Author Topic: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load  (Read 139843 times)

Offline specialfx

  • Newbie
  • *
  • Posts: 4
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #45 on: November 23, 2007, 10:13:53 PM »
Thanks your help is much appreciated. In order to confirm that uxtheme.dll is not patched anymore please run sigverif with advanced options and let it search your windows directory and subfolders. If  that dll will be listed that means uxtheme.dll is still patched.

OK,
Got some promising results...

Restarted XP Pro in safe mode. (Comodo FW3 still installed)
Uninstalled the Bricopack by Crystal XP software.
Performed a normal startup in XP Pro.

Well, Wadda Ya Know?? It worked!!

Comodo FW 3 completed its install and went thru its learning curve (which it would not do at all, previously), and it works flawlessly too!
No more screaming or 100% CPU hogging by CMD Agent.
The most CPU usage I saw at all was 39% spike for a split second. Then mostly 0% to 2%.

I ran the Micro$oft SIGVERIF utility, (that took a long time!) and surprisingly the DLL "UXTHEME.DLL" is still installed in C:windows\system32 directory and in C: windows\servicepackfiles\i386.

I figure the issue is somehow between FW3 and Bricopack's DLL.
Oh well...I'd rather have my Comodo and a stable system!! (:CLP)

PS- I'm also going to uninstall the UXTHEME DLL's just to ward off any possible issues in the future!

I hope this post helps out some of you boyz and girlz out there!!  (R)

Offline duhbomb

  • Newbie
  • *
  • Posts: 5
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #46 on: November 23, 2007, 10:25:32 PM »
If I uninstall the Vista Inspirat Bricopack can I just delete any references to UXTHEME DLL that might be remaining without causing problems (sorry I don't know much about this stuff) (:SHY)

Offline specialfx

  • Newbie
  • *
  • Posts: 4
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #47 on: November 23, 2007, 11:03:52 PM »
If I uninstall the Vista Inspirat Bricopack can I just delete any references to UXTHEME DLL that might be remaining without causing problems (sorry I don't know much about this stuff) (:SHY)

That will probably work... at least it did for my situation. I was thinking about also deleting that DLL but after closer examination it looks like its a part of the M$ Operating System. So I'm going to leave it alone. For now anyways... ;D I also did a good registry cleaning after removing Bricopack. Running it 3 or 4 times till no more errors came up. Everything's been great so far (:CLP)

Offline hairbautt

  • Newbie
  • *
  • Posts: 15
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #48 on: November 23, 2007, 11:49:12 PM »
No, lol, don't delete it. The reason why the uxtheme is patched by the Bricopack is to allow you to use non-m$ visual styles.

I'm guessing that if you use a system file replacer program (to override Win's File Protection) to replace the file from system32 with the one in i386 that should solve it too?

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #49 on: November 23, 2007, 11:50:57 PM »
here is the temp fix

********************
Hi Guys,

More than a million PCs is using CFP 3right now and the weird bugs/problems are posted in the help board.

2 of these problems seem to be recurring. Here are the temporary fixes until we update the executables:

1 - cmdagent.exe 100% CPU consumption:

This has been verified and fixed with the upcoming update.  It is related to patched uxtheme.dll.
However, until the updates are issued the temporary fix is disabling the registry protection :

* Defense+->Advanced->Defense+ Settings->Monitor Settings
* Uncheck "Protected Registry Keys"
* Press Apply and restart

2 - System Slowdown issue :
It is related to the load on comodo lookup servers.

Online file lookup must be disabled

* Miscellaneous->Settings->Update
* Uncheck "Automatically perform an online lookup for the unrecognized files" option
* Press Apply button

Both 1 & 2 should solve the most of the problems.

3 - Email client problems

* Firewall->Tasks->Stealth Ports Wizard
* Select "Alert me to incoming connections"

Then Protocol analysis should be disabled.

