I have a very strange trouble with Comodo traffic.
We use Comodo internet security for several years in our department. And all was OK. But in September and October 2013 our internet provider showed us a huge incoming traffic from IP address 178.255.82.1 (downloads.comodo.com).
It seems impossible for me because we have only 3 computers which use this internet connection. We have about 70 computers in our LAN but only 3 of them configured to use this gateway. Users cannot change IP settings. All application and database updates was disabled on these computers. There is only cloud scanner enabled.
Despite this provider show us 145.21 Gb from Comodo. It is 99% of our traffic.
Is it possible?
What is the size of daily updates for Comodo?
What is traffic for cloud scanning?
Is it possible that CIS download updates but not install it for some reason? (I can see databases updated in April 2013)
Is it possible that CIS downloads something from downloads.comodo.com if all updates are disabled?
I want to ask Comodo employees, Is there any way to get access logs for downloads.comodo.com? Our IP was 195.209.113.70. We do not use it any more.
But I have to check, if it was real traffic or it was deception or may be DDoS which uses IP Spoofing.
If it is possible, please tell me contacts of person who can help me. May be it can be done as payed support.
I need logs for conections from 195.209.113.70 to 178.255.82.1 for September - October 2013.
I want to ask Comodo employees, Is there any way to get access logs for downloads.comodo.com? Our IP was 195.209.113.70. We do not use it any more.
There are no employees available on this forum to the best of knowledge. Just users. Want answers about the extra traffic then [url=http://www.wireshark.org/]Go Deep.[/url]
Thanks. But no one utility can show me traffic info from the past.
Now we have no traffic from Comodo. It stopped itself.We do not change anithing in Comodo settings.
Guys, I need average values of traffic for one computer when all updates are enabled and all services are enabled.
I will be grateful if you can tell me your average traffic for Comodo updates.
I also want to know if anyone has problems with installing downloaded uptades. Can these problems cause cyclic downloading of updates?
Can you check if one or more installations of CIS are downloading a full database each time it updates the av database? That may cause excessive traffic for sure.
No, I can not. Because the date of last database update will be changed. Now it shows that last update was in April 2013 and I can say that there were no updaes in September and October.
Is any downloads is possible if it was disabled (including application updates and database updates)?
Does cloud scanner downloads AV bases while monitoring system activity?
Thanks.
I have been wondering about this problem. The only thing I can think about is that one or more of the internet allowed computers had one of the CIS core processes crashed. Sometimes when that happens this may corrupt the configuration stored in the registry and may be that changed the update settings. On top of that you would have to had the problem where it would reload the av database each time it updates the AV. Other than that I cannot think of anything else.
Version 5.5 also has a bigger av database size than 5.8-5.12 and 6.x. The latest full database of 5.5 is approx 246 MB where for the later versions it is 157 MB.
Did you set CIS to move logs to another folder when the file size limit has been reached? If not you probably won’t have the CIS logs anymore for the period of September-October.
I had the same problem. Finally I discovered thet commodo update was causing this huge traffic. I uninstalled commodo and installed new version. Now it is OK.
Thanks for the images. That’s a lot of traffic indeed.
What you could do to fix is it is to download the latest full database on one machine and deploy it as described in Where can i download the latest full AV database? . Then update to get the incrementals. If that is successful you can copy that database to the other affected workstations with the procedure described.
I hope that will pull you trough. If not then, I don’t know the exact details, you could clean out a temp folder that CIS uses to update the av. I don’t know if it is in the installation, programdata or profile folder but I recall that may help to get past the problem where a corrupted database download causes CIS to reload the full av database each time it updates. I don’t know if this folder has some user right access limitations like the quarantine folder does. A take ownership procedure will then be required.