeed
Country           : USA - Washington
Network Name      : MS-ONLINE-SERVICES-NJ
Owner Name        : Microsoft Corporation
From IP           : 70.37.128.0
To IP             : 70.37.129.255
Allocated         : Yes
Contact Name      : Microsoft Corporation
Address           : Microsoft Online Services, One Microsoft Way, Redmond
Email             : noc@microsoft.com
Abuse Email       : abuse@msn.com
Phone             : +1-425-882-8080 
Fax               : 
Whois Source      : ARIN
Host Name         : 
Resolved Name     : cds66.ewr9.msecn.net

omg, microsoft in redmond,WA routed through NJ? seems odd… Why in the heck are they attacking me?
exploits maybe? I don’t even think updates or error reporting should go that direction?

I tried looking through my registry with the links supplied by eric, but things didn’t seem to match up, so i changed some 1’s to 0’s where i felt comfy doing so and deleted refrences to ip6 inf’s for various remote and “ras” entries…but i could not change or delete this one here…

Good grief!!!

You don’t think, even for the teensiest instant, that Microsoft might have more than one server floating around and maybe, just maybe, they’re in more than one location.

I tried looking through my registry with the links supplied by eric, but things didn't seem to match up, so i changed some 1's to 0's where i felt comfy doing so and deleted refrences to ip6 inf's for various remote and "ras" entries...but i could not change or delete this one here...

Now there’s a basis for a stable computing platform!! Comfiness. Why didn’t I think of that before?

As a strong suggestion, if you don’t understand what you are changing in the registry, then don’t change it. The registry is the centralised settings repository that the O/S, as well as your apps, use. Uneducated changes here can have drastic consequences.

Ewen

i learned something today! brb, i just change some things in the regis…
(connection timed out)

well since some things in our registries are un documented… it’s trial and error, sometimes microsoft doesn’t like it and ends your licenseing…disableing help and support and various other microsoft hacking utilites that microsoft uses to violate a users privacy. And the user’s agreement. Doing what they do, how they do it is not covered by the eula. I’m sure they will change it so they can, but then every hacker in the world would know about it…and exploit it more.

Eric, i’m not rambling everything there is very specific and deal with the strange updates.

I re-installed because nothing else available i can trust. The download i get for norton via comcast always has vb.ar-2 remote exploits. comodo and norton are the only ones that don’t list this as a threat, but comodo seems to do something to help, as it’s the only one that can go more then a month without BSOD’s or complete loss of internet. There are still quite a few anti-v’s i haven’t tried yet that have been trusted in the past… but comodo remains the one i install on first boot, mostly because of it’s tools and firewall. specifically the ability to end processes, and identify them, and block them.

I can no longer disable the updates server listing via preferences.

I succeded in using a https, after an update it no longer saves https or allows removal of the site listings.

product: 5.5.195786.1383
virus signature databse version : 9688
Is this legit? why aren’t we using secure servers for updates?? ???