I’m analyzing traffic from a PC to try to determine if it’s infected
I noticed comodo phoning home (91.xxx.xxx.171 or 204.xxx.xxx.142 - I decided to mask the IPs just because I don’t see any value of disclosing this here) often…
usually getting a /av/tvl/deletedvendors.txt file, and sometimes a /cis/download/updates/release/inis_1003/cis_update_x64.xml or /cis/cmc/cmc_free_1033.xml
those are just GET requests, apparently with no personal information sent
while I understand the purpose of those requests, I’d like to know if there’re any other requests we should be aware
There’s a cloud scan request and for CIMA, upload of unknown files for analysis, updating TVL, database update, checking of new version of the program, that’s as far as I know…
ok I have all cloud scan turned off,updates turned off virusscan turned off yet every couple seconds cmdagent is trying to hit dns.
why is this?
[attachment deleted by admin]
Yes they know about that, not suppose to.
It will be fixed in the next few days.
Will post bug topic link so you can read here.