when does COMODO phone home?


I’m analyzing traffic from a PC to try to determine if it’s infected
I noticed comodo phoning home (91.xxx.xxx.171 or 204.xxx.xxx.142 - I decided to mask the IPs just because I don’t see any value of disclosing this here) often…
usually getting a /av/tvl/deletedvendors.txt file, and sometimes a /cis/download/updates/release/inis_1003/cis_update_x64.xml or /cis/cmc/cmc_free_1033.xml

those are just GET requests, apparently with no personal information sent

while I understand the purpose of those requests, I’d like to know if there’re any other requests we should be aware


There’s a cloud scan request and for CIMA, upload of unknown files for analysis, updating TVL, database update, checking of new version of the program, that’s as far as I know…

ok I have all cloud scan turned off,updates turned off virusscan turned off yet every couple seconds cmdagent is trying to hit dns.
why is this?

[attachment deleted by admin]

Yes they know about that, not suppose to.

It will be fixed in the next few days.

Will post bug topic link so you can read here.