Author Topic: Performance issue with HIPS enabled  (Read 2086 times)

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Performance issue with HIPS enabled
« on: June 19, 2019, 03:50:22 PM »
Hi.

I have noticed that CIS 12.0.0.6818 HIPS is causing the following issues:

- High Disk Usage quite regularly (sometimes around 20-30%)
- Stuttering when typing i.e. If I hold down a key in a text doc it will type around 10-20 characters then pause for a second, then continue to type
- Stuttering in game. When new data is loaded into the game the game freezes for about 1-2 seconds.

All of the above is resolved by turning off HIPS.

I have tried reinstalling CIS but this has not helped.

Please PM me with which logs and dumps you would like.

P.s. Apologies for posting this thread in the wrong forum. Please move this topic to the Defence+ Help Forum.

Thanks.

Reece

« Last Edit: June 21, 2019, 06:05:09 PM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2604
  • Security Saskquatch
Re: Performance issue with HIPS enabled
« Reply #1 on: June 19, 2019, 06:06:00 PM »
Try uninstalling ISE, Secure shopping and using your ISP's DNS instead of Comodo servers. I was having some game issues and removed those myself and notice a noticeable performance increase and no longer the lag issue.

Probably an idea to try it one by one and see what works for you. I don't use Comodo DNS as my ISP utilizes IPv6 and it's more stable.

Eric

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: Performance issue with HIPS enabled
« Reply #2 on: June 19, 2019, 06:17:24 PM »
Can you check resource monitor disk tab to identify the process using the most disk and what file it is accessing. I'm guessing it is the excessive writing to the cis log file. Also check HIPS logs to see if there are many blocked events being logged.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #3 on: June 19, 2019, 07:37:52 PM »
I have just reinstalled ISE and I don't use Comodo's DNS anyway actually.

So.. yup.. as soon as I launch Steam cmdagent.exe >  COMODO Internet Security Helper Service starts using 20 - 30% HDD and won't stop doing so until I close Steam.

According to Resource Monitor, cmdagent.exe is mostly writing to

'C:\ProgramData\Comodo\Cis\lmdb\cmddata'
as well as
'C:\ProgramData\Comodo\Firewall Pro\cislogs.sdb-journal'



According to CIS Logs, HIPS is continuously blocking steam.exe from accessing cis.exe memory.



[Edit] The 'System' process is also mostly accessing the 'cmddata' file also.

I am guessing 'cmddata' is the Log file CIS uses then?

I don't really want to allow any application to access the memory of CIS.. but I am guessing that this is the only way to prevent the log entries?
« Last Edit: June 19, 2019, 07:47:10 PM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: Performance issue with HIPS enabled
« Reply #4 on: June 19, 2019, 08:34:04 PM »
cmddata is the information database that stores information about files, vendors, certificates, etc. cislogs is where the logged events are stored. With steam it is either the known issue with 32-bit applications being incorrectly being monitored of accessing other processes in memory, or steam really is trying to access cis in memory as part of the anti-cheat that some games use. So you either have to add steam to protection exclusion of inter-process memory access of CIS HIPS rule, or you can disable writing to the comodo log format and use windows event log instead.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #5 on: June 19, 2019, 09:32:20 PM »
I have tried the Windows Logs instead but unfortunately the Disk usage was the same.

What I found was interesting.

- Creating new HIPS rule for steam.exe via 'Blocked Applications > Unblock for All Components As Shown in Blocked Column [HIPS]'

Results in normal like Disk usage, but continues to show in 'Comodo Logs > HIPS'

- Adding steam.exe to 'HIPS Rules > 'COMODO Internet Security' File Group > Protection Settings > Exclusions > Interprocess Memory Accesses'

Results in high Disk usage, but does not show in 'Comodo Logs > HIPS'

The only way to both reduce Disk usage AND prevent entries into the Comodo Logs is to do both.

Would you happen to know why that is?
« Last Edit: June 19, 2019, 10:05:30 PM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25611
Re: Performance issue with HIPS enabled
« Reply #6 on: June 20, 2019, 11:44:09 AM »
I have tried the Windows Logs instead but unfortunately the Disk usage was the same.

What I found was interesting.

- Creating new HIPS rule for steam.exe via 'Blocked Applications > Unblock for All Components As Shown in Blocked Column [HIPS]'

Results in normal like Disk usage, but continues to show in 'Comodo Logs > HIPS'
Can you show a screenshot of disk usage in Resource Monitor (Event Viewer)?
« Last Edit: June 20, 2019, 02:45:52 PM by EricJH »

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #7 on: June 20, 2019, 12:29:24 PM »
Do you mean Task Manager?

Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25611
Re: Performance issue with HIPS enabled
« Reply #8 on: June 20, 2019, 02:46:24 PM »
Sorry, I meant Resource Monitor.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #9 on: June 20, 2019, 02:50:05 PM »
Ah, you should be able to see it from the screen shot a few posts up.

[Edit] I would also like to add that I have noticed a substantial increase in the amount of processes that seem to be being blocked by HIPS. I assume this is part of the issue with 32-bit applications .

I have noticed that many process launched by steam including all games tested are also apparently try to access cis.exe memory. I am therefore assuming that this may not be anti-cheat and may actually be related to the 32 bit application issue.

I have upgraded to Windows 10 1903 so it would make sense.

I have also emailed Valve to enquire if Steam is in fact scanning processes in memory.
« Last Edit: June 20, 2019, 05:03:29 PM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4380
Re: Performance issue with HIPS enabled
« Reply #10 on: June 20, 2019, 05:10:40 PM »
Pretty much every game through steam is 32-bit so it is the known issue with false memory access on 1903 with 32-bit applications. cmddata also saves information about blocked applications and the quarantine, so anytime an application gets added to the blocked application list or is added to quarantine, then it is reflected in the database. Specifically the last blocked date and time will dynamically be updated in the database.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #11 on: June 20, 2019, 06:15:42 PM »
Thanks for clearing that up futuretech  :)

I will relay the info to Valve as the false alerts had me thinking steam was trying to access CIS memory.
« Last Edit: June 20, 2019, 06:34:34 PM by ReeceN »
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #12 on: June 21, 2019, 06:39:31 PM »
I would also like to add the following bug.

Even though I create:
- A new HIPS rule for the blocked file
- A new Memory Protection exception for the 'COMODO Internet Security' File Group for the blocked file

This does not resolve all of the system usage issues caused by HIPS when running these 32bit applications.

I have noticed even with the above rules added, there is still stuttering in game (although far much less of it).

Furthermore nothing new is shown in the Comodo Log.

Once HIPS is disabled, the game will run fine.
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25611
Re: Performance issue with HIPS enabled
« Reply #13 on: June 21, 2019, 10:00:25 PM »
Can you check how big cmddate is on disk and to what size it is set in Settings?

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 288
  • Paranoid B#st#rd - CIA
Re: Performance issue with HIPS enabled
« Reply #14 on: June 21, 2019, 10:17:16 PM »
cmdata file is 829 MB and the Comodo Log size is set to 20 MB in the settings.
Some Comodo wallpapers by me
Wonders what John McAfee will do next.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek