Hello Everyone,
Because of an issue with the latest virus database, some computers might observe significant CPU consumption problems caused by cmdagent.exe.
You might observe this issue if your virus database version is 2525 and later. We have reverted the problematic updates. However, because of the nature of this issue, already affected computers might not function properly to revert the updates back.
For those computers, the following instructions can remediate the issue:
1 - Reboot your computer in safe mode
To enter to the safe mode, you need to press F8 button before Windows starts booting until you see the boot menu. In the boot menu, select the safe mode.
2 - Delete the file in c:\program files\comodo\comodo internet security\scanners\bases.cav
3 - Copy c:\program files\comodo\comodo internet security\repair\bases.cav to c:\program files\comodo\comodo internet security\scanners folder(this action will replace the current bases.cav file with the original bases.cav file that comes with the installation).
4 - Restart your computer and Update your virus database again.
after these 4 steps, everything should go back to normal.
Alternatively, you can manually download the latest bases.cav file from
http://download.comodo.com/av/updates311/sigs/bases/BASE_END_USER_v2456.cav and replace the problematic bases.cav with this version.
Directions for System Administrators who use COMODO ESM for managing the endpoints(These directions are NOT for end-users):
1. By using ESM console create a sequence with Set CIS config action that turns off realtime scanner (set it to disabled mode). You can use previously discovered configuration from one of your endpoint computers or try to discover a new one.
2. Create a task from the sequence that was created in the previous step and choose the target endpoint computers for it.
3. Run the task.
4. Go to Task results manager and make sure the task has successfully finished.
5. Create the task with sequence containing the reboot action and with endpoint computers from the previous task
6. Run the task. After target computers got rebooted cmdagent on that computers should not use 100% of CPU
7. Create task with sequence containing discovery getCISconfig action and run it on all endpoint computers from the previous task
8. Go to Task results manager and make sure the task has successfully finished.
9. Open the discovery data you have, choose one of your endpoint computers and make sure the realtime AV scanner is disabled.
10. Create and run AV DB update task for endpoint computers recovered in the previous steps.
11. Change Set CIS config action data from the step 1 to turn on realtime scanner (set it to “on access” or “stateful” mode). Save the sequence containing this action and run the task created on step 2.
We are sorry for the inconvenience this might have caused.
Regards,
Egemen
Author