* Firewall->Advanced->Attack Detection Settings->Miscellanous
* Uncheck "Do protocol analysis" option

Thank you all for the cooperation,

Egemen

*********************

Offline moocow

  • Newbie
  • *
  • Posts: 20
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #50 on: November 24, 2007, 04:38:25 AM »

1 - cmdagent.exe 100% CPU consumption:

This has been verified and fixed with the upcoming update.  It is related to patched uxtheme.dll.
However, until the updates are issued the temporary fix is disabling the registry protection :

* Defense+->Advanced->Defense+ Settings->Monitor Settings
* Uncheck "Protected Registry Keys"
* Press Apply and restart

How is that possible?
I did revert my uxtheme.dll to the original and enabled Protected Registry Keys again, but the problem was still there.

Also, where in the protected registry keys does it say anything about uxtheme.dll?
« Last Edit: November 24, 2007, 04:43:39 AM by moocow »

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #51 on: November 24, 2007, 04:45:09 AM »

Hey wait  UXTHEME DLL is an important system DLL don't remove it. If it is listed it means it is still patched so you only have to find an original  UXTHEME DLL.
But if you issue is resolved you can leave that in place and use skins ;)
« Last Edit: November 24, 2007, 02:33:23 PM by gibran »
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline specialfx

  • Newbie
  • *
  • Posts: 4
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #52 on: November 24, 2007, 12:58:11 PM »
Hey wait  UXTHEME DLL is an important system DLL don't remove it. If it is listed it means it is still patched so you only have to find an original  UXTHEME DLL.
But if you issue is resolved you can leave that in place and use skins ;)

Yeh, did some research first...I left uxtheme DLL in place after finding that it is a system DLL :o
I'm on day two w/o any issues with FW3! So far it's been just fine...
Thanks for all the input!!!

Offline angelinthehell

  • Newbie
  • *
  • Posts: 2
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #53 on: November 24, 2007, 04:44:42 PM »
here is the temp fix

********************
1 - cmdagent.exe 100% CPU consumption:

This has been verified and fixed with the upcoming update.  It is related to patched uxtheme.dll.
However, until the updates are issued the temporary fix is disabling the registry protection :

*********************

It doesn't work at all for me! cpu at 100% even if i unchek that option.
i dont think i ever patched the file uxtheme.dll, but its version is 6.00.2900.2845 if can help.
Now i have Defence+ disabled so i can work.... waiting for the update, hopefully working...
---------
Comodo v3.0.13.268 32-bit, WinXP Pro SP2, Nod32 v3.0.563.0

Offline gibran

  • Average User
  • Comodo's Hero
  • *****
  • Posts: 5056
  • A bad workman always blames his tools
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #54 on: November 24, 2007, 04:59:23 PM »
It doesn't work at all for me! cpu at 100% even if i unchek that option.
i dont think i ever patched the file uxtheme.dll, but its version is 6.00.2900.2845 if can help.
Now i have Defence+ disabled so i can work.... waiting for the update, hopefully working...

Quote from:  CFP Help
Windows/WinEvent Hooks - In the Microsoft Windows® operating system, a hook is a mechanism by which a function can intercept events (messages, mouse actions, keystrokes) before they reach an application. The function can act on events and, in some cases, modify or discard them.  Originally developed to allow legitimate software developers to develop more powerful and useful applications, hooks have also been exploited by hackers to create more powerful malware. Examples include malware  that can record every stroke on your keyboard; record your mouse movements; monitor and modify all messages on your computer; take over control of your mouse and keyboard to remotely administer your computer. Leaving this box checked means that you are warned every time a hook is executed by an untrusted application.   

Maybe your issue is caused by another app.
To test this run MSCONFIG and disable all startup apps at once. then re-enable windows hook monitor and restart.
This way it would be possible to exclude some issues with your startup apps.

