1

I do not like when programs constantly send some data from my computer over Internet without my consent. I installed the latest version of COMODO Firewall and I set all updates to "manual". And despite this I was constantly observing that cmdagent.exe was sending some data from my computer and was downloading something to my computer.

https://s25.postimg.org/n0n333ldb/shot_1.png

I tried to block this program from connecting to the Internet by creating a firewall rule.

https://s25.postimg.org/4mh5cuygf/shot_2.png

But that did not help. Now the program connects to different IPs.

s25.postimg.org/lcsj26wvj/shot_3.png

And it still transfers some data over the Internet.

s25.postimg.org/mqk5xhw4v/shot_4.png

Is it possible to block this?

and his dog
  • 629

2 Answers2

0

You can go to the Firewall Application Rules and scroll down to the bottom to find the rule that whitelists Comodo applications. Change that to the Blocked Application rule. You can temporarily change it back to Outgoing Only when you need to update the software.

user1001596
  • 1
0

cmdagent (and generally any COMODO's own executables) can be blocked like any other application: by creating a rule that blocks "any" connection to/from them, or assigning the "Blocked Application" ruleset to it.

This may also be contingent on disabling the "Create rules for safe applications" setting, removing all "Trusted vendors" and generally disabling all the "trusted" features (which should be the first thing to do on any firewall). And running the firewall in the "Custom Ruleset" mode (which again, should be the norm).

Beware though that COMODO IS/Firewall 12.x has a long-standing bug: cmdagent checks for signature revocation for any (signed) executable being run, even if all options to that effect are disabled. If cmdagent is blocked, it will delay the launch of any app until it gives up the connection, which takes 10-30 seconds! (Even if it's not blocked, it will delay the launch until response is received from a remote server). This makes COMODO 12.x all but unusable. The last usable version is 10.x or perhaps 11.x, which is circa 2018. It's still possible to get it from the Wayback machine.

Zeus
  • 149