cmdagent.exe eating up CPU

[Guest]

[Anathaen]

Once I start my computer, for a minute or so my PC runs slower than usual. When I hit CTRL + ALT + DEL to check on running processes I see cmdagent.exe draining the PC's CPU at 70% the least and slowing my PC greatly. My configuration is: XP SP3 Home 32bit, I have no other security software than CIS installed.

[commanding the celsius]

I got no clue.. But prehaps something is "interfering" with CIS, can you post a HijackThis log?

[Anathaen]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:07, on 14.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Time Machine\ClientService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\System Protect\SysProtect_srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\System Protect\SysProtect_Tray.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\Time Machine\CTMTRAY.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\CometBird\CometBird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: copyright (c) 1993-1999 microsoft corp.
O1 - Hosts: this is a sample hosts file used by microsoft tcp/ip for windows.
O1 - Hosts: this file contains the mappings of ip addresses to host names. each
O1 - Hosts: entry should be kept on an individual line. the ip address should
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O1 - Hosts: the ip address and the host name should be separated by at least one
O1 - Hosts: space.
O1 - Hosts: additionally, comments (such as these) may be inserted on individual
O1 - Hosts: lines or following the machine name denoted by a '
O1 - Hosts: for example:
O1 - Hosts: 102.54.94.97 rhino.acme.com
O1 - Hosts: 38.25.63.10 x.acme.com
O1 - Hosts: 74.222.1.181 L2authd.lineage2.com
O1 - Hosts: 74.222.1.181 L2testauthd.lineage2.com
O1 - Hosts: 91.185.193.200 nProtect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System Protect\SysProtect_Tray.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO_TimeMachine] "C:\Program Files\COMODO\Time Machine\CTMTRAY.exe"
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WTClient.lnk = C:\WINDOWS\system32\WTClient.exe
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: [at]xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254922135109
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{264750FC-0612-4211-988B-145897C29AC5}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:       C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Time Machine Client Service (ClientService) - COMODO. - C:\Program Files\COMODO\Time Machine\ClientService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Protect Deletion Prevention Service (SP_Service) - Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 9936 bytes

[commanding the celsius]

You have (IMO) a lot of stuff running.. But yeah nothing looks malicious at least..

If you have a lot lot of rules cmdagent may start eating some additional CPU.. You can try to go to:
D+>advanced> Computer security policy and chose "Purge"..

And also Firewall>Advanced> Network security policy.. and "Purge"..

Not that I believe it will have that much of an impact but at least you could give it a try if you aren't keeping the list slim already..

I believe this may be a bug of some kind.. But Im a bit curios:

Why did you post this in the Anti Virus Bugs section? Have you made any tests that suggests the AV is the issue? (eg, updating the database hogs a lot of cpu?) or disable the av at startup makes booting a lot quicker?

A crazy thing you could always try is using the diagnosis tool.. Or even crazier, reinstall CIS.. Did this problem occur recently? For instance after an update? Or have you always had this issue with CIS?

[Anathaen]

I've posted here since I did not know where to post exactly. I thought it's a bug related to the AV. Well I'll go try remove some things from the D+ list as well as Firewall. Tnks for your suggestions.

And yer, this problem only occured recently. Also, there have been issues in the past with cmdagent.exe eating up PC's resources due to update problems, which forced me once to uninstall the suite.

[EricJH]

What you are seeing is most likely the AV updater running. That takes up resources. You can check by manually starting the av updater. You should see the high cmdagent activity only when updating the av. Can you confirm that=

[Anathaen]

I don't think it's the updater. Again, cmdagent.exe took 80% of CPU and the database wasn't updated. That's it I have to uninstall COMODO again coz it's unbearable to slow my PC down so much. Even though the app is the lightest I've seen it tends to take up many of the PCs resources and that's bad. Until it's fixed CIS won't be installed on my PC.

[genetix]

anctually this issue occures only on old edition on CIS and updated with somethig like v3.1 caused this issue on reboot at middle of update.

On new one this issue is gone also anything which finished the 'big' update there was in the middle this never happened.

[mjarek]

I have the same issue - cmdagent takes up all the processor power... It happened since the latest update.

[knightwhosaysni]

I'm looking for a solution too, but at least can confirm it's AV related...

I've a workaround, too (at least on my machine) - I changed the AV Security level from "On Access" to "Stateful"

Tried this several times, always works.  Even if I stay in "On Access" mode until the CPU is taking a hammering, change to Stateful and the use drops right off.

It's less than ideal if there's a huge difference in security , I know, but with the CPU issues otherwise I'd get as much work done with my PC turned off - but at least that would be more secure!

[EricJH]

There are several reports about CPU choking  (for no apparent reason).

I am not suffering from locks ups that seem to have no reason but on my system with older hardware it tends to choke Explorer when opening a folder with lots of files like system 32 or my folder with software downloads (installers and archives are quite a challenge for AV's; not just for Comodo; I have seen it happen with AVG 8.x and 9.x).

I noticed that changing the AV from Stateful to on access makes things manageable. The CPU usage is high but doesn't choke navigation in Explorer anymore.

It looks like stateful inspection may be playing a role. Who of you has set the AV to Stateful? Can you see what happens when you change the AV setting to On access?

[VICTORINOX]

Switching from stateful to on access making no difference to me, except time of hanging - when stateful my PC hangs for 15-30  minutes, when on access - for 5-15. But before 18 January all was fine - and anyway comodo team did some mistake in update like in October, and till now has not solved it.

[Maske]

But before 18 January all was fine

Same to me. For 3 days already CIS freezes system on startup. Maybe something like this:

-----
https://forums.comodo.com/install-setup-configuration-guides/troubleshooting-cis-t30083.0.html

14. Problem:
CmdAgent.exe uses 100% cpu.

Solution:
This appears to be a conflict with running update software (such as MS Updates).
deactivate cmdagent (stop process in comodo firewall) not able to deactivate with ctrl-alt-delete.
Download and run the Windows updates, then reboot.
-----

[EricJH]

That's an "old"  tutorial last updated December 2008. There are no known problems at the moment with Windows Update.

[EricJH]

Please your attention. I have noticed there are at the moment two kind of performance problems with the AV 3.13. One "general" performance problem and one likely to be caused by faulty update around January 17-18.

For the faulty AV definition update I made a test case in which I want volunteers to participate. I tried this myself and it got rid off certain reported problems that seemed typical for this particular problem. For those who want to participate go to [Testcase]AV problems with XP after January 17 or 18.

[Tags:]