"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."- Douglas Adams

Offline Yoss

  • Newbie
  • *
  • Posts: 4
  • The Dutch Viking
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #55 on: November 24, 2007, 05:26:56 PM »
Hi, I'm new to this forum. Greetings from a windy Holland.
I have a.o. 2 computers in my network. One is a 2004 HP d330 2.8MHz P4 with 1Gb memory under XP Pro SP2, the other a 2007 "local" Sempron 2800+ with 512 Kb memory under XP Home SP2. My safety programs are avast!, IObit's AWC2, CCleaner, Spybot S&D, AdAware 2007 and RegHealer, all in their latest editions. I run Statbar on all my computers to monitor CPU and memory. I keep my computers up-to-date.
I first installed V3 on the Sempron computer (my hobby computer), because a problem there is not as bad as on the other one (standard procedure with new programs). Installation went perfect. I had a feeling that V3 was safe. Defence+ seemed to be a mighty companion.
Until I installed V3 on the HP. Everything described in this part of the forum happened: 100% CPU, frozen programs, etc. I could hardly do anything, even the monitor seemed frozen over. So MSConfig etc. was no real option.
After 3 hours of trying to find out what caused it, I came no further than probably avast! or Spybot S&D (especially tea-timer). I took no chances, restarted XP in safe mode, removed V3, and re-installed V2.
I am VERY curious to learn what the cause is (so not avast! only!!!) and what I'll have to do to get V3 installed properly.
I'll be looking here for answers regularly.              (:HUG)

Offline AnotherOne

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 716
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #56 on: November 24, 2007, 11:34:59 PM »
Hi Yoss - I would bet that the trouble comes from TeaTimer.  Both it and CFP monitor processes and registry modifications, so they will be tripping over each other all the time.
What do you mean, my shoes are on the wrong feet???  These are the only feet I've got!

Offline smyers

  • Newbie
  • *
  • Posts: 1
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #57 on: November 25, 2007, 10:30:34 AM »
I know what setting that is causing 100% CPU usage!



Uncheck "protected registry keys" and D+ wont use 100% CPU anymore! (atleast not on my system)

The way I found this: Unchecked everything, and checked them, one by one. The one causing the 100% CPU load is Protected registry keys!

Can anyone else confirm this?


Perfect!  Thank you!  I have been fighting with a crippled computer after installing v3 and now, thanks to this tip, have a usable computer again. 

 (:NRD)

Whoops!  I spoke too soon... the problem returned (i.e., agent using near 100% of CPU), so I tried disabling Defense+ next.  That didn't help either.  I ended up uninstalling CFP v3 and re-installing v2.4 and I can use my computer again.  Too bad.  I look forward to trying v3 again; once repairs have been made.
« Last Edit: November 26, 2007, 08:07:08 AM by smyers »

Offline Throttle

  • Newbie
  • *
  • Posts: 1
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #58 on: November 25, 2007, 12:23:50 PM »
I had the 100% resource occupation problem, but with an original UXTHEME.DLL file. I followed egemen's instruction, but it didn't work.
I tried disabling everything at startup using msconfig, and reenabling applications one by one. Doing so i was able to find the problem:
Code: [Select]
Logitech Desktop Messengerit's an application from Logitech ( :P ) to update mouse and keyboard's drivers.
I uninstalled the application and now everything seems fine.
Hope this may help someone :)

CYA  (V)

Offline Yoss

  • Newbie
  • *
  • Posts: 4
  • The Dutch Viking
Re: comodo firewall v3.0.13.268 x32 CMDAGENT.EXE 100% CPU Load
« Reply #59 on: November 25, 2007, 04:44:22 PM »
Re: Throttle

I think you have found the brat! The difference between my computers is indeed the Logitech software, which is present on my main computer, but not installed on the one I use for hobby purposes. I remember seeing that Defense+ had some trouble coping with it in its learning mode, but it escaped my attention at the moment.
As both avast! en Spybot S&D are installed on both computers, these could hardly have been the cause.
As many will have Logitech's software (comes with keyboards, mice, speakers and webcams) on their computers this might very well be the nail on its head.
Jolly good work, I hope Comodo's programmers will look into this.
I will wait with installing V3 until this problem has been sorted out.

Good work, Throttle!         (:CLP)
« Last Edit: November 25, 2007, 04:48:32 PM by Yoss »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek