CPU USAGE GOES TO 100% with new 2.4 [Resolved in version 3]

[Guest]

[Little Mac]

The rule wich is violated is the number 5 (in the log there is written: protocol UDP incoming, Reason: network control rule ID=5).

The solution to build a new rule (ICMP) as suggested in a previous post does not work on my pc.

Does someone has any suggestion for me please?

zippo, I have highlighted the items that cause the rule addition not to work for you... You're trying to add a rule for ICMP, but the violation is for UDP...

I have a similar situation here, and the following is what I have done.... (your rules will be very similar):

Go to start/run, type in "cmd".  At the DOS window prompt, type "ipconfig /all"  This will give you the IP address for the Default Gateway, DNS Server, DHCP Server, Primary WINS Server, etc.  These are needed for your internet connection, so note/write down the IP range on those.  For the sake of this example, let's say those IP addresses are 10.0.0.1, 10.0.0.2, 10.0.0.1 (again), and 10.0.0.2 (again).

If you have no problems connecting to the internet, you may not need to add a Zone/Trusted Network for those IP addresses/range.  In that case, what you can do is add a rule to the Network Monitor.  Place it just above the bottom Block & Log All rule.  It will go as follows:

Action:  Block (don't log)
Protocol:  IP
Direction:  In
Source IP:  IP Range - 10.0.0.3 through 10.0.0.255 (which would put it through the end of the range in our example; this is everything past those IPs you need...)
Destination IP:  Any
IP Protocol:  Any

So it will look like Rule ID 6 in the attached screenshot.  You are blocking all this unnecessary "chatter" in your logs (that was being blocked anyway) only now you're not logging it. 

That should help,

LM

[Soyabeaner]

After almost a month since the initial date of my ticket submission the response was that they will investigate it.  My tickets are always about difficult issues.

[placoboy]

Just to add that today I got cmdagent to go beserk as well, a sustained 40% CPU
I had to shut CPF down and relaunch it. Dont see what caused it.
(not using Network monitor, just apps)
As usual I was authorizing or denying some OLE or DLL issues, but something must have gone wrong ...weird!

[dank54]

Hi guys, i hope ypu can help me with this,

I have a win xp sp2 sys
3200 64 cpu
1 gig of ram
 i typically use ie 7 for browsing

i have been recently getting sustained 80-90% cmdagent.exe usage especially when opening i.e 7
i am using bittorrent but i have set the firewall to what support has suggested and its on ports 45321-45330 (maybe those are bad ports but i doubt it), besides that my firewall is on default settings. I have avg anti virus and comodo anti virus running simul. but the firewall nor either anti viruses have a turtle, a turtle sitting on a rocked about each other.

if you guys need any other info ill give it

btw thx comodo for creating a free full-powered security suite 

[Quill]

From what I can see, its down to logging.

I began to notice a few problems with applications 'hanging' occasionally, but most of all it was the intense disk I/O that really caught my attention. After a few hours investigation it became obvious it was CFP Logging at the heart of the problem.

My situation is probably worse than most as I have been trying to create a 'hardened' rule set and to that end, I currently have 42 Network Monitor rules and 112 Application Monitor rules (for 18 applications!!!) and I'm still not finished!

For now I turn logging off while I'm surfing and only enable it when I'm testing.

[Little Mac]

My situation is probably worse than most as I have been trying to create a 'hardened' rule set and to that end, I currently have 42 Network Monitor rules and 112 Application Monitor rules (for 18 applications!!!) and I'm still not finished!

And when you get done, you will write a Tutorial for users who want to know more about doing such things, correct?  (so we can include in the FAQ)

LM

[placoboy]

Mmmhh may I ask where you disable logging? and/or (live) connections? if it is possible?

yesterday I also experienced this issue cmdagent [at] 100%CPU and I believe the monitoring features (connection and/or logging) were the culprit. I managed to stop CPF so I was fine but otherwise I would have had to reboot!!!

What do we do until Apr16th?
Thanks

and again, please allow grouping (by apps, ...) of log and connections to allow better readability.
thanks (already mentioned in wish list v3  )

[Little Mac]

placoboy, one thing you can do is open the Network Monitor, find any rules that say "Block & Log" (shows a paper graphic on the red "x"); edit those rules, and uncheck the box "Create an alert if this rule is fired." OK.  After you're finished with those, reboot to clear the memory and set the new rule details.

soyabeaner's got some more options he can share from his experience in dealing with logging/CPU issues, to help you thru to the fix...

LM

[placoboy]

Currently NOT using the network component, only the application component, and I havent seen any place I can disable things for this component.

Soyabeaner? any input?

If not available, please plan for v3, it seems the logging feature have a serious impact on all personal firewall cpu load and it is always useful to be able to reduce or not use them

thanks

[Soyabeaner]

placoboy, if I had the ability to I would've done it already.  As you can probably guess, I'm not a CFP developer .

Now why would you want to disable the Network Monitor other than to invite hackers .  It's the core of all the monitors in CFP because it controls network traffic.

[placoboy]

Because I am behind a network router WITH a firewall, so by not using it on CPF, I guess I reduce resource consumption of CPF to a minimum, and I am just interested by controling apps going out such as malware using leak weaknesses.

[Quill]

And when you get done, you will write a Tutorial for users who want to know more about doing such things, correct?  (so we can include in the FAQ)

LM

Its half done   and its sure to bore the pants off most people

[alkalvin]

As you can probably guess, I'm not a CFP developer .

 Has anyone in an official capacity weighed in on this issue?Allowing a huge defect like this to exist for this long is beyond inexcusable.If they don't want to support it they should eliminate the freeware version.
    I started using this because Symantec bought out Sygate and killed it.I wasn't really looking for another piece of unsupporetd software ,ya know?

[alkalvin]

  This started for me after the last  Adobe Reader 7.xx update.I uninstalled Adobe Reader 7.xx and I got my CPU back.

                    http://forums.comodo.com/index.php/topic,7073.0.html

Edited by mod to correct url topic

[acky]

So as someone already said is the logging that's causing the CPU usage.

I am new to this forum and to this wonderfull firewall but maybe developers can take a look for future versions at logging.

Proof:

Fresh install Windows Server 2003 Service Pack 2:

Just Nod32 and Comodo on it.

I used comodo before never gone into this problems. when i look in activity window indeed there is lot of activity on port 137 and he is logging that because its denying it with rule 5 by default. Logging is causing the CPU to stay at 50% all the time.

for now i will make a rule without logging for specific port but i wanted to post for developers to consider this for future versions.

have a good day.

Edit: Even if i added a rule with the ports that were logging alot of incoming udp now any time rule 6 is triggerd even for 1 or 2 events of incoming udp even then CPU usage goes high  that's not good - i thought its the volume of logging but its not. this must be review because as i see it now logging must be disabled at all because taking too much CPU.

[Tags:]