Why does CMDAGENT.exe connect to the internet SOOOO much?

What exactly is it connecting to the internet for?

I see no reason for cmdagent to have to connect to the internet so much. I’m seeing numerous connections every hour. What is it doing? Why are these internet connections neccessary?

Checking for virus database and program updates.

Also, scanning files in the cloud.

…and submit unknown files for analysis to Comodo.



Neither of those options (cloud scanning nor submitting files) is enabled on my box.

I can understand connections for updates, by why isn’t cfpupdat performing the internet connection then? Plus, why would there be so many update connections? It’s not necessary to check for updates every 5 minutes. Once or twice a day should suffice.

So are there any other reasons for so many connections considering the above? It’s a brand new install that I’m certain has no malware on it.

What ports and what IP addresses are involved here?

When using the AV CIS will check for updates every half an hour. CIS will also connect to certificate authorities to check signatures.

Port 80 is being used. I’ll check and get back to you on the IP addresses and if any other ports are being used.

CMDAgent.exe is what does the update-check for AV? Not Cfpupdat?

Connnecting to check signatures, this I was not aware of.

Cmdagent.exe will check for AV updates but will also do the cloud look up. Cfpupdt.exe will do the program update.

Traffic at port 80 will be for the av updates. The cloud lookup will use ports 4447 and 4448.