[3.5.57173.439 X32] Remembering a rule with large rule set gets very slow

* CPU (32 bit or 64 bit)
Intel Core 2 Duo E8400 (32 bit)
* Operating System information (including Service Pack Version)
Windows XP SP3 Dutch
* Actively-running security and utility applications (Optional if you post a Comodo Firewall Pro Configuration Report)
Avast! Home Edition, but the problem also appeas with AVG Free (which I have installed earlier).
* Specific symptoms of the bug, and steps you can take to reproduce it (step by step).
If I install CIS for the first time, it works as expected: if an unknown action is performed by an application, I have to block or allow it (and choose if I want to remember this action). After clicking ‘Apply’, the rule is stored.
However, over time, my rule set gets larger and CIS gets less responsive. Now, if I check ‘remember rule’ and click ‘Apply’, I have to wait about 30 seconds before the program continues. If I do not check ‘remember’, no delay is noticed.
* Specific steps you have taken to try to resolve it.
No steps. I have installed a new version of CPF/CIS every now and then, and with an empty/small rule set, I do not notice the problem
* Brief description of your Defense+ and Firewall+ mode (Custom, Train with safe) plus mention if you modified any setting in ADVANCED section of D+ and F+ (Optional if you post a Comodo Firewall Pro Configuration Report)
D+: Safe Mode
Firewall: Safe ModeL
Anti-Virus: Not installed
* If you pc reboots or you have a BSOD post in BSODs: Please add your minidump files here
* Report if you are using an Administrator account Or a Limited User account. Vista users please Report if you have UAC Disabled or Enabled (Optional if you post a Comodo Firewall Pro Configuration Report)
Administrator account

Hi ernstblaauw

If you know how to use RegEdit, could you gather the actual number of Firewall & Defense+ policies (rules) that you have? This might prove very useful to Comodo & for other users attempting to verify/confirm your bug report.

CIS’s registry key is at the following location…

HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations

Under this location you should find your configurations represented by numbered folders (0, 1, 2, etc…). Within each configuration folder you should find, amongst other things, the “Firewall” & “HIPS” (Defense+) folders. Each folder has a sub-folder called “Policy” and, fortunately, CIS uses the same numbering system (0, 1, 2) for each rule (Policy). So, you should be able to quickly find the actual rule counts fairly easily once there.

Example Defense+ rules location…

HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\4\HIPS\Policy

The firewall has 71 rules, D+ has 214 rules. Is this more than usual?

I honestly have no idea. Although, what you have doesn’t sound like a terribly large amount to me.

I have 50 Firewall & 164 Defense+ rules (policies).

Let’s see if others can post their rule numbers as well. Perhaps that will give us a better indication.

The above numbers are my XP system. But, I also have CIS on a Vista system…

72 Firewall & 299 Defense+ rules (policies). A few more than yourself.

[i]edit: A difference between us is the modes we run CIS under. I run the Firewall in Custom Policy Mode & Defense+ in Clean PC Mode. Not sure how this could impact the speed at the moment.

edit2: I guess another possibility is Registry and/or Disk fragmentation. How is your system in these regards?

I almost never do defragmentation (I will run jkdefrag to look if it improves performance). How can I defrag my registry?
This bug (I’m not sure if it is. maybe it is by design) has been appearing since I have been using CPF (the fist version I installed was 2.3 or 2.4). I assumed the amount of rules would just slow down CPF.
So, to be clear: you do not experience any delay after applying/blocking a rule (with remembering checked)?

[at] kail

With XP I’ve 51 Firewall and 233 Defense+ atm.
Mode is Internet Security.
And answer Defense+ is sloow.

Registry defragmentation? There are utilities… but, I’ve usually found a good disk full defragging yields much better results than anything else, especially when it has not been done for a long time.

Slow down bugs on remembering & accessing rules? Going way back, yes I do remember bugs that have impacted CPF/CFP in this manner. But, I’m not aware of any in CIS 3.5. However, based on Thunderbear’s post… you’re obviously not alone. Note the double “oo” in slow. ;D Unfortunately, me not noticing slow downs on my Vista system may not mean much at those rule volumes… it has a fair amount of power available. So, let’s see if we get any more rule number posts & if the disk defragmentation does any good. Do you have Process Explorer? It might be interesting to monitor what is going on at the time of rule creation/alteration (remembering).

[at-bypass]Thunderbear, how’s your disk fragmenatation? Know Process Explorer? :slight_smile:

[at] kail

My diskdefrag is very good thanks (but not in my old head :slight_smile: ), I run it (O&O) very often. Also regdefrag runs once in a week.
Oh yes, of course I have Process Explore in my arsenal and many other good tools :slight_smile:

And about slooow response, an (now) old post from me here, but it’s still the same about Defense:

This is normal once the d+ or fw policies become larger. This is a design issue in which CIS always rewrites the whole CIS d+ or firewall policy config in the registry when updating policy configs. the developers are aware of this. :slight_smile:

Ah, yes. I know exactly want you mean… brain fragmentation. :slight_smile:

Interesting… the wish that turned into a bug & yet remained a wish. :slight_smile:

[at-bypass]FaZio93, thanks for letting us know this is registered as a bug already. :-TU

For me, this bug is really a showstopper: I cannot accept this program slows down my PC so much if I want to start a new application. I do think this bug is a reason for a lot of people to stop using Comodo after a couple of weeks.

I just did a quick on test on this (version 3.5.57173.439). On encountering a new program & being asked to remember a couple of events for it, CIS did not seem to update or even read all the rules as stated. Total registry actions recorded by RegMon for CIS was 199, the majority were reads (Query this&that, open & close keys, etc…) & only a few creates.

I suggest someone else should try to confirm or deny this, thanks.

I find it slow when updating the defence+ policy when it appears to save everything but OK when answering alerts. Running on Vista.

So, I guess the comparing of the current and new configurations is what takes so long when applying changes/remembering alerts?

If by “configurations” you mean CIS Configurations, then I don’t believe so. I don’t think there was sufficient registry access for any comparisons of the Configurations.

In addition, RegMod creates a time stamp of registry operations… there were no significant delays in any registry operations.

I guess I’m misunderstanding this. You said the majority of the 199 registry actions were reads. So CIS is mainly reading its keys in the location of the CIS config?

I see. No, by read I mean things like; OpenKey, CloseKey, QueryValue, EnumerateKey, etc… Read operations, but not reading individual lines out of the registry. Thus, 199 operations is just simple not enough to read all the Configurations. In addition, there were no time delays during any registry operation & whole lot covered less than 3 seconds (including my reaction times).

Thanks for the explanation. Well, I guess it is a bug then.

Older thread on same issue: https://forums.comodo.com/bug_reports/performance_issue_when_remembering_answer_from_def_alerts_v3018_25_x32-t21315.0.html

Same advice still applies: if this issue bothers you enough, you can use v3.0.14.276, which does not suffer from this problem. I still use v3.0.14.276 for this very reason.